jti_register

v0.1.0

jti_register v0.1.0 JTIRegister behaviour View Source

Behaviour for modules implementing JTI registration

The purpose of a JTI registration service is to prevent replay attacks by checking if the token was already used before.

JTI stands for JWT ID, and identifies a unique JWT security token, but it could work with any token having a unique ID. For instance, this is the case for OpenID Connect ID tokens whose nonce claim is equivalent to a jti.

To avoid allowing use of a JWT in case the server's time changes backward, an implementation should use monotonic time (see System.monotonic_time/1).

Link to this section Summary

Types

timestamp()

A UNIX timestamp

Callbacks

register(jti, exp)

Registers a "jti" with its expiration time "exp"

registered?(jti)

Returns true if a "jti" is registered and not expired, false otherwise

start(any)

Starts a JTI register (unsupervised)

start_link(any)

Starts a supervised JTI register

Link to this section Types

Link to this type

timestamp()

View Source

Specs

timestamp() :: non_neg_integer()

A UNIX timestamp

Link to this section Callbacks

Link to this callback

register(jti, exp)

View Source

Specs

register(jti :: String.t(), exp :: timestamp()) :: any()

Registers a "jti" with its expiration time "exp"

Link to this callback

registered?(jti)

View Source

Specs

registered?(jti :: String.t()) :: boolean()

Returns true if a "jti" is registered and not expired, false otherwise

Link to this callback

start(any)

View Source (optional)

Specs

start(any()) :: :ok | {:error, any()}

Starts a JTI register (unsupervised)

Link to this callback

start_link(any)

View Source (optional)

Specs

start_link(any()) :: Supervisor.on_start()

Starts a supervised JTI register