Submit and verify client credentials using the 'Basic' HTTP authentication scheme.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
lib
test
.formatter.exs
.gitignore
LICENSE
README.md
mix.exs
mix.lock

README.md

BasicAuthentication

Submit and verify client credentials using the 'Basic' HTTP authentication scheme.

General purpose functionality is found in the BasicAuthentication module

Raxx.BasicAuthentication

This module contains raxx specific helpers for extracting an submitting credentials from Raxx requests.

Notes

I have extracted the general code, from the code that assumes Raxx Request/Response data structures. It would be trivial to implement a plug, might be worth doing just to show how easy it is.

I don't like that there is an implementation of secure_compare in here. I would prefer to use something in the language instead.

This PR has a very simple middleware. In real applications a user might want to configure

* how the credentials are checked, against env vars or in a database

* configure the error response

* configure what logging there is and the log level

* if requests with no authentication can pass up stack but with no user set.

* what information about the user should be added to the context

I think it would be easier for a user to implement there own auth middleware using fetch_basic_authorization rather than make all the above options configurable.

What could be useful is a general Raxx.Authentication middleware that defines a callback from request -> {:ok, user information} or {:error, response}. The implementer could also add things like calls to the logger/metrics in this callback