ExFTP.Auth.BearerAuth (ExFTP v1.0.4)

When authenticator is ExFTP.Auth.BearerAuth, this authenticator will call out to an HTTP endpoint that implements Bearer Tokens with the user's supplied credentials.

⚙️ Configuration

Keys

authenticator == ExFTP.Auth.BearerAuth
authenticator_config :: ExFTP.Auth.BearerAuthConfig.t/0

Example

  %{
    # ... ,
    authenticator: ExFTP.Auth.BearerAuth,
    authenticator_config: %{
      login_url: "https://httpbin.dev/bearer",
      login_method: :post,
      authenticated_url: "https://httpbin.dev/bearer",
      authenticated_method: :post,
      authenticated_ttl_ms: 1000 * 60 * 60
    }
  }

👀 See Also

ExFTP.Authenticator

📖 Resources

📖 RFC 959 (section-4)
📖 RFC 3659
💬 Contact the maintainer (he's happy to help!)
- 👾 Github: camatcode
- 🐘 Fediverse: @scrum_log@maston.social

Summary

Functions

authenticated?(authenticator_state)

Determines whether this session is still considered authenticated

Requests a login using a Bearer Token

valid_user?(username)

Always returns true.

Functions

authenticated?(authenticator_state)

@spec authenticated?(authenticator_state :: ExFTP.Authenticator.authenticator_state()) ::
  boolean()

Determines whether this session is still considered authenticated

🏷️ Params

authenticator_state :: ExFTP.Authenticator.authenticator_state/0

🧑‍🍳 Workflow

Reads the authenticator_config.
If the config has authenticated_url,
- Calls it with a bearer token provided by the user in the headers
- If the response is HTTP 200, success. Otherwise, no longer authenticated.
If the config does not have authenticated_url,
- investigate the authenticator_state for authenticated: true

⤵️ Returns

✅ On Success

  `true` or `false`

💻 Examples

iex> alias ExFTP.Auth.BearerAuth
iex> Application.put_env(:ex_ftp, :authenticator, ExFTP.Auth.BearerAuth)
iex> Application.put_env(:ex_ftp, :authenticator_config, %{
iex>  login_url: "https://httpbin.dev/bearer",
iex>  authenticated_url: "https://httpbin.dev/bearer",
iex>  authenticated_method: :get,
iex> })
iex> BearerAuth.authenticated?(%{bearer_token: "my.bearer.token"})
true

👀 See Also

login(provided_token, authenticator_state)

@spec login(
  provided_token :: ExFTP.Authenticator.password(),
  authenticator_state :: ExFTP.Authenticator.authenticator_state()
) :: {:ok, ExFTP.Authenticator.authenticator_state()} | {:error, term()}

Requests a login using a Bearer Token

password :: ExFTP.Authenticator.password/0
authenticator_state :: ExFTP.Authenticator.authenticator_state/0

Reads the authenticator_config.
Receives a bearer token from the client (as a password)
Calls the login_url with the proper bearer token headers
If the response is HTTP 200, success. Otherwise, bad login.

✅ On Success

  {:ok, authenticator_state}

❌ On Failure

  {:error, bad_login}

iex> alias ExFTP.Auth.BearerAuth
iex> Application.put_env(:ex_ftp, :authenticator, ExFTP.Auth.BearerAuth)
iex> Application.put_env(:ex_ftp, :authenticator_config, %{
iex>  login_url: "https://httpbin.dev/bearer",
iex>  login_method: :post
iex> })
iex> {:ok, _} = BearerAuth.login("my.bearer.token" , %{})

valid_user?(username)

@spec valid_user?(username :: ExFTP.Authenticator.username()) :: boolean()

Always returns true.

No performance benefit

This method is normally used to short-circuit bad login requests. The performance gain in that short-circuit is negligible for this authenticator, so it's not used.