Default

The default request adapter parses simple header and cookie information. It is generic adapter that can be used to
interrogate the most common elements in an HTTP request.

Configuration

Here are all of the properties that may be configured:

{
    "adapters": {
        "{adapterId}": {
            "type": "default",
            "config": {
                "header": "{headerName}",
                "cookie": "{cookieName}",
                "trusted": false
            }
        }
    }
}

The value {adapterId} can be any unique ID across the adapters. This is the ID that you reference from within
your strategy configuration.

The following configuration properties are supported:

  • header - the name of the HTTP header whose value serves as user identifying information
  • cookie - the name of the HTTP cookie whose value serves as user identifying information
  • trusted - whether the identifying information is trusted

Usage

To grab the identifier from a header named SSO_TOKEN, you might do:

{
    "adapters": {
        "{adapterId}": {
            "type": "default",
            "config": {
                "header": "SSO_TOKEN"
            }
        }
    }
}

To grab the identifier from a cookie named USER:

{
    "adapters": {
        "{adapterId}": {
            "type": "default",
            "config": {
                "cookie": "USER"
            }
        }
    }
}

By default, the value acquired is assumed to be untrusted meaning that it needs to be passed back to the
authentication provider to verify it's real. If you're in a secure architecture where the only way the request
information is supplied is via a trusted source or something that you control and you're over HTTPS and you're
a really smart dude, then you can force trust on like this:

{
    "adapters": {
        "{adapterId}": {
            "type": "default",
            "config": {
                "cookie": "USER",
                "trusted": true
            }
        }
    }
}

In general, it's best to stick with the defaults and leave it untrusted. There's a lot of bad people out there.