HttpRouterService.addAuthPolicy()
Home > @backstage/backend-plugin-api
> HttpRouterService
> addAuthPolicy
Adds an auth policy to the router. This is used to allow unauthenticated or cookie based access to parts of a plugin's API.
Signature:
addAuthPolicy(policy: HttpRouterServiceAuthPolicy): void;
Parameters
Parameter |
Type |
Description |
---|---|---|
policy |
void
Remarks
The paths given follow the same pattern as the routers given to the use
method, that is, they are relative to the plugin's base URL, and can contain placeholders.
Example
http.addAuthPolicy({
path: '/static/:id',
allow: 'user-cookie',
});
This allows limited access tokens via cookies on the /api/<plugin-id>/static/*
paths, but not unauthenticated access.