PhoenixApiToolkit.Security.Plugs.verify_oauth2_scope

You're seeing just the function verify_oauth2_scope, go back to PhoenixApiToolkit.Security.Plugs module for more information.
Link to this function

verify_oauth2_scope(conn, exp_scopes)

View Source

Specs

verify_oauth2_scope(Plug.Conn.t(), [binary()]) :: Plug.Conn.t()

Check if the JWT in conn.assigns.jwt has a "scope" claim that matches the exp_scopes parameter. This assign is set by PhoenixApiToolkit.Security.Oauth2Plug and should contain a JOSE.JWT struct.

If not, a PhoenixApiToolkit.Security.Oauth2TokenVerificationError is raised, resulting in a 401 Unauthorized response.

Examples

use Plug.Test

def conn_with_scope(scope), do: conn(:get, "/") |> assign(:jwt, %{fields: %{"scope", scope}})

# if there is a matching scope, the conn is passed through
iex> conn = conn_with_scope("admin read:phone")
iex> conn == conn |> verify_oauth2_scope(["admin"])
true
iex> conn == conn |> verify_oauth2_scope(["admin", "not:a:match"])
true
iex> conn == conn |> verify_oauth2_scope(["admin", "read:phone"])
true

# an error is raised if there is no matching scope
iex> conn_with_scope("admin read:phone") |> verify_oauth2_scope(["not:a:match"])
** (PhoenixApiToolkit.Security.Oauth2TokenVerificationError) Oauth2 token invalid: scope mismatch