Enhancement: Show how to perform basic auth

[paul42]

I apologize, but I'm having a hard time finding out how to properly build a basic auth handler - I have a file pointed at with x-authorize, and it loads that file, but I don't quite understand the underlying mechanic that I should build - I have the x-ssl-client-common-name in the header, and I'm trying to validate against that.

//in swagger json
clientcert: {
    type: 'basic',
    description: 'Authenticate clients with a client certificate',
    'x-authorize': './clientcert-auth-handler'
}

//inside clientcert-auth-handler'
var sslClientCn = _.get(req.headers, 'x-ssl-client-cn');
var subjectName = sslClientCn;
      if(_.contains(value.subjectNames, subjectName) ){
        req.authenticated = true;
        return next();
      }

and that works when the headers are set correctly, but I don't know how to build this handler to behave when it should return a 401 instead - do I have it return an error on next? should I just have it return without calling next? I'm not certain the desired path - most examples just show oauth2 examples or are empty so I'm not fully understanding.

Thanks in advance, -Paul

[tlivings]

If you handler invokes next() then it passes, if it is next(error) then it does not.

An example of this can be seen in the test fixture: https://github.com/krakenjs/swaggerize-express/blob/master/test/fixtures/security/auth_default.js

I will take a note to provide better docs here.