# Authtoken
Simplified encrypted authentication tokens using JWE.
This package provides you with a simplified headerless and encrypted JWT. It provides you with sane defaults (AES128) and almost no configuration to counteract JWTs overblown standard. See this [blog post](https://sealas.at/blog/2017-12/tokens-cookies-and-sessions-an-auth-story-part-1/) for more information.
Example integration here in [Sealas](https://github.com/Brainsware/sealas)
## Installation
1. Add `authtoken` to your list of dependencies in `mix.exs`:
```elixir
def deps do
[
{:authtoken, "~> 0.1.0"}
]
end
```
2. Configure `authtoken`. The minimum amount of configuration needed is a key for encryption.
```elixir
config :authtoken,
token_key: <<1, 2, 3, 230, 103, 242, 149, 254, 4, 33, 137, 240, 23, 90, 99, 250>>
```
You can generate this with
```elixir
iex> AuthToken.generate_key()
{:ok, <<1, 2, 3, 230, 103, 242, 149, 254, 4, 33, 137, 240, 23, 90, 99, 250>>}
```
## Usage
Generate a token for your user after successful authentication like this:
```elixir
token_content = %{userid: user.id}
token = AuthToken.generate_token(token_content)
```
then pass it on to your view.
For verification you can use the plug `AuthToken.Plug.verify_token`.
```elixir
import AuthToken.Plug
pipeline :auth do
plug :verify_token
end
scope "/protected/route", MyApp do
pipe_through :auth
resources "/", DoNastyStuffController
end
```
More detailed documentation can be found here: [https://hexdocs.pm/authtoken](https://hexdocs.pm/authtoken).
## Configuration
More optional configuration options
### timeout (default: 86400)
Denotes the lifetime of a token in seconds. After it expires you need to generate a new one.