Installs the attesto_phoenix authorization-server layer into a Phoenix app
Wires the OAuth 2.0 / OpenID Connect authorization-server layer this library provides into the host Phoenix application:
- adds an
AttestoPhoenix.Configconfig skeleton (issuer, keystore, repo, the Ecto-backed token stores, a chosen:oauth_path_prefix, and neutral defaults) to the host config, - mounts the server routes (
attesto_routes/1) at the chosen prefix into the host router, - scaffolds host callback modules implementing the recommended production
behaviours (
AttestoPhoenix.ClientStore,PrincipalStore,ScopePolicy,ConsentPolicy,RegistrationStore,EventSink) with documented stub callbacks the host fills in, - points the host at
mix attesto_phoenix.gen.migrationfor the Ecto tables the bundled stores read.
Every step is idempotent: re-running the task does not duplicate the config, the route, or the scaffolded modules. The task never decides authorization policy; it scaffolds the contract the host owns (RFC 6749 §2/§3.3/§4.1.1, RFC 7591 §3, OpenID Connect Core §3.1.2/§5.3) and emits notices telling the host exactly what to fill in.
Example
mix attesto_phoenix.install
Options
--oauth-path-prefix- the client-visible mount prefix for the OAuth endpoints (RFC 8414 §3 advertises the absolute URLs; the mounted routes and the advertised metadata derive from the same prefix so they cannot drift). Defaults to/oauth, reproducing the historic surface. A host avoiding a collision with a legacy provider may pass, for example,--oauth-path-prefix /mcp/oauth. The well-known documents (RFC 8615) and the JWKS document stay anchored at the host root and are NOT relocated by this prefix.--callbacks-module- the base module the scaffolded callback modules are generated under. Defaults to<App>.AuthZ, yielding<App>.AuthZ.ClientStoreand friends.