View Source AshAuthentication.Jwt.Config (ash_authentication v4.3.7)

Implementation details JWT generation and validation.

Provides functions to generate token configuration at runtime, based on the resource being signed for and for verifying claims and checking for token revocation.

Summary

Functions

Generate the default claims for a specified resource.

The generator function used to generate the "aud" claim.

The generator function used to generate the "iss" claim.

The signer used to sign the token on a per-resource basis.

The validation function used to validate the "aud" claim.

The validation function used to validate the "iss" claim.

The validation function used to the validate the "jti" claim.

Functions

default_claims(resource, opts \\ [])

@spec default_claims(
  Ash.Resource.t(),
  keyword()
) :: Joken.token_config()

Generate the default claims for a specified resource.

generate_audience(vsn)

@spec generate_audience(Version.t()) :: String.t()

The generator function used to generate the "aud" claim.

It generates an Elixir-style ~> version requirement against the current major and minor version numbers of AshAuthentication.

generate_issuer(vsn)

@spec generate_issuer(Version.t()) :: String.t()

The generator function used to generate the "iss" claim.

token_signer(resource, opts \\ [])

@spec token_signer(
  Ash.Resource.t(),
  keyword()
) :: Joken.Signer.t()

The signer used to sign the token on a per-resource basis.

validate_audience(claim, _, _, vsn)

@spec validate_audience(String.t(), any(), any(), Version.t()) :: boolean()

The validation function used to validate the "aud" claim.

Uses Version.match?/2 to validate the provided claim against the current version. The use of ~> means that tokens generated by versions of AshAuthentication with the the same major version and at least the same minor version should be compatible.

validate_issuer(claim, _, _)

@spec validate_issuer(String.t(), any(), any()) :: boolean()

The validation function used to validate the "iss" claim.

It simply verifies that the claim starts with "AshAuthentication"

validate_jti(jti, arg2, resource, opts \\ [])

@spec validate_jti(String.t(), any(), Ash.Resource.t() | any(), Keyword.t()) ::
  boolean()

The validation function used to the validate the "jti" claim.

This is done by checking that the token is valid with the token revocation resource. Requires that the subject's resource configuration be passed as the validation context. This is automatically done by calling Jwt.verify/2.