oauth2_token_manager v0.1.0 OAuth2TokenManager.AccessToken View Source
Link to this section Summary
Functions
Deletes an access token
Deletes all access tokens related to a subject or a client (in the client credentials flow)
Gets an access token for API access
Introspect an access token
Registers an access token
Revokes an access token on the authorization server
Link to this section Functions
Specs
delete( OAuth2TokenManager.access_token(), OAuth2TokenManager.issuer(), OAuth2TokenManager.client_config(), OAuth2TokenManager.opts() ) :: :ok | {:error, Exception.t()}
Deletes an access token
The access token is deleted in the local token data base. If the :revoke_on_delete
is set,
an attempt is made to revoke it on the server (but there is no way to know whether it was
successful or not).
Specs
delete_all( OAuth2TokenManager.issuer(), OAuth2TokenManager.subject() | :client_credentials, OAuth2TokenManager.client_config(), OAuth2TokenManager.opts() ) :: :ok | {:error, Exception.t() | [Exception.t()]}
Deletes all access tokens related to a subject or a client (in the client credentials flow)
get(iss, sub_or_cc, client_conf, requested_scope_or_nil, opts \\ [])
View SourceSpecs
get( OAuth2TokenManager.issuer(), OAuth2TokenManager.subject() | :client_credentials, OAuth2TokenManager.client_config(), [OAuth2TokenManager.scope()] | nil, OAuth2TokenManager.opts() ) :: {:ok, {OAuth2TokenManager.access_token(), OAuth2TokenManager.token_type()}} | {:error, Exception.t()}
Gets an access token for API access
Requesting scopes
The requested_scope_or_nil
allows requesting an access token with certain scopes as
follows:
if the parameter is set to a list of scopes (for instance
["scope_a", "scope_b"]
):- if there is an existing valid access token available with these exact scopes (and no more), it returns it
- otherwise it tries using an refresh token registered for the subject and the issuer passed as parameters to retrieve an access token with just these scopes
- if the parameter is
nil
, returns any valid access token
Specs
introspect( OAuth2TokenManager.access_token(), OAuth2TokenManager.issuer(), OAuth2TokenManager.client_config(), OAuth2TokenManager.opts() ) :: {:ok, OAuth2TokenManager.token_metadata()} | {:error, Exception.t()}
Introspect an access token
A request is performed to the introspection endpoint of the authorization server if saved
metadata is not fresh (:min_introspect_interval
option, see OAuth2TokenManager.opts/0
).
The response is not saved. Use register/6
if you want to do so.
Specs
register( OAuth2TokenManager.access_token(), OAuth2TokenManager.token_type(), OAuth2TokenManager.token_metadata(), OAuth2TokenManager.issuer(), OAuth2TokenManager.client_config(), OAuth2TokenManager.opts() ) :: {:ok, OAuth2TokenManager.token_metadata()} | {:error, Exception.t()}
Registers an access token
Specs
revoke( OAuth2TokenManager.access_token(), OAuth2TokenManager.issuer(), OAuth2TokenManager.client_config(), OAuth2TokenManager.opts() ) :: :ok | {:error, Exception.t()}
Revokes an access token on the authorization server
It does not delete the access token locally. To do so, refer to delete/4