View Source CharonOauth2 (CharonOauth2 v0.5.1)

use CharonOauth2, @charon_config

Summary

Functions

Default token verification call used in refresh_token grant. Can be overridden using config opt :verify_refresh_token, in which case there is no need to call Charon.TokenPlugs.verify_no_auth_error/2.

Functions

verify_refresh_token(conn, charon_config)

@spec verify_refresh_token(Plug.Conn.t(), Charon.Config.t()) :: Plug.Conn.t()

Default token verification call used in refresh_token grant. Can be overridden using config opt :verify_refresh_token, in which case there is no need to call Charon.TokenPlugs.verify_no_auth_error/2.

Checks:

  • signature valid
  • already valid ("nbf" claim)
  • not expired ("exp" claim)
  • token type is "refresh" ("type" claim)
  • session type is "oauth2" ("styp" claim)
  • session exists
  • token is fresh (grace period 10 seconds)