livery_auth_oidc (livery v0.2.0)

View Source

OIDC provider discovery.

discover/1,2 fetches an issuer's /.well-known/openid-configuration document and returns it as a decoded map (notably jwks_uri, issuer, authorization_endpoint, token_endpoint). Feed the jwks_uri to livery_auth_jwks:keys/1 to get verification keys.

The HTTP fetch is pluggable via fetch => fun((Url) -> {ok, Body} | {error, _}); the default uses livery_auth_jwks:default_fetch/1 (hackney).

{ok, Cfg}  = livery_auth_oidc:discover(<<"https://issuer.example">>),
JwksUri    = maps:get(<<"jwks_uri">>, Cfg),
{ok, Keys} = livery_auth_jwks:keys(JwksUri).

Summary

Types

config()
opts()

Functions

discover(Issuer)

Fetch and parse the OIDC discovery document for an issuer.

discover(Issuer, Opts)
well_known_url(Issuer)

Build the discovery URL for an issuer (handles a trailing slash).

Types

config()

-type config() :: #{binary() => term()}.

opts()

-type opts() :: #{fetch => fun((binary()) -> {ok, binary()} | {error, term()})}.

Functions

discover(Issuer)

-spec discover(binary()) -> {ok, config()} | {error, term()}.

Fetch and parse the OIDC discovery document for an issuer.

discover(Issuer, Opts)

-spec discover(binary(), opts()) -> {ok, config()} | {error, term()}.

well_known_url(Issuer)

-spec well_known_url(binary()) -> binary().

Build the discovery URL for an issuer (handles a trailing slash).