View Source AshAuthentication.Jwt.Config (ash_authentication v4.0.0)

Implementation details JWT generation and validation.

Provides functions to generate token configuration at runtime, based on the resource being signed for and for verifying claims and checking for token revocation.

Summary

Functions

Generate the default claims for a specified resource.

The generator function used to generate the "aud" claim.

The generator function used to generate the "iss" claim.

The signer used to sign the token on a per-resource basis.

The validation function used to validate the "aud" claim.

The validation function used to validate the "iss" claim.

The validation function used to the validate the "jti" claim.

Functions

Link to this function

default_claims(resource, opts \\ [])

View Source
@spec default_claims(
  Ash.Resource.t(),
  keyword()
) :: Joken.token_config()

Generate the default claims for a specified resource.

@spec generate_audience(Version.t()) :: String.t()

The generator function used to generate the "aud" claim.

It generates an Elixir-style ~> version requirement against the current major and minor version numbers of AshAuthentication.

@spec generate_issuer(Version.t()) :: String.t()

The generator function used to generate the "iss" claim.

Link to this function

token_signer(resource, opts \\ [])

View Source
@spec token_signer(
  Ash.Resource.t(),
  keyword()
) :: Joken.Signer.t()

The signer used to sign the token on a per-resource basis.

Link to this function

validate_audience(claim, _, _, vsn)

View Source
@spec validate_audience(String.t(), any(), any(), Version.t()) :: boolean()

The validation function used to validate the "aud" claim.

Uses Version.match?/2 to validate the provided claim against the current version. The use of ~> means that tokens generated by versions of AshAuthentication with the the same major version and at least the same minor version should be compatible.

Link to this function

validate_issuer(claim, _, _)

View Source
@spec validate_issuer(String.t(), any(), any()) :: boolean()

The validation function used to validate the "iss" claim.

It simply verifies that the claim starts with "AshAuthentication"

Link to this function

validate_jti(jti, arg2, resource, opts \\ [])

View Source
@spec validate_jti(String.t(), any(), Ash.Resource.t() | any(), Keyword.t()) ::
  boolean()

The validation function used to the validate the "jti" claim.

This is done by checking that the token is valid with the token revocation resource. Requires that the subject's resource configuration be passed as the validation context. This is automatically done by calling Jwt.verify/2.