View Source PrimaAuth0Ex.Plug.VerifyAndValidateToken (prima_auth0_ex v0.4.1)
Plug to verify and validate bearer tokens
Usage:
plug PrimaAuth0Ex.Plug.VerifyAndValidateToken, required_permissions: ["some:permission"]
options
Options
The following options can be set to customize the behavior of this plug:
audience: "my-audience"
sets the expected audience. Defaults to the audience set inconfig.exs
.required_permissions: ["p1", "p2"]
sets the set of permissions that clients are required to have. Clients who do not have all the required permissions are forbidden from accessing the API. Default is[]
, ie. no permissions required, overridable fromconfig.exs
.dry_run: false
when true allows clients to access the API even when their token is missing/invalid. Mostly useful for testing purposes. Default isfalse
, overridable fromconfig.exs
.ignore_signature: false
when true, validates claims found in a token without verifying its signature. Should only be enabled in dev/test environments, as it allows anyone to forge valid tokens. Default isfalse
, overridable fromconfig.exs
.