NAME MojoX::Authentication - [Put something meaningful here!] VERSION This document describes MojoX::Authentication version 0.001. SYNOPSIS use MojoX::Authentication; DESCRIPTION This module aims at being a batteries included facility for handling authentication in Mojolicious applications. More documentation will come, but the application in the eg sub-directory contains an example for using the three ways of authentication that are supported: local with in-memory hashes, local with database (SQLite), remote with SAML 2.0. INTERFACE app my $app = $ma->app; Retrieve the application object reference set at creation or later when calling "app_startup" (if you decide to use it). It is mandatory if "model" is missing. app_startup $ma->app_startup; # OR $ma->app_startup($app); Perform some startup over the application (either provided explicitly as $app, or retrieved via "app"), like adding and initializing plugin Mojolicious::Plugin::Authentication and setting a before_render hook to inject the user data in the stash, if present (see "user_stash_key" for the key used in the stash). ctr_credentials_login $ma->ctr_credentals_login($controller, $routes_for); # OR $ma->ctr_credentals_login($controller); Opinionated way of handling the login through credentials, practically acting as a wrapper around the $controller. Assumes that username and secret can be retrieved via param() with keys username and password respectively. The $routes_for, if present, is supposed to be a hash reference holding the routes to redirect the client for key ok (in case the interaction is successful) and key not_ok (otherwise). They default to protected_root and public_root respectively. ctr_logout $ma->ctr_logout($controller); Perform the logout. If the provider supports the logout method, this totally delegates to it; otherwise, it calls the logout method over the $controller. ctr_saml2_login $ma->ctr_saml2_login($controller, $route_for); Opinionated way of handling the login through credentials, practically acting as a wrapper around the $controller. This is the initial request where the user is then sent to the Identity Provider. The $routes_for works like for "ctr_credentials_login", except that in case of success the redirection URL will send the user to the Identity Provider. ctr_saml2_sso_post $ma->ctr_saml2_sso_post($controller, $route_for); Opinionated way of handling the login through credentials, practically acting as a wrapper around the $controller. This is the final request where the user comes back from the Identity Provider. The $routes_for works like for "ctr_credentials_login". model my $model = $ma->model; Accessor to the model, most probably an instance of MojoX::Authentication::Model. If it is not set at creation, it is expected that "app" is set and that it can be called like $app->model->authentication to retrieve the correct value for this member. new my $ma = MojoX::Authentication->new(%args); # OR my $ma = MojoX::Authentication->new(\%args); Constructor. Accepts initialization values for "app", "model", "saml2_provider_name", and "user_stash_key". saml2_provider_name my $string = $ma->saml2_provider_name; Accessor to the (default) provider name for SAML2 logins. This works under the assumption that there will only be one identity provider; otherwise you will have to do some more coding on your side. user_stash_key my $string = $ma->user_stash_key; Accessor to the key (a string) used to set the user in the stash, when available. Defaults to user, so in your templates you should be able to use the $user variable. See "app_startup" for its usage. BUGS AND LIMITATIONS Minimul perl version 5.24. AUTHOR Flavio Poletti COPYRIGHT AND LICENSE Copyright 2026 by Flavio Poletti Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.