This Handler is able to check an OAuth2 access token to retrieve the user real session and protect a virtual host like a standard Handler (access control and HTTP headers transmission).
This requires to get an OAuth2 access token trough LL::NG Portal (OpenID Connect server). This access token can then be used in the Authorization
header to authenticate to the Web Service / API protected by the OAuth2 Handler.
Example:
curl -H "Authorization: Bearer de853461341e88e9def8fcb9db2a81c4" https://oauth2.example.com/api/test | json_pp
{ check: true, user: "dwho" }
Protect you virtual host like any other virtual host with the standard Handler.
Define access rules and headers. Then in Options
> Type
, choose OAuth2
.