AuthPlug.Token (auth_plug v1.5.2)
Token module to create and validate jwt. see https://hexdocs.pm/joken/configuration.html#module-approach
Link to this section Summary
Functions
api_key/0
retrieves the API_KEY from environment variable.
API keys are a single environment variable which is comprised of two parts.
client_id/client_secret such that splitting on the "/" (forward slash)
gives us the client_id
and client_secret
example:
2cfxNaWUwJBq1F4nPndoEHZJ5YCCNq9JDNAAR/2cfxNadrhMZk3iaT1L5k6Wt67c9ScbGNPz8Bw/dwylauth.herokuapp.com
see: https://github.com/dwyl/auth/issues/42#issuecomment-620247243
auth_url/0
returns the auth_url
(the last part of the AUTH_API_KEY)
client_id/0
returns the client_id
(the first part of the AUTH_API_KEY)
client_secret/0
returns the client_secret
(the middle part of the AUTH_API_KEY)
create_jwt_session/2
recieves a conn
(Plug.Conn) and claims
e.g: %{email: "person@dwyl.com", id: 1}
.
Signs a JWT which gets attached to the session.
This is super-useful in testing as we
can simply invoke
create_jwt_session(conn, %{email: "al@ex.co", id: 1})
and continue the request pipeline with a valid session.
create_session/2
takes a conn
, claims and a JWT
and creates the session using Phoenix Sessions
and the JWT as the value so that it can be checked
on each future request.
Makes the decoded JWT available in conn.assigns.person
which means it can be used in templates.
create_signer/1
creates a signer for the given secret
key.
It uses the HS256 (HMAC with SHA-256) to generate the signature.
if you're wondering what "HS256" is, read:
community.auth0.com/t/jwt-signing-algorithms-rs256-vs-hs256/7720
Combines generate_claims/1
and encode_and_sign/2
Same as generate_and_sign/2
but raises if error
generate_jwt!/1
invokes Joken.generate_and_sign/3
claims are the data to be signed.
Throws an error if anyting in the claims is invalid.
generate_jwt!/2
invokes Joken.generate_and_sign/3
claims
are the data to be signed and secret
is the secret key.
get_jwt/1
extracts the JWT from HTTP Request headers, URL or Cookie.
If no JWT is found, it returns nil.
put_current_token/3
takes a conn
, JWT and values (decoded JWT)
and creates the session using create_session/2
defined above.
This regex splits the 3 parts of the AUTH_API_KEY
(id, secret and auth_url)
e.g
Combines verify/2
and validate/2
Same as verify_and_validate/2
but raises if error
verify_jwt/1
verifies the given JWT and returns {:ok, claims}
where the claims are the original data that were signed.
verify_jwt/2
verifies the given JWT and secret.
Returns {:ok, claims} where the claims are the original data that were signed.
verify_jwt!/1
verifies the given JWT and returns claims
where the claims are the original data that were signed.
verify_jwt!/2
verifies the given JWT and returns claims
where the token
is the JWT that was signed secret
is the secret key.
Returns claims
the original claims contained in the JWT.
Link to this section Functions
api_key()
api_key/0
retrieves the API_KEY from environment variable.
API keys are a single environment variable which is comprised of two parts.
client_id/client_secret such that splitting on the "/" (forward slash)
gives us the client_id
and client_secret
example:
2cfxNaWUwJBq1F4nPndoEHZJ5YCCNq9JDNAAR/2cfxNadrhMZk3iaT1L5k6Wt67c9ScbGNPz8Bw/dwylauth.herokuapp.com
see: https://github.com/dwyl/auth/issues/42#issuecomment-620247243
auth_url()
auth_url/0
returns the auth_url
(the last part of the AUTH_API_KEY)
client_id()
client_id/0
returns the client_id
(the first part of the AUTH_API_KEY)
client_secret()
client_secret/0
returns the client_secret
(the middle part of the AUTH_API_KEY)
create_jwt_session(conn, claims)
create_jwt_session/2
recieves a conn
(Plug.Conn) and claims
e.g: %{email: "person@dwyl.com", id: 1}
.
Signs a JWT which gets attached to the session.
This is super-useful in testing as we
can simply invoke
create_jwt_session(conn, %{email: "al@ex.co", id: 1})
and continue the request pipeline with a valid session.
create_session(conn, claims, jwt)
create_session/2
takes a conn
, claims and a JWT
and creates the session using Phoenix Sessions
and the JWT as the value so that it can be checked
on each future request.
Makes the decoded JWT available in conn.assigns.person
which means it can be used in templates.
create_signer(secret)
create_signer/1
creates a signer for the given secret
key.
It uses the HS256 (HMAC with SHA-256) to generate the signature.
if you're wondering what "HS256" is, read:
community.auth0.com/t/jwt-signing-algorithms-rs256-vs-hs256/7720
generate_and_sign(extra_claims \\ %{}, key \\ __default_signer__())
@spec generate_and_sign(Joken.claims(), Joken.signer_arg()) :: {:ok, Joken.bearer_token(), Joken.claims()} | {:error, Joken.error_reason()}
Combines generate_claims/1
and encode_and_sign/2
generate_and_sign!(extra_claims \\ %{}, key \\ __default_signer__())
@spec generate_and_sign!(Joken.claims(), Joken.signer_arg()) :: Joken.bearer_token()
Same as generate_and_sign/2
but raises if error
generate_jwt!(claims)
generate_jwt!/1
invokes Joken.generate_and_sign/3
claims are the data to be signed.
Throws an error if anyting in the claims is invalid.
generate_jwt!(claims, secret)
generate_jwt!/2
invokes Joken.generate_and_sign/3
claims
are the data to be signed and secret
is the secret key.
get_jwt(conn)
get_jwt/1
extracts the JWT from HTTP Request headers, URL or Cookie.
If no JWT is found, it returns nil.
put_current_token(conn, jwt, values)
put_current_token/3
takes a conn
, JWT and values (decoded JWT)
and creates the session using create_session/2
defined above.
split_env()
This regex splits the 3 parts of the AUTH_API_KEY
(id, secret and auth_url)
e.g:
- (.*) match any characters multiple time
- / escapes the forwardslash /
verify_and_validate(bearer_token, key \\ __default_signer__(), context \\ %{})
@spec verify_and_validate(Joken.bearer_token(), Joken.signer_arg(), term()) :: {:ok, Joken.claims()} | {:error, Joken.error_reason()}
Combines verify/2
and validate/2
verify_and_validate!(bearer_token, key \\ __default_signer__(), context \\ %{})
@spec verify_and_validate!(Joken.bearer_token(), Joken.signer_arg(), term()) :: Joken.claims()
Same as verify_and_validate/2
but raises if error
verify_jwt(token)
verify_jwt/1
verifies the given JWT and returns {:ok, claims}
where the claims are the original data that were signed.
verify_jwt(token, secret)
verify_jwt/2
verifies the given JWT and secret.
Returns {:ok, claims} where the claims are the original data that were signed.
verify_jwt!(token)
verify_jwt!/1
verifies the given JWT and returns claims
where the claims are the original data that were signed.
verify_jwt!(token, secret)
verify_jwt!/2
verifies the given JWT and returns claims
where the token
is the JWT that was signed secret
is the secret key.
Returns claims
the original claims contained in the JWT.