auth0_plug

An auth0 plug

Latest version: 1.3.0 registry icon
Maintenance score
0
Safety score
0
Popularity score
70
Check your open source dependency risks. Get immediate insight about security, stability and licensing risks.
Security
  Vulnerabilities
Version Suggest Low Medium High
1.3.0 0 0 0 0
1.2.2 0 0 0 0
1.2.1 0 0 0 0
1.2.0 0 0 0 0
1.1.0 0 0 0 0
1.0.0 0 0 0 0
0.1.3 0 0 0 0
0.1.2 0 0 0 0
0.1.1 0 0 0 0
0.1.0 0 0 0 0

Stability
Latest release:

1.3.0 - this version is safe to use because it has no known security vulnerabilities at this time. Find out if your coding project uses this component and get notified of any reported security vulnerabilities with Meterian-X Open Source Security Platform

Licensing

Maintain your licence declarations and avoid unwanted licences to protect your IP the way you intended.

MPL-2.0   -   Mozilla Public License 2.0

Not a wildcard

Not proprietary

OSI Compliant



Auth0 plug

A plug for verifing Auth0 JWTs.

Usage

Add to dependencies:

{:auth0_plug, "~> 1.3"}

Put in your router after match and before dispatch:

plug(:match)
plug(Auth0Plug)
plug(:dispatch)

Configuration

config :auth0_plug,
  secret: "secret",
  realm: "realm",
  extractions: [{nil, :auth0_jwt}]

You can find the jwt in conn.private:

conn.private[:auth0_jwt]

In case of failure the plug will return automatically a 401. If you don't want that, you can disable it in the options:

config :auth0_plug,
    return_401: false

If you want to customize the error message:

config :auth0_plug,
    unauthorized_message: "Your credentials are invalid"

It's possible to specify which keys to extract from the JWT:

config :auth0_plug,
    extractions: [
        {"jwt_claim", :conn_private_key},
        {nil, :extracts_all_the_jwt}
    ]

To exclude paths from 401:

config :auth0_plug,
    exclude_from_401: ["/public", "/public/:id"]