YipyipExAuth v0.1.0-alpha.1 YipyipExAuth.Plugs View Source

Function plugs to create and delete sessions. create_session/3 can be used in combination with YipyipExAuth.Plugs.ProcessRefreshToken for token refreshing.

Link to this section Summary

Functions

Create or update a session. If a session exists in the conn, the session is updated, otherwise a new one is created. The session is put on the conn by YipyipExAuth.Plugs.ProcessRefreshToken.

Delete the persistent session identified by the session_id in the access token payload.

Link to this section Functions

Link to this function

create_session(conn, user_id, config, extra_access_payload \\ nil, extra_refresh_payload \\ nil)

View Source
create_session(
  Plug.Conn.t(),
  pos_integer() | binary(),
  YipyipExAuth.Config.t(),
  any(),
  any()
) :: Plug.Conn.t()

Create or update a session. If a session exists in the conn, the session is updated, otherwise a new one is created. The session is put on the conn by YipyipExAuth.Plugs.ProcessRefreshToken.

In both cases, new access / refresh tokens are created and stored in the conn's private map. The server-side session stored in the session store is created / updated as well.

The tokens' signatures are split off and sent as cookies if the session's token signature transport mechanism is set to :cookie. By default, these are http-only strictly-same-site secure cookies.

Optionally, it is possible to store extra payload in the access- and refresh tokens, which can be used to implement things like role-based authorization or forced logout after password change.

Link to this function

delete_session(conn, config)

View Source
delete_session(Plug.Conn.t(), YipyipExAuth.Config.t()) :: Plug.Conn.t()

Delete the persistent session identified by the session_id in the access token payload.

Note that the access token remains valid until it expires, it is left up to the client to drop the access token. It will no longer be possible to refresh the session, however.