fdbeirao
commented
6 years ago Never mind. I managed to get this to work by using Joken and writing my own small plug. Kudos Guardianeers, keep up the great work!
Closed fdbeirao closed 6 years ago
fdbeirao
commented
6 years ago Never mind. I managed to get this to work by using Joken and writing my own small plug. Kudos Guardianeers, keep up the great work!
Hello there,
I have been looking around your source code, and also Joken and somehow I got into JOSE, so I think I am going too deep into the rabbit hole :)
In my scenario I have a mobile app that can get its hands on a JWT from let's say Microsoft Online, but could be other friendly idp. This authentication process doesn't touch our backend at all (by design). What I now wish to do is to have this JWT as a Bearer token on each REST request to our Phoenix endpoints.
In Phoenix I need to assert two things:
1) The JWT is signed by ""Microsoft"" (or another friendly/approved idp); 2) I need to run a business validation on one of the claims (the user email has a certain pattern, etc);
Number 1 is the one that I am scratching my head on. How do I tell Guardian that ""Microsoft"" is an approved idp? So far it feels like I would need to override the
verify_claimson my Guardian implementation.. but I have no idea how to skin this cat.Would Guardian be a natural fit for my requirement, or would something like Joken be more suitable?
Thank you for Guardian, it was a breeze to read thorough the code to better understand the stuff under the hood 👍