View Source oidcc_provider_configuration (Oidcc v3.0.1)

Tooling to load and parse Openid Configuration

Records

To use the record, import the definition:

  -include_lib(["oidcc/include/oidcc_provider_configuration.hrl"]).

Telemetry

See 'Elixir.Oidcc.ProviderConfiguration'

Summary

Types

Configure configuration loading / parsing

t/0

Record containing OpenID and OAuth 2.0 Configuration

Types

Link to this type

error/0

View Source (since 3.0.0 -------------------------------------------------------------------)
-type error() ::
    invalid_content_type |
    {issuer_mismatch, Issuer :: binary()} |
    oidcc_decode_util:error() |
    oidcc_http_util:error().
Link to this type

opts/0

View Source (since 3.0.0 -------------------------------------------------------------------)
-type opts() :: #{fallback_expiry => timeout(), request_opts => oidcc_http_util:request_opts()}.

Configure configuration loading / parsing

Parameters

  • fallback_expiry - How long to keep configuration cached if the server doesn't specify expiry
  • request_opts - config for HTTP request
Link to this type

t/0

View Source (since 3.0.0 -------------------------------------------------------------------)
-type t() ::
    #oidcc_provider_configuration{issuer :: uri_string:uri_string(),
                                  authorization_endpoint :: uri_string:uri_string(),
                                  token_endpoint :: uri_string:uri_string() | undefined,
                                  userinfo_endpoint :: uri_string:uri_string() | undefined,
                                  jwks_uri :: uri_string:uri_string() | undefined,
                                  registration_endpoint :: uri_string:uri_string() | undefined,
                                  scopes_supported :: [binary()] | undefined,
                                  response_types_supported :: [binary()],
                                  response_modes_supported :: [binary()],
                                  grant_types_supported :: [binary()],
                                  acr_values_supported :: [binary()] | undefined,
                                  subject_types_supported :: [pairwise | public],
                                  id_token_signing_alg_values_supported :: [binary()],
                                  id_token_encryption_alg_values_supported ::
                                      [binary()] | undefined,
                                  id_token_encryption_enc_values_supported ::
                                      [binary()] | undefined,
                                  userinfo_signing_alg_values_supported :: [binary()] | undefined,
                                  userinfo_encryption_alg_values_supported ::
                                      [binary()] | undefined,
                                  userinfo_encryption_enc_values_supported ::
                                      [binary()] | undefined,
                                  request_object_signing_alg_values_supported ::
                                      [binary()] | undefined,
                                  request_object_encryption_alg_values_supported ::
                                      [binary()] | undefined,
                                  request_object_encryption_enc_values_supported ::
                                      [binary()] | undefined,
                                  token_endpoint_auth_methods_supported :: [binary()],
                                  token_endpoint_auth_signing_alg_values_supported ::
                                      [binary()] | undefined,
                                  display_values_supported :: [binary()] | undefined,
                                  claim_types_supported :: [normal | aggregated | distributed],
                                  claims_supported :: [binary()] | undefined,
                                  service_documentation :: uri_string:uri_string() | undefined,
                                  claims_locales_supported :: [binary()] | undefined,
                                  ui_locales_supported :: [binary()] | undefined,
                                  claims_parameter_supported :: boolean(),
                                  request_parameter_supported :: boolean(),
                                  request_uri_parameter_supported :: boolean(),
                                  require_request_uri_registration :: boolean(),
                                  op_policy_uri :: uri_string:uri_string() | undefined,
                                  op_tos_uri :: uri_string:uri_string() | undefined,
                                  revocation_endpoint :: uri_string:uri_string() | undefined,
                                  revocation_endpoint_auth_methods_supported :: [binary()],
                                  revocation_endpoint_auth_signing_alg_values_supported ::
                                      [binary()] | undefined,
                                  introspection_endpoint :: uri_string:uri_string() | undefined,
                                  introspection_endpoint_auth_methods_supported :: [binary()],
                                  introspection_endpoint_auth_signing_alg_values_supported ::
                                      [binary()] | undefined,
                                  code_challenge_methods_supported :: [binary()] | undefined,
                                  end_session_endpoint :: uri_string:uri_string() | undefined,
                                  extra_fields :: #{binary() => term()}}.

Record containing OpenID and OAuth 2.0 Configuration

See https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata, https://datatracker.ietf.org/doc/html/draft-jones-oauth-discovery-01#section-4.1 and https://openid.net/specs/openid-connect-rpinitiated-1_0.html#OPMetadata

All unrecognized fields are stored in extra_fields.

Functions

Link to this function

decode_configuration(Configuration)

View Source (since 3.0.0)
-spec decode_configuration(Configuration :: map()) -> {ok, t()} | {error, error()}.

Decode JSON into a oidcc_provider_configuration:t() record

Examples

  {ok, {{"HTTP/1.1",200,"OK"}, _Headers, Body}} =
    httpc:request("https://accounts.google.com/.well-known/openid-configuration"),
 
  {ok, DecodedJson} = your_json_lib:decode(Body),
 
  {ok, #oidcc_provider_configuration{}} =
    oidcc_provider_configuration:decode_configuration(DecodedJson).
Link to this function

load_configuration(Issuer, Opts)

View Source (since 3.0.0)
-spec load_configuration(Issuer, Opts) ->
                      {ok, {Configuration :: t(), Expiry :: pos_integer()}} | {error, error()}
                      when Issuer :: uri_string:uri_string(), Opts :: opts().

Load OpenID Configuration into a oidcc_provider_configuration:t() record

Examples

  {ok, #oidcc_provider_configuration{}} =
    oidcc_provider_configuration:load_configuration("https://accounts.google.com").
Link to this function

load_jwks(JwksUri, Opts)

View Source (since 3.0.0)
-spec load_jwks(JwksUri, Opts) ->
             {ok, {Jwks :: jose_jwk:key(), Expiry :: pos_integer()}} | {error, term()}
             when JwksUri :: uri_string:uri_string(), Opts :: opts().

Load JWKs into a jose_jwk:key() record

Examples

  {ok, #jose_jwk{}} =
    oidcc_provider_configuration:load_jwks("https://www.googleapis.com/oauth2/v3/certs").