nova_auth_oidc_jwt (nova_auth_oidc v0.1.3)
View SourceJWT bearer token validation for API protection. Validates JWTs issued by
a configured OIDC provider using the provider's JWKS (fetched and cached
by oidcc_provider_configuration_worker).
Usage
%% In a Nova security callback
case nova_auth_oidc_jwt:validate_bearer(my_oidc_config, Req) of
{ok, Actor} -> {true, Actor};
{error, _} -> {false, 401, #{}, ~"unauthorized"}
end
Summary
Functions
Validate a JWT bearer token from the request's Authorization header. Uses the first configured provider for validation.
Validate a JWT bearer token using a specific provider.
Validate a raw JWT binary against the provider's JWKS.
Functions
-spec validate_bearer(module(), cowboy_req:req()) -> {ok, nova_auth:actor()} | {error, term()}.
Validate a JWT bearer token from the request's Authorization header. Uses the first configured provider for validation.
-spec validate_bearer(module(), atom(), cowboy_req:req()) -> {ok, nova_auth:actor()} | {error, term()}.
Validate a JWT bearer token using a specific provider.
-spec validate_token(module(), atom(), binary()) -> {ok, nova_auth:actor()} | {error, term()}.
Validate a raw JWT binary against the provider's JWKS.
Steps:
- Get provider configuration and JWKS from the worker
- Decode and verify the JWT signature
- Validate standard claims (exp, iss, aud)
- Apply claims mapping
- Return the actor map