pass v0.3.0 Pass.ResetPassword
Handles password resets by generating, verifying, and redeeming JWTs.
The idea is that you would use Pass.ResetPassword.generate_token/1
to
create a JWT that you could then send to the user (probably in a link in an
email).
When the user accesses your interface redeem the token and reset their
password, you would use Pass.ResetPassword.verify_token/2
to first
verify the JWT and that the time has not expired before asking for the new
password.
Once the user has given you the new password, you would use
Pass.ResetPassword.redeem_token/2
which would first verify the JWT and
then reset the password.
To prevent replay attacks, we generate a random string to send in the jti attribute of the JWT and store it in the data store.
Summary
Functions
Takes in an email address and creates a JWT with the following claims:
- sub: The email address passed in
- aud: “Pass.ResetPassword”
- jti: Random 16 bytes encoded as URL-safe base 64 string with no padding
- iat: The current time from epoch in seconds
Returns the secret key used to sign the JWT
Takes in a JWT to verify and the new password that will be set for the user if the JWT is valid and hasn’t expired
Takes in a password reset JWT and verifies that the JWT is valid, that the JWT hasn’t expired, and that the email address in the sub attribute and the random string in the jti attribute match a user in the data store
Functions
Takes in an email address and creates a JWT with the following claims:
- sub: The email address passed in
- aud: “Pass.ResetPassword”
- jti: Random 16 bytes encoded as URL-safe base 64 string with no padding
- iat: The current time from epoch in seconds
Takes in a JWT to verify and the new password that will be set for the user if the JWT is valid and hasn’t expired.