NAME
Plack::Middleware::Auth::Digest - Digest authentication
SYNOPSIS
enable "Auth::Digest", realm => "Secured", secret => "blahblahblah",
authenticator => sub {
my ($username, $env) = @_;
return $password; # for $username
};
# Or return MD5 hash of "$username:$realm:$password"
enable "Auth::Digest", realm => "Secured", secret => "blahblahblah",
password_hashed => 1,
authenticator => sub { return $password_hashed };
DESCRIPTION
Plack::Middleware::Auth::Digest is a Plack middleware component that
enables Digest authentication. Your authenticator callback is called
using two parameters: a username as a string and the PSGI $env hash.
Your callback should return a password, either as a raw password or a
hashed password.
CONFIGURATIONS
authenticator
A callback that takes a username and PSGI $env hash and returns a
password for the user, either in a plaintext password or a MD5 hash
of "username:realm:password" (quotes not included) when
password_hashed option is enabled.
password_hashed
A boolean (0 or 1) to indicate whether authenticator callback returns
passwords in a plaintext or hashed. Defaults to 0 (plaintext).
realm
A string to represent the realm. Defaults to restricted area.
secret
Server secret text string that is used to sign nonce. Required.
nonce_ttl
Time-to-live seconds to prevent replay attacks. Defaults to 60.
LIMITATIONS
This middleware expects that the application has a full access to the
headers sent by clients in PSGI environment. That is normally the case
with standalone Perl PSGI web servers such as Starman or
HTTP::Server::Simple::PSGI.
However, in a web server configuration where you can't achieve this
(i.e. using your application via Apache's mod_cgi), this middleware
does not work since your application can't know the value of
Authorization: header.
If you use Apache as a web server and CGI to run your PSGI application,
you can either a) compile Apache with
-DSECURITY_HOLE_PASS_AUTHORIZATION option, or b) use mod_rewrite to
pass the Authorization header to the application with the rewrite rule
like following.
RewriteEngine on
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
AUTHOR
Yuji Shimada <xaicron@cpan.org>
Tatsuhiko Miyagawa
COPYRIGHT
Yuji Shimada, Tatsuhiko Miyagawa 2010-
SEE ALSO
Plack::Middleware::Auth::Basic
LICENSE
This library is free software; you can redistribute it and/or modify it
under the same terms as Perl itself.