Portico/Z v0.1.0

ZWeb.Plugs.QueryTokenAuthentication (Portico/Z v0.1.0)

Handle request query token authentication.

We typically use this in cases where we want a "login" for internal users without necessarily creating the concept of "users" in Z.

For example: /api/flat/contacts/search?token=MYTOKEN

Token format and validation is handled by ZWeb.Plugs.APIAuthentication.is_valid?/1

This plug is typically just invoked in a pipeline in ZWeb.Router.

Partners

You can optionally invoke this plug with specific "partners" that apply. For example, you might want to only allow a particular controller access for the "admin" partner token:

plug ZWeb.Plugs.QueryTokenAuthentication, partners: ["admin"]

More Information

For more information, see the guide to credentials and secrets in Z

Link to this section Summary

Functions

call(conn, action)

Ensure the given connection has a valid API authentication token in the query parameters.

Link to this section Functions

Link to this function

call(conn, action)

Ensure the given connection has a valid API authentication token in the query parameters.

The API token should be passed like this:

https://z.explo.org/yer_endpoint?token=YERTOKEN