OneAuth.Session (OneAuth v0.1.0)

Copy Markdown View Source

Creates and verifies signed OneAuth session tokens.

Session tokens are stateless and do not require server-side storage. Each token contains session metadata and is signed using the configured signing secret to prevent tampering.

Summary

Types

The decoded session payload.

Functions

Creates a new signed session token.

Verifies a signed session token.

Types

session()

@type session() :: map()

The decoded session payload.

Functions

create()

@spec create() :: String.t()

Creates a new signed session token.

The token contains the session metadata and is signed using the configured signing secret.

verify(token)

@spec verify(String.t()) :: {:ok, session()} | :error

Verifies a signed session token.

Returns the decoded session payload when the token is valid and has not expired. Returns :error if the token is invalid or expired.