authable v0.5.1 Authable.OAuth2

OAut2 authorization strategy router

Summary

Functions

Calls appropriate module authorize function for given grant type

Authorizes client for resouce owner with given scopes

Revokes access to resouce owner’s resources

Functions

authorize(params)

Calls appropriate module authorize function for given grant type.

It simply authorizes based on allowed strategies in configuration and then returns access token as @token_store(Authable.Models.Token) model.

Examples

# For authorization_code grant type
Authable.OAuth2.authorize(%{
  "grant_type" => "authorization_code",
  "client_id" => "52024ca6-cf1d-4a9d-bfb6-9bc5023ad56e",
  "client_secret" => "Wi7Y_Q5LU4iIwJArgqXq2Q",
  "redirect_uri" => "http://localhost:4000/oauth2/callbacks",
  "code" => "W_hb8JEDmeYChsNfOGCmbQ"
%})

# For client_credentials grant type
Authable.OAuth2.authorize(%{
  "grant_type" => "client_credentials",
  "client_id" => "52024ca6-cf1d-4a9d-bfb6-9bc5023ad56e",
  "client_secret" => "Wi7Y_Q5LU4iIwJArgqXq2Q"
%})

# For password grant type
Authable.OAuth2.authorize(%{
  "grant_type" => "password",
  "email" => "foo@example.com",
  "password" => "12345678",
  "client_id" => "52024ca6-cf1d-4a9d-bfb6-9bc5023ad56e",
  "scope" => "read"
%})

# For refresh_token grant type
Authable.OAuth2.authorize(%{
  "grant_type" => "refresh_token",
  "client_id" => "52024ca6-cf1d-4a9d-bfb6-9bc5023ad56e",
  "client_secret" => "Wi7Y_Q5LU4iIwJArgqXq2Q",
  "refresh_token" => "XJaVz3lCFC9IfifBriA-dw"
%})

# For any other grant type; must implement authorize function and returns
# access_token as @token_store(Authable.Models.Token) model.
authorize_app(user, map)

Authorizes client for resouce owner with given scopes

It authorizes app to access resouce owner’s resouces. Simply, user authorizes a client to grant resouces with scopes. If client already authorized for resouce owner then it checks scopes and updates when necessary.

Examples

# For authorization_code grant type
Authable.OAuth2.authorize_app(user, %{
  "client_id" => "52024ca6-cf1d-4a9d-bfb6-9bc5023ad56e",
  "redirect_uri" => "http://localhost:4000/oauth2/callbacks",
  "scope" => "read,write"
%})
revoke_app_authorization(user, map)

Revokes access to resouce owner’s resources.

Delete all tokens and then removes app for given app identifier.

Examples

# For authorization_code grant type
Authable.OAuth2.authorize_app(user, %{
  "id" => "12024ca6-192b-469d-bfb6-9b45023ad13e"
%})