View Source CsrfPlus.Token behaviour (CsrfPlus v0.2.0)
Defines the Token behaviour and a DefaultToken module implementation.
Summary
Callbacks
The function to generate the token tuple. It must be a tuple with the token itself and the signed version of it.
In the format {token, signed_token}
.
Responsible to generate a unique token.
Responsible to sign a token. The signed token is the token signed with some secret key or crypto algorithm that allows further verification.
Simply put, must verifies a signed_token
.
It must use the same secret key or crypto algorithm as in the sign_token function.
Functions
Just wraps generate_token/0
and sign_token/1
functions in a convenient function
Calls the configured Token module to generate a token
Calls the configured Token module to sign a given token
Calls the configured Token module to verify a signed_token
Callbacks
The function to generate the token tuple. It must be a tuple with the token itself and the signed version of it.
In the format {token, signed_token}
.
This callback is optional as all it does is to call generate_token/0
and sign_token/1
to generate both token
and its signed version.
@callback generate_token() :: String.t()
Responsible to generate a unique token.
Returns
The generated token.
Responsible to sign a token. The signed token is the token signed with some secret key or crypto algorithm that allows further verification.
Params
token
- The token to sign.
Returns
A signed token.
Simply put, must verifies a signed_token
.
It must use the same secret key or crypto algorithm as in the sign_token function.
Note
The
verified_token
is the original token before being signed.
Returns
{:ok, verified_token}
in case of success. Or {:error, the_error_itself}
.
Functions
Just wraps generate_token/0
and sign_token/1
functions in a convenient function
Calls the configured Token module to generate a token
Calls the configured Token module to sign a given token
Calls the configured Token module to verify a signed_token