View Source CloudflareAccessEx.AccessTokenVerifier (cloudflare_access_ex v0.1.0)

Verifies a Cloudflare Access token (JWT) and returns decoded information from the token.

Summary

Functions

Creates an AccessTokenVerifier that can be used by AccessTokenVerifier.verify/2.

Verifies the authenticity of the Cloudflare Access token in the given Plug.Conn or access_token against the given verifier.

Types

@opaque t()
@type verified_token() ::
  :anonymous
  | {:user,
     %{
       required([{:id, String.t()}]) => String.t(),
       required([{:email, String.t()}]) => String.t()
     }}
@type verify_result() :: {:ok, verified_token()} | {:error, atom() | Keyword.t()}

Functions

@spec create(atom() | keyword()) :: t()

Creates an AccessTokenVerifier that can be used by AccessTokenVerifier.verify/2.

If the config is an atom, it will be used to lookup the config in the :cloudflare_access_ex Application environment.

Alternatively, the config can be a keyword list with the following keys:

  • :domain - The domain to verify the token against. This can be a string or an atom that is used to lookup the domain in the :cloudflare_access_ex Application environment.
  • :audience - The audience to verify the token against.
  • :jwks_strategy - The module to use to fetch the public keys from Cloudflare's JWKS endpoint. Defaults to CloudflareAccessEx.JwksStrategy.

Examples

iex> Application.put_env(:cloudflare_access_ex, :my_cfa_app, [
...>   domain: "example.com",
...>   audience: "audience_string",
...> ])
...>
...> AccessTokenVerifier.create(:my_cfa_app)
%AccessTokenVerifier{
  audience: "audience_string",
  domain: "example.com",
  issuer: "https://example.com",
  jwks_strategy: CloudflareAccessEx.JwksStrategy
}

iex> Application.put_env(:cloudflare_access_ex, :my_cfa_app, [
...>   domain: :example,
...>   audience: "audience_string",
...> ])
...> Application.put_env(:cloudflare_access_ex, :example,
...>   domain: "example.com"
...> )
...>
...> AccessTokenVerifier.create(:my_cfa_app)
%AccessTokenVerifier{
  audience: "audience_string",
  domain: "example.com",
  issuer: "https://example.com",
  jwks_strategy: CloudflareAccessEx.JwksStrategy
}

iex> AccessTokenVerifier.create(
...>   domain: "example.com",
...>   audience: "audience_string",
...>   jwks_strategy: MyCustomJwksStrategy
...> )
%AccessTokenVerifier{
  audience: "audience_string",
  domain: "example.com",
  issuer: "https://example.com",
  jwks_strategy: MyCustomJwksStrategy
}
@spec verify(Plug.Conn.t() | binary(), t()) :: verify_result()

Verifies the authenticity of the Cloudflare Access token in the given Plug.Conn or access_token against the given verifier.