Policies

Basic Auth Policy

The Basic Authentication policy allows you to authenticate incoming requests using the Basic authentication standard. You can configure multiple accounts with different passwords and a different bucket of user 'data'.

The API will expect a Basic Auth header (you can generate samples using this tool). Requests with invalid credentials (or no header) will not be authenticated. Authenticated requests will populate the user property of the ZuploRequest parameter on your RequestHandler.

Configuration

The configuration shows how to configure the policy in the 'policies.json' document.

{ "name": "my-basic-auth-inbound-policy", "policyType": "basic-auth-inbound", "handler": { "export": "BasicAuthInboundPolicy", "module": "$import(@zuplo/runtime)", "options": { "accounts": [ { "data": { "name": "John Doe", "email": "john.doe@gmail.com" }, "password": "$env(ACCOUNT_JOHN_PASSWORD)", "username": "$env(ACCOUNT_JOHN_USERNAME)" } ], "allowUnauthenticatedRequests": false } } }

Policy Options

The options for this policy are specified below. All properties are optional unless specifically marked as required.

  • accounts <object[]> (Required) -
    An array of account objects (username, password and data properties).
    • username <string> (Required) -
      The username for the account (this will be the `sub` property on `request.user`.
    • password <string> (Required) -
      The password for the account - note we recommend storing this in environment variables.
    • data <object> -
      The data payload you want associated with this account (this will be the `data` property on `request.user`).
  • allowUnauthenticatedRequests <boolean> -
    If 'true' allows the request to continue even if authenticated. When 'false' (the default) any unauthenticated request is automatically rejected with a 401.
    Defaults to false.

Using the Policy

Read more about how policies work

Previous
Curity Phantom Token Auth