README.md

# Header Token Auth
  [![Hex.pm](https://img.shields.io/hexpm/v/plug.svg?style=flat-square)](https://hex.pm/packages/token_auth)



  Dead simple token auth for phoenix\other plug-based frameworks.
  This plug consists of 2 other, very simple plugs: `HeaderTokenAuth.TokenAuth` (which loads user using supplied finder function) and `HeaderTokenAuth.RequireCurrentUser` (which halts the connection if no current_user is present).

## Usage
  Token should be set in `Authorization` header like so: `Token <actual token>`

  To use it, simply declare a plug in your `router.ex` file:
  ```elixir
    pipeline :api_auth do
      plug :accepts, ["json"]
      plug HeaderTokenAuth, finder: &MyApp.Users.find_by_auth_token/1
    end
  ```
  It is also possible to use plugs separately (e.g. if you want to set current user, but it's not required):
  ```elixir
    pipeline :api_auth do
      plug :accepts, ["json"]
      plug HeaderTokenAuth.TokenAuth, finder: &MyApp.Users.find_by_auth_token/1
    end
  ```
  or just require current_user if you don't trust me or already implemented some user loading(this plug is just few lines of code, so you'd better write it yourself)
  ```elixir
    pipeline :api_auth do
      plug :accepts, ["json"]
      plug HeaderTokenAuth.RequireCurrentUser
    end
  ```

## Requirements
  In order for this plug to work, you need to supply finder function. This function should be of arity 1 and will receive token from header. Anything that will be returned is set to `conn.assigns[:current_user]`. So don't return strings if user could not be found - second plug will halt connection only if `conn.assigns[:current_user]` is `false` or `nil`!
  As already mentioned,  token should be set in `Authorization` header like so: `Token <actual token>`.