View Source oidcc_provider_configuration (Oidcc v3.0.1)
Tooling to load and parse Openid Configuration
Records
To use the record, import the definition:
-include_lib(["oidcc/include/oidcc_provider_configuration.hrl"]).
Telemetry
See'Elixir.Oidcc.ProviderConfiguration'
Summary
Types
Configure configuration loading / parsing
Record containing OpenID and OAuth 2.0 Configuration
Functions
Decode JSON into a oidcc_provider_configuration:t()
record
Load OpenID Configuration into a oidcc_provider_configuration:t()
record
Load JWKs into a jose_jwk:key()
record
Types
error/0
View Source (since 3.0.0 -------------------------------------------------------------------)-type error() :: invalid_content_type | {issuer_mismatch, Issuer :: binary()} | oidcc_decode_util:error() | oidcc_http_util:error().
opts/0
View Source (since 3.0.0 -------------------------------------------------------------------)-type opts() :: #{fallback_expiry => timeout(), request_opts => oidcc_http_util:request_opts()}.
Configure configuration loading / parsing
Parameters
fallback_expiry
- How long to keep configuration cached if the server doesn't specify expiryrequest_opts
- config for HTTP request
t/0
View Source (since 3.0.0 -------------------------------------------------------------------)-type t() :: #oidcc_provider_configuration{issuer :: uri_string:uri_string(), authorization_endpoint :: uri_string:uri_string(), token_endpoint :: uri_string:uri_string() | undefined, userinfo_endpoint :: uri_string:uri_string() | undefined, jwks_uri :: uri_string:uri_string() | undefined, registration_endpoint :: uri_string:uri_string() | undefined, scopes_supported :: [binary()] | undefined, response_types_supported :: [binary()], response_modes_supported :: [binary()], grant_types_supported :: [binary()], acr_values_supported :: [binary()] | undefined, subject_types_supported :: [pairwise | public], id_token_signing_alg_values_supported :: [binary()], id_token_encryption_alg_values_supported :: [binary()] | undefined, id_token_encryption_enc_values_supported :: [binary()] | undefined, userinfo_signing_alg_values_supported :: [binary()] | undefined, userinfo_encryption_alg_values_supported :: [binary()] | undefined, userinfo_encryption_enc_values_supported :: [binary()] | undefined, request_object_signing_alg_values_supported :: [binary()] | undefined, request_object_encryption_alg_values_supported :: [binary()] | undefined, request_object_encryption_enc_values_supported :: [binary()] | undefined, token_endpoint_auth_methods_supported :: [binary()], token_endpoint_auth_signing_alg_values_supported :: [binary()] | undefined, display_values_supported :: [binary()] | undefined, claim_types_supported :: [normal | aggregated | distributed], claims_supported :: [binary()] | undefined, service_documentation :: uri_string:uri_string() | undefined, claims_locales_supported :: [binary()] | undefined, ui_locales_supported :: [binary()] | undefined, claims_parameter_supported :: boolean(), request_parameter_supported :: boolean(), request_uri_parameter_supported :: boolean(), require_request_uri_registration :: boolean(), op_policy_uri :: uri_string:uri_string() | undefined, op_tos_uri :: uri_string:uri_string() | undefined, revocation_endpoint :: uri_string:uri_string() | undefined, revocation_endpoint_auth_methods_supported :: [binary()], revocation_endpoint_auth_signing_alg_values_supported :: [binary()] | undefined, introspection_endpoint :: uri_string:uri_string() | undefined, introspection_endpoint_auth_methods_supported :: [binary()], introspection_endpoint_auth_signing_alg_values_supported :: [binary()] | undefined, code_challenge_methods_supported :: [binary()] | undefined, end_session_endpoint :: uri_string:uri_string() | undefined, extra_fields :: #{binary() => term()}}.
Record containing OpenID and OAuth 2.0 Configuration
See https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata, https://datatracker.ietf.org/doc/html/draft-jones-oauth-discovery-01#section-4.1 and https://openid.net/specs/openid-connect-rpinitiated-1_0.html#OPMetadata
All unrecognized fields are stored inextra_fields
.
Functions
Decode JSON into a oidcc_provider_configuration:t()
record
Examples
{ok, {{"HTTP/1.1",200,"OK"}, _Headers, Body}} =
httpc:request("https://accounts.google.com/.well-known/openid-configuration"),
{ok, DecodedJson} = your_json_lib:decode(Body),
{ok, #oidcc_provider_configuration{}} =
oidcc_provider_configuration:decode_configuration(DecodedJson).
-spec load_configuration(Issuer, Opts) -> {ok, {Configuration :: t(), Expiry :: pos_integer()}} | {error, error()} when Issuer :: uri_string:uri_string(), Opts :: opts().
Load OpenID Configuration into a oidcc_provider_configuration:t()
record
Examples
{ok, #oidcc_provider_configuration{}} =
oidcc_provider_configuration:load_configuration("https://accounts.google.com").
-spec load_jwks(JwksUri, Opts) -> {ok, {Jwks :: jose_jwk:key(), Expiry :: pos_integer()}} | {error, term()} when JwksUri :: uri_string:uri_string(), Opts :: opts().
Load JWKs into a jose_jwk:key()
record
Examples
{ok, #jose_jwk{}} =
oidcc_provider_configuration:load_jwks("https://www.googleapis.com/oauth2/v3/certs").