View Source CharonOauth2 (CharonOauth2 v0.0.5)

use CharonOauth2, @charon_config

Link to this section Summary

Functions

Default token verification call used in refresh_token grant. Can be overridden using config opt :verify_refresh_token, in which case there is no need to call Charon.TokenPlugs.verify_no_auth_error/2.

Link to this section Functions

Link to this function

verify_refresh_token(conn, charon_config)

View Source
@spec verify_refresh_token(Plug.Conn.t(), Charon.Config.t()) :: Plug.Conn.t()

Default token verification call used in refresh_token grant. Can be overridden using config opt :verify_refresh_token, in which case there is no need to call Charon.TokenPlugs.verify_no_auth_error/2.

Checks:

  • signature valid
  • already valid ("nbf" claim)
  • not expired ("exp" claim)
  • token type is "refresh" ("type" claim)
  • session type is "oauth2" ("styp" claim)
  • session exists
  • token is fresh (grace period 10 seconds)