Skip to content
/ guardian_paseto Public

A Guardian.Token implementation for Paseto tokens (https://paseto.io)

License

GPL-3.0 license
7 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ueberauth/guardian_paseto

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

44 Commits

.github

.github

 
 

config

config

 
 

lib/guardian/token

lib/guardian/token

 
 

test

test

 
 

.formatter.exs

.formatter.exs

 
 

.gitignore

.gitignore

 
 

CHANGELOG.md

CHANGELOG.md

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

mix.exs

mix.exs

 
 

mix.lock

mix.lock

 
 

Repository files navigation

GuardianPaseto

Hex.pm

Docs can be found Here

Considerations for using this library

There are a few library/binary requirements required in order for the Paseto library to work on any computer:

  1. Erlang version >= 20.1
    • This is required because this was the first Erlang version to introduce crypto:sign/5.
  2. libsodium >= 1.0.13
  3. openssl >= 1.1
    • This is needed for XChaCha-Poly1305 used for V2.Local Paseto

How to use

NOTE: This was basically 100% plagiarized from the Guardian documentation, so, for further configuration options, please visit their documentation at: Guardian

Guardian requires that you create an "Implementation Module". This module is your applications implementation for a particular type/configuration of token. You do this by useing Guardian in your module and adding the relevant configuration.

Add Guardian to your application

mix.exs

defp deps do
  [
    {:guardian, "~> 1.0"},
    {:guardian_paseto, "~> 0.2.1"}
  ]
end

Create a module that uses Guardian

defmodule MyApp.Guardian do
  use Guardian, otp_app: :my_app

  def subject_for_token(resource, _claims) do
    # You can use any value for the subject of your token but
    # it should be useful in retrieving the resource later, see
    # how it being used on `resource_from_claims/1` function.
    # A unique `id` is a good subject, a non-unique email address
    # is a poor subject.
    sub = to_string(resource.id)
    {:ok, sub}
  end
  def subject_for_token(_, _) do
    {:error, :reason_for_error}
  end

  def resource_from_claims(claims) do
    # Here we'll look up our resource from the claims, the subject can be
    # found in the `"sub"` key. In `above subject_for_token/2` we returned
    # the resource id so here we'll rely on that to look it up.
    id = claims["sub"]
    resource = MyApp.get_resource_by_id(id)
    {:ok,  resource}
  end
  def resource_from_claims(_claims) do
    {:error, :reason_for_error}
  end
end

Add your configuration

config :my_app, MyApp.Guardian,
       issuer: "my_app",
       secret_key: "Secret key. You can use `:crypto.strong_rand_bytes(32)` to get one"
       allowed_algos: :v2_local

With this level of configuration, you can have a working installation.

Installation

This package can be installed by adding guardian_paseto to your list of dependencies in mix.exs:

def deps do
  [
    {:guardian_paseto, "~> 0.2.1"}
  ]
end

About

A Guardian.Token implementation for Paseto tokens (https://paseto.io)

Topics

elixir authentication guardian paseto

Resources

Readme

License

GPL-3.0 license

Security policy

Security policy
Activity
Custom properties

Stars

7 stars

Watchers

8 watching

Forks

1 fork
Report repository

Releases 3

Release v0.2.1 Latest
Aug 2, 2019
+ 2 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages