Rivet.Auth.Refresh (rivet_ident v3.5.0)
View SourceTooling for the second phase of auth: Refresh
TODO: Extract from Phoenix/WebSvc better, abstract so conn isn't needed
This will require a module that is imported into WebSvc -BJGSummary
Functions
iex> {:error, "narf!"} = check_refresh_token({:error, "narf!"})
iex> {:error, %Auth.Domain{log: "Invalid authorization"}} = extract_validation_token({:ok, %{sub: "cas2:asdf"}}, %Auth.Domain{}) iex> {:error, %Auth.Domain{log: "Unable to match validation token subject: \"wut\""}} = extract_validation_token({:ok, "wut"}, %Auth.Domain{}) iex> {:error, %Auth.Domain{log: "narf!"}} = extract_validation_token({:error, "narf!"}, %Auth.Domain{})
Functions
- extract the validaton token from the refresh token
- decode & verify the validation token is ours & good
- using the sub:uuid from the validation token, verify the signature on the ref token
- update connection data (or abort)
iex> assure(%Auth.Domain{}, nil) {:error, %Auth.Domain{log: "Invalid refresh request"}}
iex> {:error, "narf!"} = check_refresh_token({:error, "narf!"})
iex> {:error, %Auth.Domain{log: "Invalid authorization"}} = extract_validation_token({:ok, %{sub: "cas2:asdf"}}, %Auth.Domain{}) iex> {:error, %Auth.Domain{log: "Unable to match validation token subject: \"wut\""}} = extract_validation_token({:ok, "wut"}, %Auth.Domain{}) iex> {:error, %Auth.Domain{log: "narf!"}} = extract_validation_token({:error, "narf!"}, %Auth.Domain{})