View Source CloudflareAccessEx.JwksStrategy (cloudflare_access_ex v0.1.0)
This module is responsible for fetching and caching the public keys from Cloudflare's JWKS endpoint.
The keys are fetched on startup and then every hour after that.
The module implements JokenJwks's SignerMatchStrategy behaviour which is used by the JokenJwks hook to attempt to retrieve the correct signer to verify the token given the kid (key id) in the token header.
Summary
Functions
Returns a specification to start this module under a supervisor.
Implementing SignerMatchStrategy
, attempts to find the Signer
for the given key ID (kid
).
Ensures that the JwksStrategy
for the given domain has initialized OK and is ready to return signers.
Types
@type options() :: [domain: String.t(), poll_time_ms: non_neg_integer()]
Functions
Returns a specification to start this module under a supervisor.
See Supervisor
.
@spec match_signer_for_kid( String.t(), keyword() ) :: {:error, atom()} | {:ok, Joken.Signer.t()}
Implementing SignerMatchStrategy
, attempts to find the Signer
for the given key ID (kid
).
Expects opts
to contain the domain that owns the key.
Ensures that the JwksStrategy
for the given domain has initialized OK and is ready to return signers.