Custom plugin for authentication and role based access

Hi Everyone,

I am creating a custom plugin in python for my own authentication process i have some confusions if anyone can help me so i will be very thankfull.

Currently i take the demo plugin from tyk documentation for learning and i have 2 questions here:
First one is in file

from tyk.decorators import *
from gateway import TykGateway as tyk

def MyAuthMiddleware(request, session, metadata, spec):
auth_header = request.get_header(‘Authorization’)
if auth_header ==auth_header:
session.rate = 1000.0
session.per = 1.0
metadata[“token”] = “47a0c79c427728b3df4af62b9228c8ae”
return request, session, metadata

Everytime when condition will be true then request will parse forword and target url hit i mean in success case every time we will return session,request and metadata???

second one is more important for me that in case of condition false i want to return back the response from here like {code:401 ,messege:" Unauthorized error"} how can i achieved this ??

Thankyou in Advance

1 Like

Hi, that’s right, to trigger a successful authentication the gateway expects a session object and a token value in the metadata dict.
If no session object is specified HTTP 403 will be returned. To override the response you may use the ReturnOverrides field, this is part of the request object, see here.