View Source Guardian.Plug.VerifyCookie (Guardian v2.3.2)

Looks for and validates a token found in the request cookies.

This module is deprecated in favor of using Guardian.Plug.VerifySession or the Guardian.Plug.VerifyHeader plug with the :refresh_from_cookie option

In the case where either:

  1. The cookies are not loaded
  2. A token is already found for :key

This plug will not do anything.

This, like all other Guardian plugs, requires a Guardian pipeline to be setup. It requires an implementation module, an error handler and a key.

These can be set either:

  1. Upstream on the connection with plug Guardian.Pipeline
  2. Upstream on the connection with Guardian.Pipeline.{put_module, put_error_handler, put_key}
  3. Inline with an option of :module, :error_handler, :key

If a token is found but is invalid, the error handler will be called with auth_error(conn, {:invalid_token, reason}, opts)

If a token is expired, the error handler WON'T be called, the error can be handled with the ensure_authenticated plug

Once a token has been found it will be exchanged for an access (default) token. This access token will be placed into the session and connection.

They will be available using Guardian.Plug.current_claims/2 and Guardian.Plug.current_token/2.

Tokens from cookies should be of type refresh and have a relatively long life. They will be exchanged for access tokens (default).


  • :key - The location of the token (default :default)
  • :exchange_from - The type of the cookie (default "refresh")
  • :exchange_to - The type of token to provide. Defaults to the implementation modules default_type
  • :ttl - The time to live of the exchanged token. Defaults to configured values.
  • :halt - Whether to halt the connection in case of error. Defaults to true

Link to this section Summary

Link to this section Functions

Link to this function

refresh_from_cookie(conn, opts)

View Source