Mojolicious::Plugin::PlugAuthLite - Add a minimal PlugAuth server to your Mojolicious application.


version 0.38


 use Mojolicious::Lite
 plugin 'plug_auth_lite', 
   auth => sub {
     my($user, $pass) = @_;
     if($user eq 'optimus' && $pass eq 'matrix')
     { return 1; }
     { return 0; }
   authz => sub {
     my($user, $action, $resource) = @_;
     if($user eq 'optimus && $action eq 'open' && $resource =~ m{^/matrix})
     { return 1 }
     { return 0 }


This plugin provides a very minimal but customizable PlugAuth server which can be included with your Mojolicious application for Clustericious applications to authenticate against. If you do not need specialized plugins for LDAP or DBI, and if you do not need the user/group/resource management provided by a the full featured PlugAuth server then this plugin may be for you.

The script plugauthlite included with this distribution provides PlugAuth style authentication (but not authorization) using a simple Apache style password file.



Subroutine which checks the authentication of a user. It is passed two arguments, the username and the password. If they are authentic this call back should return 1. Otherwise it should return 0.


Subroutine which checks the authorization of a user. It is passwd three arguments, the username, action (usually a verb) and resource (usually the path part of a URL). If the user is authorized for the action on that resource the call back should return 1. Otherwise it should return 0.


The prefix to prepend to the standard PlugAuth API routes. Usually the authentication route is /auth and the authorization route is /authz, but if the PlugAuth.conf client configuration is set to the client expects the authentication route to be /foo/auth and the authorization route to be /foo/authz. In this case you would set this configuration item to '/foo'.


The realm to use for HTTP Basic authentication. The default is PlugAuthLite.


GET /auth

  • if username and password provided using BASIC authentication and are correct

    Return 200 ok

  • if username and password provided using BASIC authentication but are not correct

    Return 403 not ok

  • if username and password are not provided using BASIC authentication

    Return 401 please authenticate

GET /authz/user/#user/#action/(*resource)

  • if the given user (#user) is permitted to perform the given action (#action) on the given resource (*resource)

    Return 200 ok

  • otherwise

    return 403 not ok



This method adds the routes to your application required to implement the PlugAuth API.


This implementation of the PlugAuth protocol does not support these features provided by the full fledged PlugAuth server:

  • Groups

  • Management API for creating/removing/modifying users/groups/resources

  • Standard Clustericious routes like "/version" and "/status"

  • Clustericious configuration file (~/etc/PlugAuth.conf)

  • Support for PlugAuth plugins (PlugAuth::Plugin).

  • Probably many others.


plugauthlite, PlugAuth::Lite, PlugAuth


Graham Ollis <>


This software is copyright (c) 2013 by Graham Ollis.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.