HTTP authorization

HTTP authentication is performed through the Authorization header. Garvan does not impose a scheme; you read the header in a middleware or in the handler itself.

Basic auth

CROW_ROUTE(app, "/admin")([](const crow::request &req) {
    auto h = req.get_header_value("Authorization");
    if (h.rfind("Basic ", 0) != 0) return crow::response(401);

    std::string token = h.substr(6);
    std::string raw   = crow::utility::base64decode(token, token.size());
    // raw == "user:password"
    if (raw != "admin:secret") return crow::response(403);

    return crow::response("welcome");
});

Bearer tokens

JWTs and opaque tokens look the same on the wire:

if (h.rfind("Bearer ", 0) != 0) return crow::response(401);
std::string jwt = h.substr(7);
// verify the signature, check claims, etc.

Tip

Pull the check into a middleware so it doesn't repeat in every handler. See the middleware guide.

PreviousWriting tests NextIncluded middlewares