MobileIdToken (mobile_id_token v0.1.0)

Copy Markdown View Source

Verifies mobile OAuth id_token JWTs issued by Apple and Google.

verify/3 is the provider-agnostic entrypoint. It delegates to MobileIdToken.Apple and MobileIdToken.Google.

Summary

Types

provider()
verify_error()
verify_opts()

Verification options.

Functions

verify(provider, id_token, opts \\ [])

Verifies an OAuth id_token for the given provider.

Types

provider()

@type provider() :: :apple | :google

verify_error()

@type verify_error() ::
  :invalid_token
  | :missing_kid
  | :jwk_not_found
  | :invalid_signature
  | :invalid_issuer
  | :missing_client_id
  | :invalid_audience
  | :token_expired
  | :invalid_claims
  | :email_not_verified
  | :invalid_nonce
  | :jwks_unavailable
  | :unsupported_provider

verify_opts()

@type verify_opts() :: [
  client_ids: [String.t()] | String.t(),
  nonce: String.t() | nil
]

Verification options.

  • :client_ids - accepted aud values (list, comma-separated string, or single string)
  • :nonce - expected nonce (Apple expects this to be present; Google allows nil)

The library does not read host app env vars directly; pass resolved client IDs explicitly.

Functions

verify(provider, id_token, opts \\ [])

@spec verify(provider(), String.t(), verify_opts()) ::
  {:ok, map()} | {:error, verify_error()}

Verifies an OAuth id_token for the given provider.

Examples

iex> MobileIdToken.verify(:google, token, client_ids: ["my-client-id"])
{:ok, claims}

iex> MobileIdToken.verify(:apple, token, client_ids: ["com.example.app"], nonce: "abc123")
{:ok, claims}