ExOauth2Provider v0.3.3 ExOauth2Provider.Authorization.Code View Source
Methods for authorization code flow.
The flow consists of three method calls:
preauthorize(resource_owner, request)
This validates the request. If a resource owner already have been authenticated previously it’ll respond with a redirect tuple.
authorize(resource_owner, request)
This confirms a resource owner authorization, and will generate an access token.
deny(resource_owner, request)
This rejects a resource owner authorization.
In a controller it could look like this:
alias ExOauth2Provider.Authorization
def new(conn, params) do
case Authorization.preauthorize(current_resource_owner(conn), params) do
{:ok, client, scopes} ->
render(conn, "new.html", params: params, client: client, scopes: scopes)
{:native_redirect, %{code: code}} ->
redirect(conn, to: oauth_authorization_path(conn, :show, code))
{:redirect, redirect_uri} ->
redirect(conn, external: redirect_uri)
{:error, error, status} ->
conn
|> put_status(status)
|> render("error.html", error: error)
end
end
def create(conn, params) do
conn
|> current_resource_owner
|> Authorization.authorize(params)
|> redirect_or_render(conn)
end
def delete(conn, params) do
conn
|> current_resource_owner
|> Authorization.deny(params)
|> redirect_or_render(conn)
end
Link to this section Summary
Functions
Authorizes an authorization code flow request
Rejects an authorization code flow request
Validates an authorization code flow request
Link to this section Functions
Authorizes an authorization code flow request.
This is used when a resource owner has authorized access. If successful, this will generate an access token grant.
Example
resource_owner
|> ExOauth2Provider.Authorization.authorize(%{
"client_id" => "Jf5rM8hQBc",
"response_type" => "code",
"scope" => "read write", # Optional
"state" => "46012", # Optional
"redirect_uri" => "https://example.com/" # Optional
})
Response
{:ok, code} # A grant was generated
{:error, %{error: error, error_description: _}, http_status} # Error occurred
{:redirect, redirect_uri} # Redirect
{:native_redirect, %{code: code}} # Redirect to :show page
deny(Ecto.Schema.t(), Map.t()) :: {:error, Map.t(), integer()} | {:redirect, String.t()}
Rejects an authorization code flow request.
This is used when a resource owner has rejected access.
Example
resource_owner
|> ExOauth2Provider.Authorization.deny(%{
"client_id" => "Jf5rM8hQBc",
"response_type" => "code"
})
Response type
{:error, %{error: error, error_description: _}, http_status} # Error occurred
{:redirect, redirect_uri} # Redirect
preauthorize(Ecto.Schema.t(), Map.t()) :: {:ok, %ExOauth2Provider.OauthApplications.OauthApplication{ __meta__: term(), access_tokens: term(), id: term(), inserted_at: term(), name: term(), owner: term(), owner_id: term(), redirect_uri: term(), scopes: term(), secret: term(), uid: term(), updated_at: term() }, [String.t()]} | {:error, Map.t(), integer()} | {:redirect, String.t()} | {:native_redirect, %{code: String.t()}}
Validates an authorization code flow request.
Will check if there’s already an existing access token with same scope and client for the resource owner.
Example
resource_owner
|> ExOauth2Provider.Authorization.preauthorize(%{
"client_id" => "Jf5rM8hQBc",
"response_type" => "code"
})
Response
{:ok, client, scopes} # Show request page with client and scopes
{:error, %{error: error, error_description: _}, http_status} # Show error page with error and http status
{:redirect, redirect_uri} # Redirect
{:native_redirect, %{code: code}} # Redirect to :show page