BtrzAuth v0.9.0 BtrzAuth.Plug.VerifyApiKey View Source
Looks for and validates a token found in the x-api-key
header requesting the accounts service to verify the token and saving the resource in conn.private[:application]
.
This, like all other Guardian plugs, requires a Guardian pipeline to be setup.
It requires an error handler as error_handler
.
These can be set either:
- Upstream on the connection with
plug Guardian.Pipeline
- Upstream on the connection with
Guardian.Pipeline.{put_module, put_error_handler, put_key}
- Inline with an option of
:module
,:error_handler
,:key
If a token is found but is invalid, the error handler will be called with
auth_error(conn, {:api_key_not_found, reason}, opts)
Once a token has been found, it will be matched against the database using the configured collection and property,
if not found, the error handler will be called with
auth_error(conn, {:account_not_found, reason}, opts)
Options:
search_in
- atom. The places to look for the x-api-key (:header
,:query
or:all
). Defaults to::all
allow_blank
- boolean. If set to true, will try to load a resource once the x-api-key is found, but will not fail if no resource is found. Defaults: false
Example
# default search and verify in all (header and query string)
plug BtrzAuth.Plug.VerifyApiKey
# search only in header
plug BtrzAuth.Plug.VerifyApiKey, search_in: :header
Link to this section Summary
Link to this section Functions
Link to this function
call(conn, opts)
View Source
call(Plug.Conn.t(), Keyword.t()) :: Plug.Conn.t()