search

ueberauth / guardian

Elixir Authentication
MIT License
3.43k stars 382 forks source link

Allow ability to verify token in custom header location #597

Closed vaer-k closed 5 years ago

vaer-k commented 5 years ago

Currently, tokens can only be verified under the "authorization" header, and only the "realm" can be customized with options on the plug. This change will allow users to verify tokens in headers other than those found in the "authorization" field, like so:

plug Guardian.Plug.VerifyHeader,
  header_name: "x-access-token",
  realm: :none,
  claims: %{"typ" => "access"}
codecov-io commented 5 years ago

Codecov Report

Merging #597 into master will increase coverage by 0.03%. The diff coverage is 100%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #597      +/-   ##
==========================================
+ Coverage   86.12%   86.15%   +0.03%     
==========================================
  Files          21       21              
  Lines         418      419       +1     
==========================================
+ Hits          360      361       +1     
  Misses         58       58
Impacted Files Coverage Δ
lib/guardian/plug/verify_header.ex 70.83% <100%> (+1.26%) :arrow_up:

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update b8d3ea2...514cf74. Read the comment docs.

yordis commented 5 years ago

@vaer-k could you add some documentation about this as well?

vaer-k commented 5 years ago

@vaer-k could you add some documentation about this as well?

Of course; happy to.

yordis commented 5 years ago

@vaer-k also I forgot, can you add an entry to CHANGELOG.md describing the change for the incoming releases, please.

vaer-k commented 5 years ago

@yordis What version number should this go under?

yordis commented 5 years ago

@vaer-k put it at the top since we didn't create a release for

vaer-k commented 5 years ago

@yordis OK, all set.

yordis commented 5 years ago

@vaer-k I am sorry I meant before line 1 like the first line since this doesn't belong to that release, sorry for the confusion.

vaer-k commented 5 years ago

@yordis No worries, I'm just not clear what version is current so it's not clear whether 1.1 is released yet or not. Anyway thanks for your guidance. I've placed this update on the top of the file with no version header above it, so that you can add that line when you release whatever version is next. I hope that's what you wanted?