iex> alias Rivet.Ident.Auth.Domain iex> {:error, auth} = enrich_sub_aud(%Auth.Domain{token: %{claims: %{sub: "asdf", aud: "asdf"}}}) iex> auth.log "Cannot parse token.sub=asdf"

Checks payload information to verify proper authorization matches

iex> {:ok, _token, claims} = Rivet.Auth.Token.Access.jwt("narf", "example.com", 5) ...> {:error, %Auth.Domain{} = a} = jwt(%Auth.Domain{hostname: "example.com", token: %{claims: claims}}) ...> a.log "Cannot find identity factor=narf"

iex> alias Rivet.Ident.Auth.Domain iex> {:error, auth} = valid_audience(%Auth.Domain{token: %{aud: "asdf"}}) iex> auth.log "Cannot parse token.tok=asdf" iex> {:error, auth} = valid_audience(%Auth.Domain{token: %{aud: "key:a.domain"}, hostname: "b.domain"}) iex> auth.log "Token audience does not match: a.domain != b.domain" iex> valid_audience({:error, "narf"})

iex> alias Rivet.Ident.Auth.Domain iex> now = System.os_time(:second) iex> {:error, auth} = valid_expiration(%Auth.Domain{token: %{claims: %{for: %{}, exp: 0}}, type: :acc}) iex> auth.log "Token Expired" iex> {:error, auth} = valid_expiration(%Auth.Domain{token: %{claims: %{for: %{}, exp: now+300000}}, type: :acc}) iex> auth.log "Token expiration out of bounds" iex> valid_expiration({:error, "narf"})

iex> alias Rivet.Ident.Auth.Domain iex> {:error, auth} = valid_subject(%Auth.Domain{}) iex> auth.log "Unable to process token subject" iex> {:error, auth} = valid_subject(%Auth.Domain{token: %{claims: %{sub: "red"}}, type: :acc}) iex> auth.log "Cannot parse token.sub=red" iex> {:error, auth} = valid_subject(%Auth.Domain{type: :acc, token: %{sub_type: :cas1, sub: "subject"}}) iex> auth.log "Cannot find identity factor=subject" iex> {:error, auth} = valid_subject(%Auth.Domain{token: %{aud_type: :caa1, sub_type: :cas1, sub: "subject"}, type: :val}) iex> auth.log "Cannot find identity factor=subject" iex> valid_subject({:error, "narf"})