keycloak v1.1.0

Keycloak.Plug.VerifyToken (keycloak v1.1.0) View Source

Plug for verifying authorization on a per request basis, verifies that a token is set in the Authorization header.

Example Usage 

config :keycloak, Keycloak.Plug.VerifyToken, hmac: "foo"

# In your plug pipeline
plug Keycloak.Plug.VerifyToken

Link to this section Summary

Functions

call(conn, _)

Fetches the Authorization header, and verifies the token if present. If a valid token is passed, the decoded %Joken.Token{} is added as :token to the conn assigns.

fetch_token(list)

Fetches the token from the Authorization headers array, attempting to match the token in the format Bearer <token>.

generate_and_sign(extra_claims \\ %{}, key \\ __default_signer__())

Combines generate_claims/1 and encode_and_sign/2

generate_and_sign!(extra_claims \\ %{}, key \\ __default_signer__())

Same as generate_and_sign/2 but raises if error

signer_key()

Returns the configured public_key or hmac key used to sign the token.

verify_and_validate(bearer_token, key \\ __default_signer__(), context \\ %{})

Combines verify/2 and validate/2

verify_and_validate!(bearer_token, key \\ __default_signer__(), context \\ %{})

Same as verify_and_validate/2 but raises if error

verify_token(token)

Attemps to verify that the passed token can be trusted.

Link to this section Functions

Link to this function

call(conn, _)

View Source

Specs

call(
  Plug.Conn.t(),
  keyword()
) :: Plug.Conn.t()

Fetches the Authorization header, and verifies the token if present. If a valid token is passed, the decoded %Joken.Token{} is added as :token to the conn assigns.

Link to this function

fetch_token(list)

View Source

Specs

fetch_token([String.t()] | []) :: String.t() | nil

Fetches the token from the Authorization headers array, attempting to match the token in the format Bearer <token>.

Example 

iex> fetch_token([])
nil

iex> fetch_token(["abc123"])
nil

iex> fetch_token(["Bearer abc123"])
"abc123"
Link to this function

generate_and_sign(extra_claims \\ %{}, key \\ __default_signer__())

View Source

Specs

generate_and_sign(Joken.claims(), Joken.signer_arg()) ::
  {:ok, Joken.bearer_token(), Joken.claims()} | {:error, Joken.error_reason()}

Combines generate_claims/1 and encode_and_sign/2

Link to this function

generate_and_sign!(extra_claims \\ %{}, key \\ __default_signer__())

View Source

Specs

generate_and_sign!(Joken.claims(), Joken.signer_arg()) :: Joken.bearer_token()

Same as generate_and_sign/2 but raises if error

Link to this function

signer_key()

View Source

Specs

signer_key() :: Joken.Signer.t()

Returns the configured public_key or hmac key used to sign the token.

Example 

iex> %Joken.Signer{} = signer_key()
%Joken.Signer{
        alg: "HS512",
        jwk: %JOSE.JWK{fields: %{}, keys: :undefined, kty: {:jose_jwk_kty_oct, "akbar"}},
        jws: %JOSE.JWS{alg: {:jose_jws_alg_hmac, :HS512}, b64: :undefined, fields: %{"typ" => "JWT"}}
      }
Link to this function

verify_and_validate(bearer_token, key \\ __default_signer__(), context \\ %{})

View Source

Specs

verify_and_validate(Joken.bearer_token(), Joken.signer_arg(), term()) ::
  {:ok, Joken.claims()} | {:error, Joken.error_reason()}

Combines verify/2 and validate/2

Link to this function

verify_and_validate!(bearer_token, key \\ __default_signer__(), context \\ %{})

View Source

Specs

verify_and_validate!(Joken.bearer_token(), Joken.signer_arg(), term()) ::
  Joken.claims()

Same as verify_and_validate/2 but raises if error

Link to this function

verify_token(token)

View Source

Specs

verify_token(String.t() | nil) :: {atom(), Joken.Token.t() | atom()}

Attemps to verify that the passed token can be trusted.

Example 

iex> verify_token(nil)
{:error, :not_authenticated}

iex> verify_token("abc123")
{:error, :signature_error}