1.4.0 - This version may not be safe as it has not been updated for a long time. Find out if your coding project uses this component and get notified of any reported security vulnerabilities with Meterian-X Open Source Security Platform
Maintain your licence declarations and avoid unwanted licences to protect your IP the way you intended.
MPL-2.0 - Mozilla Public License 2.0A plug for verifing Auth0 JWTs.
Add to dependencies:
{:auth0_plug, "~> 1.3"}
Put in your router after match and before dispatch:
plug(:match)
plug(Auth0Plug)
plug(:dispatch)
config :auth0_plug,
secret: "secret",
realm: "realm",
extractions: [{nil, :auth0_jwt}]
You can find the jwt in conn.private:
conn.private[:auth0_jwt]
In case of failure the plug will return automatically a 401. If you don't want that, you can disable it in the options:
config :auth0_plug,
return_401: false
If you want to customize the error message:
config :auth0_plug,
unauthorized_message: "Your credentials are invalid"
It's possible to specify which keys to extract from the JWT:
config :auth0_plug,
extractions: [
{"jwt_claim", :conn_private_key},
{nil, :extracts_all_the_jwt}
]
To exclude paths from 401:
config :auth0_plug,
exclude_from_401: ["/public", "/public/:id"]