-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Get principal from plug and improve ergonomics (#24)
* fix: AccessToken -> ApplicationToken Cloudflare Acccess specifically calls the type of token we are verifying "application tokens" in their docs. This commit renames the AccessTokenVerifier to ApplicationTokenVerifier to match the terminology and any other references to "access token" to "application token". https://developers.cloudflare.com/cloudflare-one/identity/authorization-cookie/application-token/ * feat: plug stores user principal Allowing users of the plug to access the principal of the user after it has been verified. * feat: create a principal struct The representation of the current user from AccessTokenVerifier felt a little awkward, so I've created a Principal struct to represent the current user. This also allows us to add more information to the struct in the future if we need to.
- Loading branch information
Showing
9 changed files
with
238 additions
and
127 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
defmodule CloudflareAccessEx.Principal do | ||
@moduledoc """ | ||
Defines the `Principal` struct for representing the principal identity of a user coming through Cloudflare Access. | ||
A `Principal` can either represent an anonymous user or a user that has logged in through an identity provider (IdP). | ||
The struct differentiates between these two states with the `:type` field, which can be `:anonymous` for users without | ||
a user ID or email, or `:authenticated` for users who have been verified and have these attributes. | ||
""" | ||
@enforce_keys [:type] | ||
defstruct [:type, user_id: nil, email: nil] | ||
|
||
@type anonymous_principal :: %__MODULE__{ | ||
type: :anonymous, | ||
user_id: nil, | ||
email: nil | ||
} | ||
|
||
@type authenticated_principal :: %__MODULE__{ | ||
type: :authenticated, | ||
user_id: String.t(), | ||
email: String.t() | ||
} | ||
|
||
@type t :: anonymous_principal() | authenticated_principal() | ||
|
||
@doc """ | ||
Creates a `Principal` struct for an anonymous user. | ||
## Examples | ||
iex> CloudflareAccessEx.Principal.anonymous() | ||
%CloudflareAccessEx.Principal{type: :anonymous, user_id: nil, email: nil} | ||
""" | ||
@spec anonymous() :: anonymous_principal() | ||
def anonymous do | ||
%__MODULE__{ | ||
type: :anonymous | ||
} | ||
end | ||
|
||
@doc """ | ||
Creates a `Principal` struct for an authenticated user with the provided `user_id` and `email`. | ||
## Parameters | ||
- `user_id`: The user ID from the IdP. | ||
- `email`: The email address associated with the user. | ||
## Examples | ||
iex> CloudflareAccessEx.Principal.authenticated("user123", "user@example.com") | ||
%CloudflareAccessEx.Principal{ | ||
type: :authenticated, | ||
user_id: "user123", | ||
email: "user@example.com" | ||
} | ||
""" | ||
@spec authenticated(String.t(), String.t()) :: authenticated_principal() | ||
def authenticated(user_id, email) do | ||
%__MODULE__{ | ||
type: :authenticated, | ||
user_id: user_id, | ||
email: email | ||
} | ||
end | ||
end |
Oops, something went wrong.