curator v0.2.4 Curator.Guardian.Token.Opaque View Source

Opaque token implementation for Guardian.

Rather than the default JWT implementation, this module expect that a token will be an opaque string, that can be looked up (in a persistance module) to get the claims. It uses a subset of the standard JWT claims so it will function as a drop-in replacement for the default Guardian implementation.

NOTE: To use this module, the guardian implementation module must implement get_token, create_token & delete_token (the Curator.Guardian.Token.Opaque.Persistence behaviour). An example can be found in the specs (it uses a context and an ecto repo). Redis, Genserver, or other stateful implementations can also be used.

Link to this section Summary

Functions

Builds the default claims (a subset of the JWT claims)

Create a token. Uses the claims, and persists the token. Returns the token_id

Find the token and return its claims (or return an error)

Exchange a token of one type to another (not applicable but a required behaviour)

Split a token_id into the token_string & id Get the DB token (from the id) Perform a constant-time comparison with the token string

Inspect the token

Refresh the token (not applicable but a required behaviour)

Generate unique token id

Verifies the claims (not applicable but a required behaviour)

Link to this section Functions

Link to this function build_claims(mod, resource, sub, claims \\ %{}, options \\ []) View Source

Builds the default claims (a subset of the JWT claims).

By default, only typ, and sub are used

Options:

Options may override the defaults found in the configuration.

  • token_type - Override the default token type
Link to this function create_token(mod, claims, options \\ []) View Source

Create a token. Uses the claims, and persists the token. Returns the token_id

Link to this function decode_token(mod, token_id, options \\ []) View Source

Find the token and return its claims (or return an error)

Link to this function exchange(mod, old_token_id, from_type, to_type, options) View Source

Exchange a token of one type to another (not applicable but a required behaviour).

It will return an error if called

Link to this function get_token_from_token_id(mod, token_id) View Source

Split a token_id into the token_string & id Get the DB token (from the id) Perform a constant-time comparison with the token string

Inspect the token.

Not applicable (as it’s an opaque token)

Link to this function refresh(mod, old_token_id, options) View Source

Refresh the token (not applicable but a required behaviour)

It will return an error if called

Link to this function revoke(mod, claims, token_id, options) View Source

Delete the token

Generate unique token id

Link to this function verify_claims(mod, claims, options) View Source

Verifies the claims (not applicable but a required behaviour).