This is just an example of how to get up and running and should not be used in production
Pem files are put in the priv folder and fetched with the secret handler which is configured in the config file.
config :pem_guardian, PemGuardian.Guardian,
issuer: "pem_guardian",
allowed_algos: ["RS512"],
secret_fetcher: PemGuardian.SecretFetcher
def fetch_signing_secret(_module, _opts) do
secret =
"rsa-2048.pem"
|> fetch()
{:ok, secret}
end
def fetch_verifying_secret(_module, _headers, _opts) do
secret =
"rsa-2048.pub"
|> fetch()
{:ok, secret}
end
defp fetch(relative_path) do
:code.priv_dir(:debug_guardian)
|> Path.join(relative_path)
|> JOSE.JWK.from_pem_file()
end
Example can be verified with the following commands
{:ok,token,_} = PemGuardian.Guardian.encode_and_sign(%{id: "1"})
PemGuardian.Guardian.decode_and_verify(token)