View Source Overview
oidcc_cowboy
Cowboy callback module for easy integration of OpenId Connect, using oidcc.
The refactoring for v2
and the certification is funded as an
Erlang Ecosystem Foundation stipend entered by the
Security Working Group.
Usage
Code Flow
-module(basic_client_app).
-behaviour(application).
-export([start/2]).
-export([stop/1]).
start(_, _) ->
OidccCowboyOpts = #{
provider => config_provider_gen_server_name,
client_id => <<"client_id">>,
client_secret => <<"client_secret">>,
redirect_uri => "http://localhost:8080/oidc/return"
},
OidccCowboyCallbackOpts = maps:merge(OidccCowboyOpts, #{
handle_success => fun(Req, _Token, #{<<"sub">> := Subject}) ->
cowboy_req:reply(200, #{}, ["Hello ", Subject, "!"], Req)
end
}),
Dispatch = cowboy_router:compile([
{'_', [
{"/", oidcc_cowboy_authorize, OidccCowboyOpts},
{"/oidc/return", oidcc_cowboy_callback, OidccCowboyCallbackOpts}
]}
]),
{ok, _} = cowboy:start_clear(http, [{port, 8080}], #{
env => #{dispatch => Dispatch}
}),
basic_client_sup:start_link().
stop(_) ->
ok.
Authorization Header Checking
-module(api_client_app).
-behaviour(application).
-export([start/2]).
-export([stop/1]).
start(_, _) ->
OidccCowboyOpts = #{
provider => config_provider_gen_server_name,
client_id => <<"client_id">>,
client_secret => <<"client_secret">>
},
Dispatch = cowboy_router:compile([
{'_', [
{"/", api_client, #{}}
]}
]),
{ok, _} = cowboy:start_clear(http, [{port, 8080}], #{
env => #{
dispatch => Dispatch,
oidcc_cowboy_load_userinfo => OidccCowboyOpts,
oidcc_cowboy_introspect_token => OidccCowboyOpts,
oidcc_cowboy_validate_jwt_token => OidccCowboyOpts,
},
middlewares => [
oidcc_cowboy_extract_authorization,
oidcc_cowboy_load_userinfo, %% Check Token via Userinfo
oidcc_cowboy_introspect_token, %% Check Token via Introspection
oidcc_cowboy_validate_jwt_token, %% Check Token via JWT validation
cowboy_router,
cowboy_handler
]
}),
api_client_sup:start_link().
stop(_) ->
ok.