YipyipExAuth v0.1.0-alpha.1 YipyipExAuth.Plugs View Source
Function plugs to create and delete sessions. create_session/3
can be used in combination with
YipyipExAuth.Plugs.ProcessRefreshToken
for token refreshing.
Link to this section Summary
Functions
Create or update a session. If a session exists in the conn, the session is updated, otherwise a new one is created.
The session is put on the conn by YipyipExAuth.Plugs.ProcessRefreshToken
.
Delete the persistent session identified by the session_id in the access token payload.
Link to this section Functions
create_session(conn, user_id, config, extra_access_payload \\ nil, extra_refresh_payload \\ nil)
View Sourcecreate_session( Plug.Conn.t(), pos_integer() | binary(), YipyipExAuth.Config.t(), any(), any() ) :: Plug.Conn.t()
Create or update a session. If a session exists in the conn, the session is updated, otherwise a new one is created.
The session is put on the conn by YipyipExAuth.Plugs.ProcessRefreshToken
.
In both cases, new access / refresh tokens are created and stored in the conn's private map. The server-side session stored in the session store is created / updated as well.
The tokens' signatures are split off and sent as cookies if the session's token signature
transport mechanism is set to :cookie
. By default, these are http-only strictly-same-site secure cookies.
Optionally, it is possible to store extra payload in the access- and refresh tokens, which can be used to implement things like role-based authorization or forced logout after password change.
delete_session(conn, config)
View Sourcedelete_session(Plug.Conn.t(), YipyipExAuth.Config.t()) :: Plug.Conn.t()
Delete the persistent session identified by the session_id in the access token payload.
Note that the access token remains valid until it expires, it is left up to the client to drop the access token. It will no longer be possible to refresh the session, however.