View Source BtrzAuth.Plug.VerifyApiKey (BtrzAuth v1.3.0)

Looks for and validates a token found in the x-api-key header requesting the accounts service to verify the token and saving the resource in conn.private[:account].

This, like all other Guardian plugs, requires a Guardian pipeline to be setup. It requires an error handler as error_handler.

These can be set either:

  1. Upstream on the connection with plug Guardian.Pipeline
  2. Upstream on the connection with Guardian.Pipeline.{put_module, put_error_handler, put_key}
  3. Inline with an option of :module, :error_handler, :key

If a token is found but is invalid, the error handler will be called with auth_error(conn, {:api_key_not_found, reason})

Once a token has been found, it will be matched against the database using the configured collection and property, if not found, the error handler will be called with auth_error(conn, {:account_not_found, reason})

Options:

  • search_in - atom. The places to look for the x-api-key (:header, :query or :all). Defaults to: :all
  • allow_blank - boolean. If set to true, will try to load a resource once the x-api-key is found, but will not fail if no resource is found. Defaults: false

Example


# default search and verify in all (header and query string)
plug BtrzAuth.Plug.VerifyApiKey
# search only in header
plug BtrzAuth.Plug.VerifyApiKey, search_in: :header

Summary

Functions