feat: Add bearer token http middleware [3/4]#1124
Merged
jcscottiii merged 1 commit intomainfrom Feb 4, 2025
Merged
Conversation
jcscottiii
changed the title
jcscottiii
force-pushed
the
jcscottiii/gcip_authenticator
branch
from
048cb0e to
77c4af8
Compare
jcscottiii
force-pushed
the
jcscottiii/create-auth-middleware
branch
from
4bc502b to
4f2db1e
Compare
This middleware adds support for Bearer token authentication in your API. It extracts the Bearer token from the Authorization header and passes it to an `Authenticator` interface for verification. The implementation of the `Authenticator` interface is provided separately. Key features * Extracts Bearer token: The middleware extracts the Bearer token from the Authorization header if present. * Passes token to authenticator: It passes the extracted token to an `Authenticator` interface, which is responsible for verifying the token and returning a user object if the authentication is successful. * Handles missing or invalid tokens: The middleware handles cases where the Authorization header is missing or malformed by returning appropriate error responses. * Customizable error responses: The `errorFn` parameter allows customization of the error response returned when authentication fails. How to use it 1. Implement the `Authenticator` interface to define how the Bearer token is verified and a user object is returned. 2. Create an instance of the `BearerTokenAuthenticationMiddleware` using your `Authenticator` implementation and an `errorFn` to handle authentication errors. 3. Apply the middleware to your API routes. Additional resources * OpenAPI specification: https://swagger.io/docs/specification/v3_0/authentication/bearer-authentication/ * Google Cloud Endpoints documentation: https://cloud.google.com/endpoints/docs/openapi/authenticating-users-custom Important notes * This middleware assumes that the route requires authentication if the `BearerAuthScopes` field is set in the request context. * You are responsible for setting the `ctxKey` in the request context when authentication is needed.
jcscottiii
force-pushed
the
jcscottiii/create-auth-middleware
branch
from
4f2db1e to
05e72f4
Compare
DanielRyanSmith
approved these changes
Feb 4, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This middleware adds support for Bearer token authentication in your API. It extracts the Bearer token from the Authorization header and passes it to an
Authenticatorinterface for verification. The implementation of theAuthenticatorinterface is provided separately.Key features
Authenticatorinterface, which is responsible for verifying the token and returning a user object if the authentication is successful.errorFnparameter allows customization of the error response returned when authentication fails.How to use it
Authenticatorinterface to define how the Bearer token is verified and a user object is returned.BearerTokenAuthenticationMiddlewareusing yourAuthenticatorimplementation and anerrorFnto handle authentication errors.Additional resources
Important notes
BearerAuthScopesfield is set in the request context.ctxKeyin the request context when authentication is needed.This is a split up of #1118