View Source PrimaAuth0Ex (prima_auth0_ex v0.9.1)
Handles the retrieval of token from Auth0 and their verification/validation.
Summary
Functions
Force the refresh of the token for a given audience, invalidating both the local and the shared cache.
Obtain a token for the given audience.
Verify the integrity of a token, and validate its claims.
Functions
Force the refresh of the token for a given audience, invalidating both the local and the shared cache.
Obtain a token for the given audience.
@spec verify_and_validate(String.t(), String.t(), [String.t()], boolean()) :: {:ok, Joken.claims()} | {:error, atom() | Keyword.t()}
Verify the integrity of a token, and validate its claims.
It is possible to set a list of permissions to validate. Only tokens that include all the required permissions will pass validation.
When ignore_signature
is true
, only checks the validity of claims of the token and not its signature.
This option should never be enabled in production-like environments, as it allows anyone to forge valid tokens.