oauth2_token_manager v0.1.0 OAuth2TokenManager.Claims View Source

Link to this section Summary

Functions

Returns the claims for a subject

Returns an ID token for the subject

Register a new ID token

Link to this section Functions

Link to this function

get_claims(iss, sub, client_conf, opts \\ [])

View Source

Specs

Returns the claims for a subject

It merges the claims retrieved from the userinfo endpoint and those in the ID token returned by get_id_token/2. The claims of the most recent source take precedence over the others.

ID token "technical" claims are removed from the output: ["iss", "sub", "aud", "exp", "iat", "auth_time", "nonce", "acr", "amr", "azp"]

Specs

get_id_token(OAuth2TokenManager.issuer(), OAuth2TokenManager.subject()) ::
  {:ok, OAuth2TokenManager.id_token()} | {:ok, nil} | {:error, Exception.t()}

Returns an ID token for the subject

The latest retrieved ID token is returned (unless register_id_token/2 was called by a third- party library). It is always unencrypted, but may not be valid anymore (it may have expired).

If there is no ID token registered, {:ok, nil} is returned. The {:error, e} tuple is returned only when something went wrong with the backend store.

Link to this function

register_id_token(iss, id_token)

View Source

Specs

register_id_token(OAuth2TokenManager.issuer(), OAuth2TokenManager.id_token()) ::
  :ok | {:error, Exception.t()}

Register a new ID token

Ideally, only the latest retrieved ID token should be saved using this function.