Basic Auth
The Basic Authentication policy allows you to authenticate incoming requests using the Basic authentication standard. You can configure multiple accounts with different passwords and a different bucket of user 'data'.
The API will expect a Basic Auth header (you can generate samples
here). Requests with
invalid credentials (or no header) will not be authenticated. Authenticated
requests will populate the user
property of the ZuploRequest
parameter on
your RequestHandler.
Configuration#
{
"name": "my-basic-auth-inbound-policy",
"policyType": "basic-auth-inbound",
"handler": {
"export": "BasicAuthInboundPolicy",
"module": "$import(@zuplo/runtime)",
"options": {
"accounts": [
{
"data": {
"number": 1
},
"password": "PASSWORD",
"username": "USERNAME"
}
],
"allowUnauthenticatedRequests": false
}
}
}
Options#
name
the name of your policy instance. This is used as a reference in your routes.policyType
the identifier of the policy. This is used by the Zuplo UI. Value should bebasic-auth-inbound
.handler/export
The name of the exported type. Value should beBasicAuthInboundPolicy
.handler/module
the module containing the policy. Value should be$import(@zuplo/runtime)
.handler/options
The options for this policy:accounts
An array of account objects (username, password and data properties)
allowUnauthenticatedRequests
If 'true' allows the request to continue even if authenticated. When 'false' (the default) any unauthenticated request is automatically rejected with a 401