curator

v0.3.4

curator v0.3.4 Curator.Guardian.Token.Opaque View Source

Opaque token implementation for Guardian.

Rather than the default JWT implementation, this module expects that a token will be an opaque string, that can be looked up (in a persistance module) to get the claims. It uses a subset of the standard JWT claims so it will function as a drop-in replacement for the default Guardian implementation.

NOTE: To use this module, the guardian implementation module must implement get_token, create_token & delete_token (the Curator.Guardian.Token.Opaque.Persistence behaviour). An example can be found in the specs (it uses a context and an ecto repo). Redis, Genserver, or other stateful implementations can also be used to persist tokens.

Link to this section Summary

Functions

build_claims(mod, resource, sub, claims \\ %{}, options \\ [])

Builds the default claims (a subset of the JWT claims)

create_token(mod, claims, options \\ [])

Create a token. Uses the claims, and persists the token. Returns the token_id

decode_token(mod, token_id, options \\ [])

Find the token and return its claims (or return an error)

exchange(mod, old_token_id, from_type, to_type, options)

Exchange a token of one type to another (not applicable but a required behaviour)

get_token_from_token_id(mod, token_id)

Split a token_id into the token_string & id Get the DB token (from the id) Perform a constant-time comparison with the token string

peek(mod, token_id)

Inspect the token without any validation

refresh(mod, old_token_id, options)

Refresh the token (not applicable but a required behaviour)

revoke(mod, claims, token_id, options)

Delete the token

token_id()

Generate a unique token

token_to_token_id(token)

Turn a token into a token_id

verify_claim(mod, arg2, claims, opts)
verify_claims(mod, claims, opts)

Verifies the claims (only checks exp)

Link to this section Functions

Link to this function build_claims(mod, resource, sub, claims \\ %{}, options \\ []) View Source

Builds the default claims (a subset of the JWT claims).

By default, only typ, and sub are used

Options:

Options may override the defaults found in the configuration.

  • token_type - Override the default token type
Link to this function create_token(mod, claims, options \\ []) View Source

Create a token. Uses the claims, and persists the token. Returns the token_id

Link to this function decode_token(mod, token_id, options \\ []) View Source

Find the token and return its claims (or return an error)

Link to this function exchange(mod, old_token_id, from_type, to_type, options) View Source

Exchange a token of one type to another (not applicable but a required behaviour).

It will return an error if called

Link to this function get_token_from_token_id(mod, token_id) View Source

Split a token_id into the token_string & id Get the DB token (from the id) Perform a constant-time comparison with the token string

Link to this function peek(mod, token_id) View Source

Inspect the token without any validation.

Return a map with keys: claims

Link to this function refresh(mod, old_token_id, options) View Source

Refresh the token (not applicable but a required behaviour)

It will return an error if called

Link to this function revoke(mod, claims, token_id, options) View Source

Delete the token

Link to this function token_id() View Source

Generate a unique token

NOTE: This is NOT the token_id, but a component used to build it (it will be combined with the DB id to create the token_id)

Link to this function token_to_token_id(token) View Source

Turn a token into a token_id

A token_id is just the token.token + the token.id (concatenated) The id is used for a quick DB lookup, the token is then compared in constant time. This approach contrasts looking up the token in the DB by using token. That could leak info in a timing attack

Link to this function verify_claim(mod, arg2, claims, opts) View Source
Link to this function verify_claims(mod, claims, opts) View Source

Verifies the claims (only checks exp).