Portico/Z v0.1.0

ZWeb.Plugs.APIAuthentication (Portico/Z v0.1.0)

Handle API authentication system-wide.

API tokens are stored as "partner:token" pairs, comma-separated, in system environment. Requests are logged against the partner associated with the passed token (if valid).

Partners

You can optionally invoke this plug with specific "partners" that apply. For example, you might want to only allow a particular controller access for the "admin" partner token:

plug ZWeb.Plugs.APIAuthentication, partners: ["admin"]

More Information

For more information, see the guide to credentials and secrets in Z

Link to this section Summary

Functions

call(conn, action)

Ensure the given connection has a valid API authentication token in the header.

is_valid?(token, partners \\ ["all"])

Determine if a given API token is valid.

Link to this section Functions

Link to this function

call(conn, action)

Ensure the given connection has a valid API authentication token in the header.

The API token should be passed as an authorization header:

authorization: bearer TOKEN

Note that case matters on that header; don't capitalize even if that's what all of the web tutorials tell you to do.

Link to this function

is_valid?(token, partners \\ ["all"])

Specs

is_valid?(String.t(), [String.t()]) :: Keyword.t() | nil

Determine if a given API token is valid.

You can optionally pass a list of "partner" token names against which to validate. If you pass the list, only tokens that resolve with a partner will be considered valid.

Returns {"partner_name", "token"} if valid.

Returns nil if invalid.