Guardian v1.1.0 Guardian.Plug.VerifyCookie View Source
Looks for and validates a token found in the request cookies.
In the case where:
a. The cookies are not loaded
b. A token is already found for :key
This plug will not do anything.
This, like all other Guardian plugs, requires a Guardian pipeline to be setup. It requires an implementation module, an error handler and a key.
These can be set either:
- Upstream on the connection with
plug Guardian.Pipeline
- Upstream on the connection with
Guardian.Pipeline.{put_module, put_error_handler, put_key}
- Inline with an option of
:module
,:error_handler
,:key
If a token is found but is invalid, the error handler will be called with
auth_error(conn, {:invalid_token, reason}, opts)
If a token is expired, the error handler WONT be called, the error can be handled with the ensure_authenticated plug
Once a token has been found it will be exchanged for an access (default) token.
This access token will be placed into the session and connection.
They will be available using [
Guardian.Plug.current_claims/2](Guardian.Plug.html#current_claims/2) and [
Guardian.Plug.current_token/2](Guardian.Plug.html#current_token/2)
Tokens from cookies should be of type
refreshand have a relatively long life.
They will be exchanged for
accesstokens (default)
Options:
*
:key- The location of the token (default
:default)
*
:exchange_from- The type of the cookie (default
”refresh”)
*
:exchange_to- The type of token to provide. Defaults to the implementation modules
default_type*
:ttl` - The time to live of the exchanged token. Defaults to configured values.
Link to this section Summary
Link to this section Functions
call(Plug.Conn.t(), Keyword.t()) :: Plug.Conn.t()