Auth0 plug

A plug for verifing Auth0 JWTs.

Usage

Add to dependencies:

{:auth0_plug, "~> 1.3"}

Put in your router after match and before dispatch:

plug(:match)
plug(Auth0Plug)
plug(:dispatch)

Configuration

config :auth0_plug,
  secret: "secret",
  realm: "realm",
  extractions: [{nil, :auth0_jwt}]

You can find the jwt in conn.private:

conn.private[:auth0_jwt]

In case of failure the plug will return automatically a 401. If you don't want that, you can disable it in the options:

config :auth0_plug,
    return_401: false

If you want to customize the error message:

config :auth0_plug,
    unauthorized_message: "Your credentials are invalid"

It's possible to specify which keys to extract from the JWT:

config :auth0_plug,
    extractions: [
        {"jwt_claim", :conn_private_key},
        {nil, :extracts_all_the_jwt}
    ]

To exclude paths from 401:

config :auth0_plug,
    exclude_from_401: ["/public", "/public/:id"]