View Source AshAuthentication.Jwt.Config (ash_authentication v4.0.0)
Implementation details JWT generation and validation.
Provides functions to generate token configuration at runtime, based on the resource being signed for and for verifying claims and checking for token revocation.
Summary
Functions
Generate the default claims for a specified resource.
The generator function used to generate the "aud" claim.
The generator function used to generate the "iss" claim.
The signer used to sign the token on a per-resource basis.
The validation function used to validate the "aud" claim.
The validation function used to validate the "iss" claim.
The validation function used to the validate the "jti" claim.
Functions
@spec default_claims( Ash.Resource.t(), keyword() ) :: Joken.token_config()
Generate the default claims for a specified resource.
The generator function used to generate the "aud" claim.
It generates an Elixir-style ~>
version requirement against the current
major and minor version numbers of AshAuthentication.
The generator function used to generate the "iss" claim.
@spec token_signer( Ash.Resource.t(), keyword() ) :: Joken.Signer.t()
The signer used to sign the token on a per-resource basis.
The validation function used to validate the "aud" claim.
Uses Version.match?/2
to validate the provided claim against the current
version. The use of ~>
means that tokens generated by versions of
AshAuthentication with the the same major version and at least the same minor
version should be compatible.
The validation function used to validate the "iss" claim.
It simply verifies that the claim starts with "AshAuthentication"
The validation function used to the validate the "jti" claim.
This is done by checking that the token is valid with the token revocation
resource. Requires that the subject's resource configuration be passed as the
validation context. This is automatically done by calling Jwt.verify/2
.