Default
The default request adapter parses simple header and cookie information. It is generic adapter that can be used to interrogate the most common elements in an HTTP request.
Configuration
Here are all of the properties that may be configured:
{
"adapters": {
"{adapterId}": {
"type": "default",
"config": {
"header": "{headerName}",
"cookie": "{cookieName}",
"trusted": false
}
}
}
}
The value {adapterId}
can be any unique ID across the adapters. This is the ID that you reference from within your strategy configuration.
The following configuration properties are supported:
header
- the name of the HTTP header whose value serves as user identifying informationcookie
- the name of the HTTP cookie whose value serves as user identifying informationtrusted
- whether the identifying information is trusted
Usage
To grab the identifier from a header named SSO_TOKEN
, you might do:
{
"adapters": {
"{adapterId}": {
"type": "default",
"config": {
"header": "SSO_TOKEN"
}
}
}
}
To grab the identifier from a cookie named USER
:
{
"adapters": {
"{adapterId}": {
"type": "default",
"config": {
"cookie": "USER"
}
}
}
}
By default, the value acquired is assumed to be untrusted meaning that it needs to be passed back to the authentication provider to verify it's real. If you're in a secure architecture where the only way the request information is supplied is via a trusted source or something that you control and you're over HTTPS and you're a really smart dude, then you can force trust on like this:
{
"adapters": {
"{adapterId}": {
"type": "default",
"config": {
"cookie": "USER",
"trusted": true
}
}
}
}
In general, it's best to stick with the defaults and leave it untrusted. There's a lot of bad people out there.