auth_plug v1.2.0 AuthPlug
AuthPlug
handles all our auth needs in just a handful of lines of code.
Please see README.md
for setup instructions.
Link to this section Summary
Functions
call/2
is invoked to handle each HTTP request which auth_plug
protects.
If the conn
contains a valid JWT in Authentication Headers,
jwt query parameter or Phoenix Session, then continue to the protected route,
else redirect to the auth_url
with the referer set as the continuation URL.
create_jwt_session/2
recieves a conn
(Plug.Conn) and claims
e.g: %{email: "person@dwyl.com", id: 1}
.
Signs a JWT which gets attached to the session.
This is super-useful in testing as we
can simply invoke
create_jwt_session(conn, %{email: "al@ex.co", id: 1})
and continue the request pipeline with a valid session.
create_session/2
takes a conn
, claims and a JWT
and creates the session using Phoenix Sessions
and the JWT as the value so that it can be checked
on each future request.
Makes the decoded JWT available in conn.assigns
which means it can be used in templates.
Link to this section Functions
call(conn, options)
call/2
is invoked to handle each HTTP request which auth_plug
protects.
If the conn
contains a valid JWT in Authentication Headers,
jwt query parameter or Phoenix Session, then continue to the protected route,
else redirect to the auth_url
with the referer set as the continuation URL.
create_jwt_session(conn, claims)
create_jwt_session/2
recieves a conn
(Plug.Conn) and claims
e.g: %{email: "person@dwyl.com", id: 1}
.
Signs a JWT which gets attached to the session.
This is super-useful in testing as we
can simply invoke
create_jwt_session(conn, %{email: "al@ex.co", id: 1})
and continue the request pipeline with a valid session.
create_session(conn, claims, jwt)
create_session/2
takes a conn
, claims and a JWT
and creates the session using Phoenix Sessions
and the JWT as the value so that it can be checked
on each future request.
Makes the decoded JWT available in conn.assigns
which means it can be used in templates.
init(options)
init/1
initialises the options passed in and makes them
available in the lifecycle of the call/2
invocation (below).
We pass in the auth_url
key/value with the URL of the Auth service
to redirect to if session is invalid/expired.