Mooncore.Auth.Token
(mooncore v0.2.4)
Copy Markdown
JWT token creation and verification.
Uses RS256 (RSA) signing via Joken. Configuration is read from:
config :mooncore,
jwt: [
key: "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----",
issuer: "myapp"
]Token Claims
Tokens contain:
"user"— user identifier"app"— app key (for routing to correct action module)"dkey"— domain/tenant key"scope"— scope for data isolation"roles"— Base58-encoded bitmask of roles"aud"— audience ("api")"iss"— issuer (from config)"exp"— expiry (18 hours default)
Summary
Functions
Combines generate_claims/1 and encode_and_sign/2
Same as generate_and_sign/2 but raises if error
Create a new token with claims. Returns {:ok, token} or {:error, reason}.
Create a new token with role bitmask encoding.
Verify and decode a JWT token.
Combines verify/2 and validate/2
Same as verify_and_validate/2 but raises if error
Functions
@spec generate_and_sign(Joken.claims(), Joken.signer_arg()) :: {:ok, Joken.bearer_token(), Joken.claims()} | {:error, Joken.error_reason()}
Combines generate_claims/1 and encode_and_sign/2
@spec generate_and_sign!(Joken.claims(), Joken.signer_arg()) :: Joken.bearer_token()
Same as generate_and_sign/2 but raises if error
Create a new token with claims. Returns {:ok, token} or {:error, reason}.
Create a new token with role bitmask encoding.
app_roles is the ordered list of all possible roles for the app.
client_roles is the list of roles this user has.
Verify and decode a JWT token.
Returns {:ok, claims} with roles decoded from bitmask back to string list,
or {:error, reason}.
@spec verify_and_validate(Joken.bearer_token(), Joken.signer_arg(), term()) :: {:ok, Joken.claims()} | {:error, Joken.error_reason()}
Combines verify/2 and validate/2
@spec verify_and_validate!(Joken.bearer_token(), Joken.signer_arg(), term()) :: Joken.claims()
Same as verify_and_validate/2 but raises if error