/ 
Plack-Middleware-Validate_Google_IAP_JWT-0.04
/ Plack::Middleware::Validate_Google_IAP_JWT

NAME

Plack::Middleware::Validate_Google_IAP_JWT - Validate JWT from Google IAP

SYNOPSIS

use Plack::Builder;

my $app = sub {
  my $env = shift;
  return [200, [], ["Validated email: ", $env->{"psgix.goog_iap_jwt_email"}]]
};

builder {
  enable "Validate_Google_IAP_JWT", want_hd => "example.com"
    , guest_subpath => "/guest/";
  $app;
};

DESCRIPTION

Plack::Middleware::Validate_Google_IAP_JWT is a Plack middleware that validates JWT from Google Cloud Identity-Aware Proxy(IAP). Although Cloud IAP rejects unauthorized access from public networks, internal processes on the same network can still spoof the identity. To protect against such security risks, Cloud IAP provides a special HTTP header, 'x-goog-iap-jwt-assertion', which carries JWT containing the email address of the authenticated end user. This middleware protects Plack apps by validating the JWT.

CONFIGURATION

want_hd

Expected hosted domain. See https://cloud.google.com/iap/docs/signed-headers-howto#verifying_the_jwt_payload.

guest_subpath

If set, allows guest access for this subpath.

METHODS

fetch_iap_public_key

Fetch https://www.gstatic.com/iap/verify/public_key-jwk and returns decoded json.

LICENSE

Copyright (C) Kobayasi, Hiroaki.

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

AUTHOR

Kobayasi, Hiroaki <buribullet@gmail.com>