barrel_mcp_auth_basic (barrel_mcp v2.0.2)
View SourceBasic HTTP authentication provider for barrel_mcp.
Implements HTTP Basic Authentication (RFC 7617). Suitable for simple deployments, development, or when using TLS.
Configuration Options
credentials- Map of username to password or auth infoverifier- Custom verification functionrealm- Realm for WWW-Authenticate headerhash_passwords- If true, stored passwords are SHA256 hashes
See also: barrel_mcp_auth.
Summary
Functions
Authenticate a request using Basic auth.
Generate WWW-Authenticate challenge.
Hash a password using the default modern algorithm (PBKDF2-SHA256). Use hash_password/2 to choose explicitly.
Hash a password using the chosen algorithm.
Initialize the Basic auth provider.
Verify a plaintext Password against a Stored hash. Accepts both the modern pbkdf2-sha256$... format and legacy hex SHA-256 digests (the latter for one release, with a logger warning on match). Returns ok or {error, invalid_credentials}.
Functions
-spec authenticate(map(), map()) -> {ok, barrel_mcp_auth:auth_info()} | {error, barrel_mcp_auth:auth_error()}.
Authenticate a request using Basic auth.
-spec challenge(barrel_mcp_auth:auth_error(), map()) -> {integer(), map(), binary()}.
Generate WWW-Authenticate challenge.
Hash a password using the default modern algorithm (PBKDF2-SHA256). Use hash_password/2 to choose explicitly.
Hash a password using the chosen algorithm.
Opts may contain:
algorithm—pbkdf2-sha256(default) orsha256-hex(deprecated; kept for migration only).iterations— PBKDF2 iteration count (default 100000).
Stored format for the modern hash: pbkdf2-sha256$<iters>$<base64(salt)>$<base64(hash)>.
Initialize the Basic auth provider.
-spec verify_password(Password :: binary(), Stored :: binary()) -> ok | {error, invalid_credentials}.
Verify a plaintext Password against a Stored hash. Accepts both the modern pbkdf2-sha256$... format and legacy hex SHA-256 digests (the latter for one release, with a logger warning on match). Returns ok or {error, invalid_credentials}.