Skip to content
/ guardian_paseto Public

A Guardian.Token implementation for Paseto tokens (https://paseto.io)

License

GPL-3.0 license
8 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ueberauth/guardian_paseto

BranchesTags

Repository files navigation

GuardianPaseto

Hex.pm

Docs can be found Here

Considerations for using this library

There are a few library/binary requirements required in order for the Paseto library to work on any computer:

  1. Erlang version >= 20.1
    • This is required because this was the first Erlang version to introduce crypto:sign/5.
  2. libsodium >= 1.0.13
  3. openssl >= 1.1
    • This is needed for XChaCha-Poly1305 used for V2.Local Paseto

How to use

NOTE: This was basically 100% plagiarized from the Guardian documentation, so, for further configuration options, please visit their documentation at: Guardian

Guardian requires that you create an "Implementation Module". This module is your applications implementation for a particular type/configuration of token. You do this by useing Guardian in your module and adding the relevant configuration.

Add Guardian to your application

mix.exs

defp deps do
  [
    {:guardian, "~> 1.0"},
    {:guardian_paseto, "~> 0.2.1"}
  ]
end

Create a module that uses Guardian

defmodule MyApp.Guardian do
  use Guardian, otp_app: :my_app

  def subject_for_token(resource, _claims) do
    # You can use any value for the subject of your token but
    # it should be useful in retrieving the resource later, see
    # how it being used on `resource_from_claims/1` function.
    # A unique `id` is a good subject, a non-unique email address
    # is a poor subject.
    sub = to_string(resource.id)
    {:ok, sub}
  end
  def subject_for_token(_, _) do
    {:error, :reason_for_error}
  end

  def resource_from_claims(claims) do
    # Here we'll look up our resource from the claims, the subject can be
    # found in the `"sub"` key. In `above subject_for_token/2` we returned
    # the resource id so here we'll rely on that to look it up.
    id = claims["sub"]
    resource = MyApp.get_resource_by_id(id)
    {:ok,  resource}
  end
  def resource_from_claims(_claims) do
    {:error, :reason_for_error}
  end
end

Add your configuration

config :my_app, MyApp.Guardian,
       issuer: "my_app",
       secret_key: "Secret key. You can use `:crypto.strong_rand_bytes(32)` to get one"
       allowed_algos: :v2_local

With this level of configuration, you can have a working installation.

Installation

This package can be installed by adding guardian_paseto to your list of dependencies in mix.exs:

def deps do
  [
    {:guardian_paseto, "~> 0.2.1"}
  ]
end

About

A Guardian.Token implementation for Paseto tokens (https://paseto.io)

Topics

elixir authentication guardian paseto

Resources

Readme

License

GPL-3.0 license

Security policy

Security policy
Activity
Custom properties

Stars

8 stars

Watchers

8 watching

Forks

1 fork
Report repository

Releases 3

Release v0.2.1 Latest
Aug 2, 2019
+ 2 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages