AuthPlug (auth_plug v1.4.6)

AuthPlug handles all our auth needs in just a handful of lines of code. Please see README.md for setup instructions.

Link to this section Summary

Functions

call/2 is invoked to handle each HTTP request which auth_plug protects. If the conn contains a valid JWT in Authentication Headers, jwt query parameter or Phoenix Session, then continue to the protected route, else redirect to the auth_url with the referer set as the continuation URL.

end_session/1 makes an HTTP Request to the auth_url to end the session. This in turn makes the update on the auth app to update the session.end so the owner of the "consumer" app knows when the person logged out. end_session/1 is invoked by AuthPlug.logout/1 (above) which will likely be the function called in practice.

init/1 initialises the options passed in and makes them available in the lifecycle of the call/2 invocation (below). We pass in the auth_url key/value with the URL of the Auth service to redirect to if session is invalid/expired.

logout/1 does exactly what you expect; logs the person out of your app. recieves a conn (Plug.Conn) and unsets the session. This is super-useful in testing as we can easily reset a session.

Link to this section Functions

Link to this function

call(conn, options)

call/2 is invoked to handle each HTTP request which auth_plug protects. If the conn contains a valid JWT in Authentication Headers, jwt query parameter or Phoenix Session, then continue to the protected route, else redirect to the auth_url with the referer set as the continuation URL.

Link to this function

create_jwt_session(conn, claims)

Link to this function

end_session(conn)

end_session/1 makes an HTTP Request to the auth_url to end the session. This in turn makes the update on the auth app to update the session.end so the owner of the "consumer" app knows when the person logged out. end_session/1 is invoked by AuthPlug.logout/1 (above) which will likely be the function called in practice.

init/1 initialises the options passed in and makes them available in the lifecycle of the call/2 invocation (below). We pass in the auth_url key/value with the URL of the Auth service to redirect to if session is invalid/expired.

logout/1 does exactly what you expect; logs the person out of your app. recieves a conn (Plug.Conn) and unsets the session. This is super-useful in testing as we can easily reset a session.