auth_plug v1.2.0 AuthPlug.Token

Token module to create and validate jwt. see https://hexdocs.pm/joken/configuration.html#module-approach

Link to this section Summary

Functions

api_key/0 retrieves the API_KEY from environment variable. API keys are a single environment variable which is comprised of two parts. client_id/client_secret such that splitting on the "/" (forward slash) gives us the client_id and client_secret example: 2cfxNaWUwJBq1F4nPndoEHZJ5YCCNq9JDNAAR/2cfxNadrhMZk3iaT1L5k6Wt67c9ScbGNPz8Bw see: https://github.com/dwyl/auth/issues/42#issuecomment-620247243

client_id/0 returns the client_id (the first part of the AUTH_API_KEY)

client_id/0 returns the client_secret (the last part of the AUTH_API_KEY)

create_signer/1 creates a signer for the given secret key. It uses the HS256 (HMAC with SHA-256) to generate the signature. if you're wondering what "HS256" is, read: community.auth0.com/t/jwt-signing-algorithms-rs256-vs-hs256/7720

Combines generate_claims/1 and encode_and_sign/2

generate_jwt!/1 invokes Joken.generate_and_sign/3 claims are the data to be signed. Throws an error if anyting in the claims is invalid.

generate_jwt!/2 invokes Joken.generate_and_sign/3 claims are the data to be signed and secret is the secret key.

verify_jwt/1 verifies the given JWT and returns {:ok, claims} where the claims are the original data that were signed.

verify_jwt/2 verifies the given JWT and secret. Returns {:ok, claims} where the claims are the original data that were signed.

verify_jwt!/1 verifies the given JWT and returns claims where the claims are the original data that were signed.

verify_jwt!/2 verifies the given JWT and returns claims where the token is the JWT that was signed secret is the secret key. Returns claims the original claims contained in the JWT.

Link to this section Functions

api_key/0 retrieves the API_KEY from environment variable. API keys are a single environment variable which is comprised of two parts. client_id/client_secret such that splitting on the "/" (forward slash) gives us the client_id and client_secret example: 2cfxNaWUwJBq1F4nPndoEHZJ5YCCNq9JDNAAR/2cfxNadrhMZk3iaT1L5k6Wt67c9ScbGNPz8Bw see: https://github.com/dwyl/auth/issues/42#issuecomment-620247243

client_id/0 returns the client_id (the first part of the AUTH_API_KEY)

Link to this function

client_secret()

client_id/0 returns the client_secret (the last part of the AUTH_API_KEY)

Link to this function

create_signer(secret)

create_signer/1 creates a signer for the given secret key. It uses the HS256 (HMAC with SHA-256) to generate the signature. if you're wondering what "HS256" is, read: community.auth0.com/t/jwt-signing-algorithms-rs256-vs-hs256/7720

Link to this function

generate_and_sign(extra_claims \\ %{}, key \\ __default_signer__())

generate_and_sign(Joken.claims(), Joken.signer_arg()) ::
  {:ok, Joken.bearer_token(), Joken.claims()} | {:error, Joken.error_reason()}

Combines generate_claims/1 and encode_and_sign/2

Link to this function

generate_and_sign!(extra_claims \\ %{}, key \\ __default_signer__())

generate_and_sign!(Joken.claims(), Joken.signer_arg()) ::
  Joken.bearer_token() | no_return()

Same as generate_and_sign/2 but raises if error

Link to this function

generate_jwt!(claims)

generate_jwt!/1 invokes Joken.generate_and_sign/3 claims are the data to be signed. Throws an error if anyting in the claims is invalid.

Link to this function

generate_jwt!(claims, secret)

generate_jwt!/2 invokes Joken.generate_and_sign/3 claims are the data to be signed and secret is the secret key.

Link to this function

verify_and_validate(bearer_token, key \\ __default_signer__(), context \\ %{})

verify_and_validate(Joken.bearer_token(), Joken.signer_arg(), term()) ::
  {:ok, Joken.claims()} | {:error, Joken.error_reason()}

Combines verify/2 and validate/1

Link to this function

verify_and_validate!(bearer_token, key \\ __default_signer__(), context \\ %{})

verify_and_validate!(Joken.bearer_token(), Joken.signer_arg(), term()) ::
  Joken.claims() | no_return()

Same as verify_and_validate/2 but raises if error

Link to this function

verify_jwt(token)

verify_jwt/1 verifies the given JWT and returns {:ok, claims} where the claims are the original data that were signed.

Link to this function

verify_jwt(token, secret)

verify_jwt/2 verifies the given JWT and secret. Returns {:ok, claims} where the claims are the original data that were signed.

Link to this function

verify_jwt!(token)

verify_jwt!/1 verifies the given JWT and returns claims where the claims are the original data that were signed.

Link to this function

verify_jwt!(token, secret)

verify_jwt!/2 verifies the given JWT and returns claims where the token is the JWT that was signed secret is the secret key. Returns claims the original claims contained in the JWT.