Ok, I leave this here for anyone who will eventually misunderstand Guardian like I did.
My understanding is that there was no bug in my implementation; the point is that I implemented only the logic to verify the google jwt token. In order to sign in (using MyApp.Guardian.Plug.sign_in) I must provide a proper specific implementation for it, with proper config (I refactored a bit the names):
config :my_app, MyApp.GoogleGuardian,
allowed_algos: ["RS256"],
secret_key: %{
"kid" => "5edd9782d820403ee8518c4aabb2b9fe310cac12",
"e" => "AQAB",
"kty" => "RSA",
"alg" => "RS256",
"n" =>
"8leZQXh6eEjqv200Aot-ARc53fhnVex0bvPVoFAAOEuHmoR9HNqe4VUCCFX5qQ4uhTRrfpIoW-f4rZtY1gpt_4wUtNhS5-PQiSvCnljtIxCxgbW-gYKxsck8Xl-SMBYD1q4msIHbEZCE6AU_vFIgT5PjrUTo8O5YNFHpscsGDz1ZWeDTyRtf3UwTFm9p_dqSFIhyLzMo2H0BqWaowuAZeJnq0VIJxIrwjFqLj2rbBWkMxALui2uewerDrJIQQNgDqQiO8iClIbBmFxxDan5l89gHomb8HNVduIGZ3ahu18l94jQmhyVN8QQ8uNFoxfz2IfaZ3iwQL_xDtZHZtQLSUw",
"use" => "sig"
}
config :my_app, MyApp.Guardian,
issuer: "MyApp",
secret_key: "my secret"
So when I have to validate the Google JWT token, i can do MyApp.GoogleGuardian.decode_and_verify(token), and MyApp.Guardian.Plug.sign_in(user) to generate a application-specific JWT.
Hope this might help avoiding my same mistake.






















