Lockspire.Config
(lockspire v1.0.0)
Copy Markdown
Runtime configuration helpers for the embedded Lockspire library.
Summary
Functions
Returns the configured account resolver module, or raises if missing.
Returns the configured backchannel notification module, or nil if not set.
Returns the computed device verification URI.
Returns the validated configured issuer string, or raises if invalid/missing.
Returns the configured JAR (request JWT) maximum age in seconds.
Returns the JWKS fetcher module.
Returns optional JWKS fetcher overrides.
Returns the list of known scopes.
Returns the configured logout path.
Returns the configured Lockspire mount path.
Returns the Oban configuration keyword list.
Returns the schedule string for the pruner, or false if disabled.
Returns the configured RAR authorization detail types.
Returns the configured RAR type validators.
Returns the configured Ecto repo module, or raises if missing.
Returns the security profile configuration.
Returns the configured token exchange validator module, or defaults to a delegation validator.
Functions
@spec account_resolver!() :: module()
Returns the configured account resolver module, or raises if missing.
@spec backchannel_notification() :: module() | nil
Returns the configured backchannel notification module, or nil if not set.
@spec device_verification_uri() :: String.t()
Returns the computed device verification URI.
@spec issuer!() :: String.t()
Returns the validated configured issuer string, or raises if invalid/missing.
@spec jar_max_age_seconds() :: pos_integer()
Returns the configured JAR (request JWT) maximum age in seconds.
Caps exp - now for inbound JAR request objects to bound the replay window
between issuance and use. Default: 600s (10 minutes).
Hosts can override via config :lockspire, jar_max_age_seconds: 300.
Lower values reduce replay risk but may break clients with clock drift.
Consumed by Lockspire.Protocol.RequestObject.consume/3 (Phase 22) and threaded
into Lockspire.Protocol.Jar.validate_claims/2's :max_age opt to enforce the
ceiling at the protocol seam (D-13, WR-03).
@spec jwks_fetcher() :: module()
Returns the JWKS fetcher module.
@spec jwks_fetcher_opts() :: keyword()
Returns optional JWKS fetcher overrides.
This is primarily used by repo-owned tests that need to drive the guarded
jwks_uri fetch path through Req.Test without changing the shipped runtime
defaults.
@spec known_scopes() :: [String.t()]
Returns the list of known scopes.
@spec logout_path() :: String.t()
Returns the configured logout path.
@spec mount_path() :: String.t()
Returns the configured Lockspire mount path.
Accepts any binary, including the empty string (""), which is a deliberate
signal that Lockspire is mounted at the host's root. Only nil (config
unset) is rejected — host apps must set this explicitly to declare intent.
@spec oban_config() :: keyword()
Returns the Oban configuration keyword list.
@spec pruner_schedule() :: String.t() | false
Returns the schedule string for the pruner, or false if disabled.
@spec rar_types_supported() :: [String.t()]
Returns the configured RAR authorization detail types.
@spec rar_validators() :: map()
Returns the configured RAR type validators.
@spec repo!() :: module()
Returns the configured Ecto repo module, or raises if missing.
@spec security_profile() :: :none | :fapi_2_0_security
Returns the security profile configuration.
@spec token_exchange_validator() :: module()
Returns the configured token exchange validator module, or defaults to a delegation validator.