# AttestoPhoenix v0.6.1 - Table of Contents

> Phoenix/Ecto OAuth 2.0 / OIDC authorization server layer over attesto: authorization, token, PAR, revocation, discovery, JWKS, UserInfo, protected-resource plugs, and Ecto-backed token stores.

## Pages

- [AttestoPhoenix](readme.md)

- Changelog
  - [Changelog](changelog.md)

- License
  - [LICENSE](license.md)

## Modules

- [AttestoPhoenix.Controller.AuthorizeController](AttestoPhoenix.Controller.AuthorizeController.md): OAuth 2.0 / OpenID Connect authorization endpoint (RFC 6749 §3.1,
OIDC Core §3.1.2).
- [AttestoPhoenix.Controller.OpenIDConfigurationController](AttestoPhoenix.Controller.OpenIDConfigurationController.md): OpenID Connect Discovery 1.0 - OpenID Provider Metadata endpoint.
- [AttestoPhoenix.Plug.Authenticate](AttestoPhoenix.Plug.Authenticate.md): Phoenix-friendly protected-resource authentication.
- [AttestoPhoenix.Plug.RequireScopes](AttestoPhoenix.Plug.RequireScopes.md): Phoenix alias for `Attesto.Plug.RequireScopes`.

- Setup
  - [AttestoPhoenix](AttestoPhoenix.md): A Phoenix/Ecto OAuth 2.0 / OIDC authorization-server and
resource-server layer built on top of `Attesto`.
  - [AttestoPhoenix.Config](AttestoPhoenix.Config.md): Configuration for the `attesto_phoenix` authorization-server layer.
  - [AttestoPhoenix.Router](AttestoPhoenix.Router.md): Router macro that mounts the authorization-server endpoints.

- Controllers
  - [AttestoPhoenix.Controller.DiscoveryController](AttestoPhoenix.Controller.DiscoveryController.md): RFC 8414 - OAuth 2.0 Authorization Server Metadata endpoint.
  - [AttestoPhoenix.Controller.JWKSController](AttestoPhoenix.Controller.JWKSController.md): `GET /.well-known/jwks.json` - the JSON Web Key Set (RFC 7517 §5).
  - [AttestoPhoenix.Controller.PARController](AttestoPhoenix.Controller.PARController.md): Pushed Authorization Request endpoint (RFC 9126).
  - [AttestoPhoenix.Controller.RegistrationController](AttestoPhoenix.Controller.RegistrationController.md): OAuth 2.0 Dynamic Client Registration endpoint (RFC 7591 §3).
  - [AttestoPhoenix.Controller.RevocationController](AttestoPhoenix.Controller.RevocationController.md): `POST /oauth/revoke` - OAuth 2.0 Token Revocation (RFC 7009).
  - [AttestoPhoenix.Controller.TokenController](AttestoPhoenix.Controller.TokenController.md): OAuth 2.0 token endpoint (RFC 6749 §3.2).
  - [AttestoPhoenix.Controller.UserinfoController](AttestoPhoenix.Controller.UserinfoController.md): OpenID Connect UserInfo endpoint (OpenID Connect Core 1.0 §5.3).

- Stores
  - [AttestoPhoenix.Store.EctoCodeStore](AttestoPhoenix.Store.EctoCodeStore.md): Ecto implementation of the `Attesto.CodeStore` behaviour.
  - [AttestoPhoenix.Store.EctoNonceStore](AttestoPhoenix.Store.EctoNonceStore.md): Postgres-backed `Attesto.DPoP.NonceStore` for clustered deployments
(RFC 9449 §8).
  - [AttestoPhoenix.Store.EctoRefreshStore](AttestoPhoenix.Store.EctoRefreshStore.md): Ecto implementation of the `Attesto.RefreshStore` behaviour.
  - [AttestoPhoenix.Store.EctoReplayCheck](AttestoPhoenix.Store.EctoReplayCheck.md): Ecto-backed, shared-store `jti` replay check for DPoP proofs
(RFC 9449 §11.1).
  - [AttestoPhoenix.Store.PAR.ETS](AttestoPhoenix.Store.PAR.ETS.md): Single-node ETS Pushed Authorization Request store.
  - [AttestoPhoenix.Store.Sweeper](AttestoPhoenix.Store.Sweeper.md): Optional periodic housekeeping `GenServer` that deletes expired rows from the
Ecto-backed authorization-code, refresh-token, DPoP-nonce, and DPoP-replay
tables.

- Schemas
  - [AttestoPhoenix.Schema.Authorization](AttestoPhoenix.Schema.Authorization.md): Ecto schema for the single-use authorization codes backing an
`Attesto.CodeStore`.
  - [AttestoPhoenix.Schema.DPoPNonce](AttestoPhoenix.Schema.DPoPNonce.md): Ecto schema for a single server-issued DPoP nonce (RFC 9449 §8).
  - [AttestoPhoenix.Schema.DPoPReplay](AttestoPhoenix.Schema.DPoPReplay.md): Ecto schema for one recorded DPoP proof `jti` (JWT ID).
  - [AttestoPhoenix.Schema.RefreshToken](AttestoPhoenix.Schema.RefreshToken.md): Ecto schema for the refresh-token records that back an Ecto-backed
`Attesto.RefreshStore`.

- Shared
  - [AttestoPhoenix.Event](AttestoPhoenix.Event.md): Neutral event struct and dispatcher for the optional `:on_event` callback.
  - [AttestoPhoenix.OAuthError](AttestoPhoenix.OAuthError.md): The error value type and the wire-rendering helpers for the
authorization-server controllers and the protected-resource plugs.
  - [AttestoPhoenix.PARStore](AttestoPhoenix.PARStore.md): Behaviour for Pushed Authorization Request storage (RFC 9126).
  - [AttestoPhoenix.RequestContext](AttestoPhoenix.RequestContext.md): Neutral request-fact helpers the OAuth 2.0 / OIDC flows derive from a `Plug.Conn`.

## Mix Tasks

- [mix attesto_phoenix.gen.migration](Mix.Tasks.AttestoPhoenix.Gen.Migration.md): Generates an Ecto migration that creates the persistence backing the
Ecto-based stores ship with `attesto_phoenix`.

