Full cached JWT validation #175
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR sets things up so when the module is given a cachex key id in its options, the JWT returned by Auth0 will be fully validated using the Auth0 JWKS manifest.
A tiny refactor also came along for the ride for putting errors/data into conn to make it an integrated whole, more easier to modify in the future by using the with flow. I went really ham on
withand making sure any possible failures can be accounted for.The JWKS codepath is not engaged by testing at all as
Token.maybe_validation/2simply fails open in that case. I would not mind setting up the testing work though it isn't clear to me how to best do that.This - in theory - changes nothing meaningful about program flow until you engage cachex, at which point it can fail due to validation reasons.
Passes existing tests and passes validation checks with live Auth0 in my development environment.