PhoenixApiToolkit.Security.Plugs.verify_oauth2_scope
You're seeing just the function
verify_oauth2_scope
, go back to PhoenixApiToolkit.Security.Plugs module for more information.
Specs
verify_oauth2_scope(Plug.Conn.t(), [binary()]) :: Plug.Conn.t()
Check if the JWT in conn.assigns.jwt
has a "scope"
claim that matches the exp_scopes
parameter.
This assign is set by PhoenixApiToolkit.Security.Oauth2Plug
and should contain a JOSE.JWT
struct.
If not, a PhoenixApiToolkit.Security.Oauth2TokenVerificationError
is raised,
resulting in a 401 Unauthorized response.
Examples
use Plug.Test
def conn_with_scope(scope), do: conn(:get, "/") |> assign(:jwt, %{fields: %{"scope", scope}})
# if there is a matching scope, the conn is passed through
iex> conn = conn_with_scope("admin read:phone")
iex> conn == conn |> verify_oauth2_scope(["admin"])
true
iex> conn == conn |> verify_oauth2_scope(["admin", "not:a:match"])
true
iex> conn == conn |> verify_oauth2_scope(["admin", "read:phone"])
true
# an error is raised if there is no matching scope
iex> conn_with_scope("admin read:phone") |> verify_oauth2_scope(["not:a:match"])
** (PhoenixApiToolkit.Security.Oauth2TokenVerificationError) Oauth2 token invalid: scope mismatch