View Source oidcc_cowboy_load_userinfo (oidcc_cowboy v2.0.0)
Validate extracted authorization token using userinfo retrieval.
See: https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
This middleware should be used together with oidcc_cowboy_extract_authorization.
This middleware will send a userinfo request for ever request. To avoid this, provide a cache to opts().
Usage
OidccCowboyOpts = #{
provider => openid_confi_provider_name,
client_id => <<"client_id">>,
client_secret => <<"client_secret">>
},
Dispatch = cowboy_router:compile([
{'_', [
%% ...
]}
]),
{ok, _} = cowboy:start_clear(http, [{port, 8080}], #{
middlewares => [
oidcc_cowboy_extract_authorization,
oidcc_cowboy_load_userinfo,
cowboy_router,
cowboy_handler
],
env => #{
dispatch => Dispatch,
oidcc_cowboy_load_userinfo => OidccCowboyOpts
}
})Summary
Types
Link to this type
opts/0
View Source (since 2.0.0 -------------------------------------------------------------------)-type opts() :: #{provider := gen_server:server_ref(), client_id := binary(), client_secret := binary(), userinfo_retrieve_opts => oidcc_userinfo:retrieve_opts(), cache => oidcc_cowboy_cache:t(), send_inactive_token_response => fun((Req :: cowboy_req:req(), Env :: cowboy_middleware:env()) -> {ok, cowboy_req:req(), cowboy_middleware:env()} | {stop, cowboy_req:req()})}.
Options for the middleware
Options
provider- name of theoidcc_provider_configuration_workerclient_id- OAuth Client ID to use for the userinfo retrievalclient_secret- OAuth Client Secret to use for the userinfo retrievaluserinfo_retrieve_opts- Options to pass to userinfo loadingsend_inactive_token_response- Customize Error Response for inactive tokencache- Cache userinfo response - Seeoidcc_cowboy_cache