Guardian v2.1.1 Guardian.Plug.VerifyHeader View Source
Looks for and validates a token found in the Authorization
header.
In the case where:
- The session is not loaded
- A token is already found for
:key
This plug will not do anything.
This, like all other Guardian plugs, requires a Guardian pipeline to be setup. It requires an implementation module, an error handler and a key.
These can be set either:
- Upstream on the connection with
plug Guardian.Pipeline
- Upstream on the connection with
Guardian.Pipeline.{put_module, put_error_handler, put_key}
- Inline with an option of
:module
,:error_handler
,:key
If a token is found but is invalid, the error handler will be called with
auth_error(conn, {:invalid_token, reason}, opts)
Once a token has been found it will be decoded, the token and claims will be put onto the connection.
They will be available using Guardian.Plug.current_claims/2
and Guardian.Plug.current_token/2
Options:
claims
- The literal claims to check to ensure that a token is validmax_age
- If the token has an "auth_time" claim, check it is not older than the maximum age.header_name
- The name of the header to search for a token. Defaults toauthorization
.realm
- The prefix for the token in the header. Defaults toBearer
.:none
will not use a prefix.key
- The location to store the information in the connection. Defaults to:default
halt
- Whether to halt the connection in case of error. Defaults totrue
.
Example
# setup the upstream pipeline
plug Guardian.Plug.VerifyHeader, claims: %{typ: "access"}
This will check the authorization header for a token
Authorization: Bearer <token>
This token will be placed into the connection depending on the key and can be accessed with
Guardian.Plug.current_token
and Guardian.Plug.current_claims
OR
MyApp.ImplementationModule.current_token
and MyApp.ImplementationModule.current_claims