auth0_plug

Last update: 17/04/2024

auth0_plug

An auth0 plug

Latest version: 1.4.0

Maintenance score

Safety score

Popularity score

This project has been inactive for more than one year

Check your open source dependency risks. Get immediate insight about security, stability and licensing risks.

De-risk your app now

Security

	Vulnerabilities
Version	Suggest	Low	Medium	High	Critical

1.4.0	0	0	0	0	0
1.3.0	0	0	0	0	0
1.2.2	0	0	0	0	0
1.2.1	0	0	0	0	0
1.2.0	0	0	0	0	0
1.1.0	0	0	0	0	0
1.0.0	0	0	0	0	0
0.1.3	0	0	0	0	0
0.1.2	0	0	0	0	0
0.1.1	0	0	0	0	0
0.1.0	0	0	0	0	0

Stability

Latest release:

1.4.0 - This version may not be safe as it has not been updated for a long time. Find out if your coding project uses this component and get notified of any reported security vulnerabilities with Meterian-X Open Source Security Platform

Licensing

Maintain your licence declarations and avoid unwanted licences to protect your IP the way you intended.

MPL-2.0 - Mozilla Public License 2.0

Not a wildcard

Not proprietary

OSI Compliant

Auth0 plug

A plug for verifing Auth0 JWTs.

Usage

Add to dependencies:

{:auth0_plug, "~> 1.3"}

Put in your router after match and before dispatch:

plug(:match)
plug(Auth0Plug)
plug(:dispatch)

Configuration

config :auth0_plug,
  secret: "secret",
  realm: "realm",
  extractions: [{nil, :auth0_jwt}]

You can find the jwt in conn.private:

conn.private[:auth0_jwt]

In case of failure the plug will return automatically a 401. If you don't want that, you can disable it in the options:

config :auth0_plug,
    return_401: false

If you want to customize the error message:

config :auth0_plug,
    unauthorized_message: "Your credentials are invalid"

It's possible to specify which keys to extract from the JWT:

config :auth0_plug,
    extractions: [
        {"jwt_claim", :conn_private_key},
        {nil, :extracts_all_the_jwt}
    ]

To exclude paths from 401:

config :auth0_plug,
    exclude_from_401: ["/public", "/public/:id"]