Token handling
file: code/Validad::Tools::Plack::Middleware::ExtractToken 34: sub found_bearer_token { 35: my ( $self, $env ) = @_; 36: 37: my $auth_header = $env->{HTTP_AUTHORIZATION}; 38: return unless $auth_header; 39: my ( $type, $token ) = split( /\s+/, $auth_header, 2 ); 40: 41: if ( $type && lc($type) eq 'bearer' && $token ) { 42: my $unsave_claims = inspect_jwt($token); 43: 44: my $client = $self->get_client( $unsave_claims->{aud} ); 45: my $claims = decode_jwt( $token, $client->{secret} ); 46: $env->{'psgix.token.token'} = $token; 47: $env->{'psgix.token.claims'} = $claims; 48: $self->add_client_to_psgix( $env, $client ); 49: return 1; 50: } 51: return 0; 52: }
inspect the token (without checking the signature - dangerous!)