sntran
commented
8 years ago I think I figure it out. Guardian does use the secret key in config to verify. Closing this.
Closed sntran closed 8 years ago
sntran
commented
8 years ago I think I figure it out. Guardian does use the secret key in config to verify. Closing this.
I have a JWT come from a third-party service (Auth0 in my case), that needs to be verified with a secret key. When this JWT is set in Authorization header,
Guardian.Plug.VerifyHeaderfails to verify the token.I took a look at https://github.com/ueberauth/guardian/blob/master/lib/guardian/plug/verify_header.ex#L65 and saw that it used an empty params map. From what I understand, it won't verify with any secret key.
Is there a way to pass the secret into the plug so it can use it to verify?