Guardian.Token.Jwe

This package is a plugin for Guardian.

Installation

If available in Hex, the package can be installed by adding guardian_jwe to your list of dependencies in mix.exs:

def deps do
  [
    {:guardian_jwe, "~> 0.1.0"}
  ]
end

To use JWEs, you’ll need to configure the token_module parameter in your Guardian implementation module.

defmodule GuardianTest.Auth do
  use Guardian,
    otp_app: :guardian_test,
    token_module: Guardian.Token.Jwe

  def subject_for_token(resource, _claims) do
    sub = to_string(resource.id)

    {:ok, sub}
  end

  def resource_from_claims(claims) do
    {:ok, claims}
  end
end

To change the default algorithm used to encrypt JWEs, set the allowed_algos in your Guardian configuration:

config :guardian_test, GuardianTest.Auth,
       issuer: "guardian_test",
       allowed_algos: ["A128GCMKW"],
       secret_key: "aaaaaaaaaaaaaaaa"

The JWE module uses the same claims and validations as JWT for verification. With this configuration, your application should work without additional changes to your Guardian configuration.

Implemented algorithms

Currently, this package supports the following algorithms for encrypting JWT tokens.

A128GCMKW
A192GCMKW
A256GCMKW

PBES2-HS256+A128KW
PBES2-HS384+A192KW
PBES2-HS512+A256KW

Each of the AxxxGCMKW require keys of specific bit sizes where the xxx corresponds to the required size of the key.

The PBES2-HSxxx+AxxxKW secret can be generated using mix guardian.gen.secret.

Documentation can be generated with ExDoc and published on HexDocs. Once published, the docs can be found at https://hexdocs.pm/guardian_jwe.