View Source CloudflareAccessEx.ApplicationTokenVerifier (cloudflare_access_ex v0.1.4)
Verifies a Cloudflare Access application token (JWT) and returns decoded information from the token.
Summary
Types
@opaque t()
@type verify_result() :: {:ok, CloudflareAccessEx.Principal.t()} | {:error, atom() | Keyword.t()}
Functions
Creates an ApplicationTokenVerifier that can be used by ApplicationTokenVerifier.verify/2
.
If the config is an atom, it will be used to lookup the config in the :cloudflare_access_ex
Application
environment.
Alternatively, the config can be a keyword list with the following keys:
:domain
- The domain to verify the token against. This can be a string or an atom that is used to lookup the domain in the:cloudflare_access_ex
Application
environment.:audience
- The audience to verify the token against.:jwks_strategy
- The module to use to fetch the public keys from Cloudflare's JWKS endpoint. Defaults toCloudflareAccessEx.JwksStrategy
.
Examples
iex> Application.put_env(:cloudflare_access_ex, :my_cfa_app, [
...> domain: "example.com",
...> audience: "audience_string",
...> ])
...>
...> ApplicationTokenVerifier.create(:my_cfa_app)
%ApplicationTokenVerifier{
audience: "audience_string",
domain: "example.com",
issuer: "https://example.com",
jwks_strategy: CloudflareAccessEx.JwksStrategy
}
iex> Application.put_env(:cloudflare_access_ex, :my_cfa_app, [
...> domain: :example,
...> audience: "audience_string",
...> ])
...> Application.put_env(:cloudflare_access_ex, :example,
...> domain: "example.com"
...> )
...>
...> ApplicationTokenVerifier.create(:my_cfa_app)
%ApplicationTokenVerifier{
audience: "audience_string",
domain: "example.com",
issuer: "https://example.com",
jwks_strategy: CloudflareAccessEx.JwksStrategy
}
iex> ApplicationTokenVerifier.create(
...> domain: "example.com",
...> audience: "audience_string",
...> jwks_strategy: MyCustomJwksStrategy
...> )
%ApplicationTokenVerifier{
audience: "audience_string",
domain: "example.com",
issuer: "https://example.com",
jwks_strategy: MyCustomJwksStrategy
}
@spec verify(Plug.Conn.t() | binary(), t()) :: verify_result()
Verifies the authenticity of the Cloudflare Access application token in the given Plug.Conn
or application_token against the given verifier.