oidc v0.1.0 OIDC.Auth View Source
Create and verify OpenID Connect challenges for a specific OP
Options
:acr_values
: voluntary set of ACRs to be requested via the"acr_values"
parameter:claims
: claims requested in the"claims"
parameter:client_config
[Mandatory]: a module that implements theOIDC.Auth.ClientConfig
behaviour:client_id
[Mandatory]: the client id of the application using this library and initiating the request:dispay
: the display OpenID Connect parameter (mostly unused):id_token_iat_max_time_gap
: max time gap to accept an ID token, in seconds. Defaults to 0:issuer
[Mandatory]: the OpenID Provider (OP) issuer. Metadata and JWKs are automatically retrieved from it:login_hint
: the login hint OpenID Connect parameter:max_age
: the max age OpenID Connect parameter:oauth2_metadata_updater_opts
: options that will be passed toOauth2MetadataUpdater
:prompt
: the prompt OpenID Connect parameter:redirect_uri
[Mandatory]: the redirect URI the OP has to use for redirect:response_mode
: one of:"query"
"fragment"
"form_post"
nil
which means that the OP decides for the response mode
:response_type
[Mandatory]: one of:"code"
"id_token"
"id_token token"
"code token"
"code id_token"
"code id_token token"
:scope
: a list of scopes ([String.t()]
) to be requested. The"openid"
scope is automatically requested:server_metadata
: server metadata that takes precedence over those automatically retrieve on the OP configuration (requested from the issuer). Usefull when the OP does not support OpenID Connect discovery, or the override one or more parameters:token_endpoint_tesla_auth_middleware_opts
: additionalKeyword.t()
options to be passed to the authentication Tesla middlewares on the token endpoint (seeTeslaOAuth2ClientAuth
)ui_locales
: the ui locales OpenID Connect parameter:use_nonce
: one of::when_mandatory
[Default]: a nonce is included when using the implicit and hybrid flows:always
: always include a nonce (i.e. also in the code flow in which it is optional)
Link to this section Summary
Functions
Generates an OpenID Connect challenge or raise an exception if a parameter is missing
Generates an OpenID Connect request URI from a challenge and associated options
Verifies an OpenID Connect challenge against the OP's response
Link to this section Types
Link to this type
opt()
View Sourceopt() :: {:acr_values, [OIDC.acr()]} | {:claims, OIDC.claims()} | {:client_config, module()} | {:client_id, OIDC.client_id()} | {:display, String.t()} | {:id_token_iat_max_time_gap, non_neg_integer()} | {:issuer, OIDC.issuer()} | {:login_hint, String.t()} | {:max_age, non_neg_integer()} | {:oauth2_metadata_updater_opts, Keyword.t()} | {:prompt, String.t()} | {:redirect_uri, String.t()} | {:response_mode, OIDC.response_mode()} | {:response_type, OIDC.response_type()} | {:scope, [OIDC.scope()]} | {:server_metadata, OIDC.server_metadata()} | {:token_endpoint_tesla_auth_middleware_opts, Keyword.t()} | {:ui_locales, [OIDC.ui_locale()]} | {:use_nonce, :when_mandatory | :always}
Link to this section Functions
Link to this function
gen_challenge(opts)
View Sourcegen_challenge(opts()) :: OIDC.Auth.Challenge.t() | no_return()
Generates an OpenID Connect challenge or raise an exception if a parameter is missing
This challenge is to be passed back to verify_challenge/2
when redirected back from the
OpenID Provider
Link to this function
request_uri(challenge, opts)
View Sourcerequest_uri(OIDC.Auth.Challenge.t(), opts()) :: URI.t()
Generates an OpenID Connect request URI from a challenge and associated options
Link to this function
verify_response(op_response, challenge)
View Sourceverify_response(op_response(), OIDC.Auth.Challenge.t()) :: {:ok, OIDC.Auth.OPResponseSuccess.t()} | {:error, Exception.t()}
Verifies an OpenID Connect challenge against the OP's response