Guardian v0.13.0 Guardian
A module that provides JWT based authentication for Elixir applications.
Guardian provides the framework for using JWT in any Elixir application, web based or otherwise, where authentication is required.
The base unit of authentication currency is implemented using JWTs.
Configuration
config :guardian, Guardian,
allowed_algos: ["HS512", "HS384"],
issuer: "MyApp",
ttl: { 30, :days },
serializer: MyApp.GuardianSerializer,
secret_key: "lksjdlkjsdflkjsdf"Summary
Functions
Verify the given JWT. This will decode_and_verify via decode_and_verify/2
Verify the given JWT
If successfully verified, returns the claims encoded into the JWT. Raises otherwise
If successfully verified, returns the claims encoded into the JWT. Raises otherwise
Returns the current default token type
Encode and sign a JWT from a resource. The resource will be run through the configured serializer to obtain a value suitable for storage inside a JWT
Like encode_and_sign/1 but also accepts the type (encoded to the typ key) for the JWT
Like encode_and_sign/2 but also encode anything found inside the claims map into the JWT
The configured issuer. If not configured, defaults to the node that issued
Read the claims of the token. This is not a verified read, it does not check the signature
Read the header of the token. This is not a verified read, it does not check the signature
Refresh the token. The token will be renewed and receive a new
As refresh!/1 but allows the claims to be updated. Specifically useful is the ability to set the ttl of the token
Revokes the current token. This provides a hook to revoke. The logic for revocation of belongs in a Guardian.Hook.on_revoke This function is less efficient that revoke!/2. If you have claims, you should use that
Revokes the current token. This provides a hook to revoke. The logic for revocation of belongs in a Guardian.Hook.on_revoke
Fetch the configured serializer module
Functions
Verify the given JWT. This will decode_and_verify via decode_and_verify/2
Verify the given JWT.
Specs
decode_and_verify!(String.t) :: mapIf successfully verified, returns the claims encoded into the JWT. Raises otherwise
Specs
decode_and_verify!(String.t, map) :: mapIf successfully verified, returns the claims encoded into the JWT. Raises otherwise
Encode and sign a JWT from a resource. The resource will be run through the configured serializer to obtain a value suitable for storage inside a JWT.
Specs
Like encode_and_sign/1 but also accepts the type (encoded to the typ key) for the JWT
The type can be anything but suggested is “access”.
Specs
Like encode_and_sign/2 but also encode anything found inside the claims map into the JWT.
To encode permissions into the token, use the :perms key
and pass it a map with the relevant permissions (must be configured)
Example
Guardian.encode_and_sign(
user,
:access,
perms: %{ default: [:read, :write] }
)Specs
issuer :: String.tThe configured issuer. If not configured, defaults to the node that issued.
Read the claims of the token. This is not a verified read, it does not check the signature.
Read the header of the token. This is not a verified read, it does not check the signature.
Refresh the token. The token will be renewed and receive a new:
jti- JWT idiat- Issued atexp- Expiry time.nbf- Not valid before time
The current token will be revoked when the new token is successfully created.
Note: A valid token must be used in order to be refreshed.
As refresh!/1 but allows the claims to be updated. Specifically useful is the ability to set the ttl of the token.
Guardian.refresh(existing_jwt, existing_claims, %{ttl: { 5, :minutes}})Once the new token is created, the old one will be revoked.
Revokes the current token. This provides a hook to revoke. The logic for revocation of belongs in a Guardian.Hook.on_revoke This function is less efficient that revoke!/2. If you have claims, you should use that.
Revokes the current token. This provides a hook to revoke. The logic for revocation of belongs in a Guardian.Hook.on_revoke