pass v0.3.0 Pass.ConfirmEmail

Handles email confirmations by generating, verifying, and redeeming JWTs.

The idea is that you would use Pass.ConfirmEmail.generate_token/1 to create a JWT that you could then send to the user (probably emailing them a link.

When the user accesses your interface to confirm their email, you would use Pass.ConfirmEmail.redeem_token/1 which would first verify the JWT and then set the email confirmed field to true.

There’s no need to prevent replay attacks since all we are doing is setting a field to “true”. The token could be used multiple times without without an issue, the results would always be the same.

Summary

Functions

Takes in an email address and creates a JWT with the following claims:

  • sub: The email address passed in
  • aud: “Pass.ConfirmEmail”
  • exp: The time from epoch in seconds when the token expires

Returns the secret key used to sign the JWT

Sets the email confirmed field to true if the JWT is valid, otherwise it returns the error

Takes in an email confirmation JWT and verifies that the JWT is valid, that it hasn’t expired, and that the email address in the sub attribute match a user in the data store

Functions

generate_token(email)

Takes in an email address and creates a JWT with the following claims:

  • sub: The email address passed in
  • aud: “Pass.ConfirmEmail”
  • exp: The time from epoch in seconds when the token expires
key()

Returns the secret key used to sign the JWT.

redeem_token(token)

Sets the email confirmed field to true if the JWT is valid, otherwise it returns the error.

verify_token(token)

Takes in an email confirmation JWT and verifies that the JWT is valid, that it hasn’t expired, and that the email address in the sub attribute match a user in the data store.