DecodeServer

Plug for adding authentication to your Elixir admin API. For users of https://decodeauth.com.

Installation & Setup

1. Install the dependency

Add decode_server to your list of dependencies in mix.exs:

def deps do
  [
    {:decode_server, "~> 0.1.0"}
  ]
end

2. Get your public key from Decode

Decode supplies you a public key that this middleware will use to verify that requests are coming from Decode.

Go to the Decode console to grab your public key:

Then save and commit it to your server's repo.

You can just commit the public key to version control - the file is not a secret and cannot be used to make requests.

3. Add the key path to your config

Add the location of the key to your config/config.exs:

config :decode_server,
  key_path: File.cwd!() <> "/relative/path/to/public/key"

4. Insert the Plug

The plug is called DecodeServer.AuthPlug.

Here's an example using Phoenix:

defmodule MyApp.Router do
  pipeline :admin_api do
    plug :accepts, ["json"]
    plug :put_resp_content_type, "application/json"
    plug DecodeServer.AuthPlug
  end
end

How it works

All authentication and authorization for your users is taken care of for you on Decode. Therefore, if a request inbound to your API is coming from Decode, you know it's valid.

This middleware package uses a public key to verify inbound requests are from Decode. If they're not, it will halt the request.

Examples

For examples of use, check out the test suite.