View Source BtrzAuth.Plug.VerifyAudiences (BtrzAuth v1.3.0)

Looks for and validates that the passed audiences are present in the private data under conn.private.user_aud saved by BtrzAuth.Plug.VerifyToken (the order of the plugs is very important!)

If the audiences are invalid, the pipeline will be halted and the conn.resp_body with:

%{
  "error" => "unauthorized",
  "reason" => "audiences_not_verified"
}

Options:

  • audiences - list of atom audiences to verify. Please use the ones found on BtrzAuth.Audiences.valid_audiences

Example

plug BtrzAuth.Plug.VerifyAudiences, audiences: [:CUSTOMER]

Summary

Functions