View Source Guardian.Plug.EnsureAuthenticated (Guardian v2.3.2)

This plug ensures that a valid token was provided and has been verified on the request.

If one is not found, the auth_error will be called with :unauthenticated

This, like all other Guardian plugs, requires a Guardian pipeline to be setup. It requires an implementation module, an error handler and a key.

These can be set either:

  1. Upstream on the connection with plug Guardian.Pipeline
  2. Upstream on the connection with Guardian.Pipeline.{put_module, put_error_handler, put_key}
  3. Inline with an option of :module, :error_handler, :key


  • claims - The literal claims to check to ensure that a token is valid
  • max_age - If the token has an "auth_time" claim, check it is not older than the maximum age.
  • key - The location to find the information in the connection. Defaults to: default
  • halt - Whether to halt the connection in case of error. Defaults to true



# setup the upstream pipeline
plug Guardian.Plug.EnsureAuthenticated, claims: %{"typ" => "access"}
plug Guardian.Plug.EnsureAuthenticated, key: :secret