I have two tokens coming to my Endpoint method. one with inside the key of Authorization and another one inside App-token but couldn't find any docs/support or anything to workaround this. what is the possible workaround to validate/verify both tokens
I see this option
plug(Guardian.Plug.VerifyHeader, claims: %{"typ" => "access"}, realm: "Bearer") for realm but not of custom header name
Thanks
A recent PR for an upcoming Guardian release (post 1.1.0) will allow you to support token verification on any header. A custom header can be verified by plugging Guardian.Plug.VerifyHeader like so:
plug Guardian.Plug.VerifyHeader,
header_name: CUSTOM_HEADER_NAME,
realm: :none,
claims: %{"typ" => "access"}
where CUSTOM_HEADER_NAME is the name of the header to search within, which in your specific case is "App-token".
Other tokens found within the Authorization header and with a default "realm" can leave out the header_name option, like so:
plug Guardian.Plug.VerifyHeader, claims: %{"typ" => "access"}