# DecodeServer
Plug for adding authentication to your Elixir admin API. For users of [https://decodeauth.com](Decode).
### Installation & Setup
**1. Install the dependency**
Add `decode_server` to your list of dependencies in `mix.exs`:
```elixir
def deps do
[
{:decode_server, "~> 0.1.0"}
]
end
```
**2. Get your public key from Decode**
Decode supplies you a public key that this middleware will use to verify that requests are coming from Decode.
Go to the [Decode console](https://app.decodeauth.com) to grab your public key:
<div style="text-align: center;">
<img src="./docs/images/where-to-find-key.png" height=300 />
</div>
Then save and commit it to your server's repo.
You can just commit the public key to version control - the file is not a secret and cannot be used to make requests.
**3. Add the key path to your config**
Add the location of the key to your `config/config.exs`:
```elixir
config :decode_server,
key_path: File.cwd!() <> "/relative/path/to/public/key"
```
**4. Insert the Plug**
The plug is called `DecodeServer.AuthPlug`.
Here's an example using Phoenix:
```elixir
defmodule MyApp.Router do
pipeline :admin_api do
plug :accepts, ["json"]
plug :put_resp_content_type, "application/json"
plug DecodeServer.AuthPlug
end
end
```
### How it works
All authentication and authorization for your users is taken care of for you on Decode. Therefore, if a request inbound to your API is coming from Decode, you know it's valid.
This middleware package uses a public key to verify inbound requests are from Decode. If they're not, it will halt the request.
### Examples
For examples of use, [check out the test suite](./test/decode_server_test.exs).