Reputation: 497
Elixir Guardian custom header verification instead of Authorization
I have two tokens coming to my Endpoint method. one with inside the key of Authorization and another one inside App-token but couldn't find any docs/support or anything to workaround this. what is the possible workaround to validate/verify both tokens
I see this option
plug(Guardian.Plug.VerifyHeader, claims: %{"typ" => "access"}, realm: "Bearer") for realm but not of custom header name
Thanks
Upvotes: 2
Views: 287
Answers (1)
Reputation: 11743
A recent PR for an upcoming Guardian release (post 1.1.0) will allow you to support token verification on any header. A custom header can be verified by plugging Guardian.Plug.VerifyHeader like so:
plug Guardian.Plug.VerifyHeader,
header_name: CUSTOM_HEADER_NAME,
realm: :none,
claims: %{"typ" => "access"}
where CUSTOM_HEADER_NAME is the name of the header to search within, which in your specific case is "App-token".
Other tokens found within the Authorization header and with a default "realm" can leave out the header_name option, like so:
plug Guardian.Plug.VerifyHeader, claims: %{"typ" => "access"}
Upvotes: 1
Related Questions
- Guardian - exclude routes from needing authentication
- Elixir - Dynamically setting request headers for stripity_stripe library
- Validating headers for specific endpoints with Plug
- HTTPoison doesn't accept this custom header
- AWS API Gateway: Add header if response is Unauthorized
- Checking if user is authenticated in Phoenix templates
- HTTPoison to make a post request with Authorization in header.
- Header-based authentication for REST API in Phoenix
- Custom Authorization Header
- Custom HTTP Authorization Header