Skip to content

amezcua/jwt-google-tokens

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

54 Commits
.github/workflows
.github/workflows
 
 
config
config
 
 
lib
lib
 
 
test
test
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
jwt.iml
jwt.iml
 
 
mix.exs
mix.exs
 
 
mix.lock
mix.lock
 
 

Repository files navigation

JWT verifier for Google tokens

Elixir library that verifies Google generated JWT tokens (such as those returned by Firebase authentication) and returns the claims data.

The intended use case is to validate signed tokens retrieved by a mobile app using Firebase Authentication, where the app talks directly with the Google Authentication service and retrieves an authentication token (a Json Web Token) that can be later sent to a server for verification or by web apps that use the Firebase JavaScript API.

JWT tokens are also returned by other Google authentication services and this library could be used to verify them too.

Usage

iex > {:ok, claims} = Jwt.verify token

If you just want to display the contents (claims) of a token quickly you can just run:

iex > Jwt.Display.display token

No validation is performed in the token in that case.

Installation

The package can be installed as follows (will try to make it available in Hex in a future version):

  1. Add jwt to your list of dependencies in mix.exs:
def deps do
  [{:jwt, git: "https://github.com/amezcua/jwt-google-tokens.git", branch: "master"}]
end
  1. Ensure jwt is started before your application:
def application do
  [applications: [:jwt]]
end

or, depending on your version of Elixir

def application do
    [ extra_applications: [:jwt] ]
end

Plugs

Two plugs are provided:

- Jwt.Plugs.VerifyAuthorizationHeader

The plug looks at the HTTP Authorization header to see if it includes a value with the format

Authorization: Bearer [JWT]

where [JWT] is a JWT token. If it is there the library will attempt to verify the signature and attach the claims to the Plug.Conn object. The claims can then be accessed with the :jwtclaims atom:

claims = conn.assigns[:jwtclaims]
name = claims["name"]

If the token is invalid, the plug with directly return a 401 response to the client.

The tokens expiration timestamp are also checked to verify that they have not expired. Expired tokens (within a 5 minute time difference) are rejected.

- Jwt.Plugs.FilterClaims

This plug allows you to accept or deny a request based on the contents of the claims. Please take a look at the tests to see the different options you have to filter a request based on the token content.

License

Apache v2.0

About

Elixir library that verifies Google generated JWT tokens

Resources

Readme

License

Apache-2.0 license
Activity

Stars

27 stars

Watchers

2 watching

Forks

27 forks
Report repository

Releases 3

Supports Firebase JavaScript API generated tokens Latest
Jan 11, 2017
+ 2 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages