Apache > HTTP Server > Documentation > Version 2.5 > Modules

Apache Module mod_autht_core

Available Languages:  en  |  fr 

Description:Core Token Handling
Module Identifier:autht_core_module
Source File:mod_autht_core.c
Compatibility:Available in Apache 2.5 and later


This module provides core token handling capabilities to allow or deny access to portions of the web site. mod_autht_core provides directives that are common to all token providers.



Bugfix checklist

See also


Creating Token Provider Aliases

Extended token providers can be created within the configuration file and assigned an alias name. The alias providers can then be referenced through the AuthBearerProvider directive in the same way as a base token provider. Besides the ability to create and alias an extended provider, it also allows the same extended token provider to be reference by multiple locations.


This example checks for JWT token signatures in two different secret files.

Checking multiple sources for JWT tokens

# Check here first
<AuthtProviderAlias jwt jwt1>
    AuthtJwtVerify hs256 file "/www/conf/realm1.secret"

# Then check here
<AuthtProviderAlias jwt jwt2>
    AuthtJwtVerify hs256 file "/www/conf/realm2.secret"

<Directory "/var/web/pages/secure">
    AuthBearerProvider jwt1 jwt2

    AuthType Basic
    AuthName "Protected Area"
    Require valid-user

<AuthtProviderAlias> Directive

Description:Enclose a group of directives that represent an extension of a base token provider and referenced by the specified alias
Syntax:<AuthtProviderAlias baseProvider Alias> ... </AuthtProviderAlias>
Context:server config

<AuthtProviderAlias> and </AuthtProviderAlias> are used to enclose a group of authentication directives that can be referenced by the alias name using the AuthBearerProvider.

This directive has no affect on authentication or authorization, even for modules that provide both authentication and authorization in addition to token handling.

Available Languages:  en  |  fr 



This is not a Q&A section. Comments placed here should be pointed towards suggestions on improving the documentation or server, and may be removed by our moderators if they are either implemented or considered invalid/off-topic. Questions on how to manage the Apache HTTP Server should be directed at either our IRC channel, #httpd, on Libera.chat, or sent to our mailing lists.