Anubis.Server.Authorization.Validator behaviour (anubis_mcp v1.6.0)

Copy Markdown

Behaviour for token validators.

Implement this behaviour to plug in a custom token validation strategy. Two built-in implementations are provided:

Example

defmodule MyApp.CustomValidator do
  @behaviour Anubis.Server.Authorization.Validator

  @impl true
  def validate_token(token, _config) do
    case MyApp.TokenStore.lookup(token) do
      {:ok, claims} -> {:ok, claims}
      :error -> {:error, :token_not_found}
    end
  end
end

Summary

Types

claims()
config()
reason()
token()

Callbacks

validate_token(token, config)

Validates a bearer token and returns normalized raw claims on success.

Types

claims()

@type claims() :: map()

config()

@type config() :: Anubis.Server.Authorization.config()

reason()

@type reason() :: atom() | String.t() | {atom(), term()}

token()

@type token() :: String.t()

Callbacks

validate_token(token, config)

@callback validate_token(token(), config()) :: {:ok, claims()} | {:error, reason()}

Validates a bearer token and returns normalized raw claims on success.

The returned map should contain string keys as received from the token source. Anubis.Server.Authorization.normalize_claims/1 is called by the authorization layer to convert it to the canonical claims shape stored in Context.auth.

Returns {:ok, raw_claims} or {:error, reason}.