View Source Guardian.Plug.VerifyCookie (Guardian v2.3.2)
Looks for and validates a token found in the request cookies.
This module is deprecated in favor of using
Guardian.Plug.VerifySession or the Guardian.Plug.VerifyHeader
plug with the :refresh_from_cookie option
In the case where either:
- The cookies are not loaded
- A token is already found for
:key
This plug will not do anything.
This, like all other Guardian plugs, requires a Guardian pipeline to be setup. It requires an implementation module, an error handler and a key.
These can be set either:
- Upstream on the connection with
plug Guardian.Pipeline - Upstream on the connection with
Guardian.Pipeline.{put_module, put_error_handler, put_key} - Inline with an option of
:module,:error_handler,:key
If a token is found but is invalid, the error handler will be called with
auth_error(conn, {:invalid_token, reason}, opts)
If a token is expired, the error handler WON'T be called, the error can be handled with the ensure_authenticated plug
Once a token has been found it will be exchanged for an access (default) token. This access token will be placed into the session and connection.
They will be available using Guardian.Plug.current_claims/2 and Guardian.Plug.current_token/2.
Tokens from cookies should be of type refresh and have a relatively long life.
They will be exchanged for access tokens (default).
Options:
:key- The location of the token (default:default):exchange_from- The type of the cookie (default"refresh"):exchange_to- The type of token to provide. Defaults to the implementation modulesdefault_type:ttl- The time to live of the exchanged token. Defaults to configured values.:halt- Whether to halt the connection in case of error. Defaults totrue