Guardian.Plug.VerifyHeader (Guardian v2.2.4) View Source

Looks for and validates a token found in the Authorization header.

In the case where either:

  1. A token is already found for :key
  2. No token is found in the Authorization header.

This plug will not do anything.

This, like all other Guardian plugs, requires a Guardian pipeline to be setup. It requires an implementation module, an error handler and a key.

These can be set either:

  1. Upstream on the connection with plug Guardian.Pipeline
  2. Upstream on the connection with Guardian.Pipeline.{put_module, put_error_handler, put_key}
  3. Inline with an option of :module, :error_handler, :key

If a token is found but is invalid, the error handler will be called with auth_error(conn, {:invalid_token, reason}, opts)

Once a token has been found it will be decoded, the token and claims will be put onto the connection.

They will be available using Guardian.Plug.current_claims/2 and Guardian.Plug.current_token/2

Options:

  • claims - The literal claims to check to ensure that a token is valid
  • max_age - If the token has an "auth_time" claim, check it is not older than the maximum age.
  • header_name - The name of the header to search for a token. Defaults to authorization.
  • scheme - The prefix for the token in the header. Defaults to Bearer. :none will not use a prefix.
  • key - The location to store the information in the connection. Defaults to: default
  • halt - Whether to halt the connection in case of error. Defaults to true.
  • :refresh_from_cookie - Looks for and validates a token found in the request cookies. (default false)

Refresh from cookie option

  • :key - The location of the token (default :default)
  • :exchange_from - The type of the cookie (default "refresh")
  • :exchange_to - The type of token to provide. Defaults to the implementation modules default_type
  • :ttl - The time to live of the exchanged token. Defaults to configured values.
  • :halt - Whether to halt the connection in case of error. Defaults to true

Example

# setup the upstream pipeline

plug Guardian.Plug.VerifyHeader, claims: %{typ: "access"}

This will check the authorization header for a token

Authorization: Bearer <token>

This token will be placed into the connection depending on the key and can be accessed with Guardian.Plug.current_token and Guardian.Plug.current_claims.

OR

MyApp.ImplementationModule.current_token and MyApp.ImplementationModule.current_claims.