View Source Oidcc.Plug.AuthorizationCallback (Oidcc Plug v0.1.1)

Retrieve Token for Code Flow Authorization Callback

This plug does not send a response. Instead it will load and validate all token data and leave the rest to a controller action that will be executed after.

via-phoenix-router

Via Phoenix.Router

defmodule SampleAppWeb.Router do
  use Phoenix.Router

  # ...

  pipeline :oidcc_callback do
    plug Oidcc.Plug.AuthorizationCallback,
      provider: SampleApp.GoogleOpenIdConfigurationProvider,
      client_id: Application.compile_env!(:sample_app, [Oidcc.Plug.Authorize, :client_id]),
      client_secret: Application.compile_env!(:sample_app, [Oidcc.Plug.Authorize, :client_secret]),
      redirect_uri: "https://localhost:4000/oidcc/callback"
  end

  forward "/oidcc/authorize", to: Oidcc.Plug.Authorize,
    init_opts: [...]

  scope "/oidcc/callback", SampleAppWeb do
    pipe_through :oidcc_callback

    get "/", AuthController, :handle_callback
    post "/", AuthController, :handle_callback
  end
end

via-controller

Via Controller

defmodule SampleAppWeb.AuthController do
  # ...

  plug Oidcc.Plug.AuthorizationCallback,
    provider: SampleApp.GoogleOpenIdConfigurationProvider,
    client_id: Application.compile_env!(:sample_app, [Oidcc.Plug.Authorize, :client_id]),
    client_secret: Application.compile_env!(:sample_app, [Oidcc.Plug.Authorize, :client_secret]),
    redirect_uri: "https://localhost:4000/oidcc/callback"
    when action in [:handle_callback]

  def handle_callback(
    %Plug.Conn{private: %{
      Oidcc.Plug.AuthorizationCallback => {:ok, {token, userinfo}}
    }},
    _params
  ) do
    # Handle Success

    conn
    |> put_session("auth_token", token)
    |> put_session("auth_userinfo", userinfo)
    |> redirect(to: "/")
  end

  def handle_callback(
    %Plug.Conn{private: %{
      Oidcc.Plug.AuthorizationCallback => {:error, reason}}
    },
    _params
  ) do
    # Handle Error

    conn
    |> put_status(400)
    |> render("error.html", reason: reason)
  end
end

Link to this section Summary

Types

Plug Configuration Options

Link to this section Types

@type error() ::
  :oidcc_client_context.error()
  | :oidcc_token.error()
  | :oidcc_userinfo.error()
  | :useragent_mismatch
  | :peer_ip_mismatch
  | {:missing_request_param, param :: String.t()}
@type opts() :: [
  provider: GenServer.name(),
  client_id: String.t() | (-> String.t()),
  client_secret: String.t() | (-> String.t()),
  redirect_uri: String.t() | (-> String.t()),
  check_useragent: boolean(),
  check_peer_ip: boolean(),
  retrieve_userinfo: boolean(),
  request_opts: :oidcc_http_util.request_opts()
]

Plug Configuration Options

options

Options

  • provider - name of the Oidcc.ProviderConfiguration.Worker
  • client_id - OAuth Client ID to use for the introspection
  • client_secret - OAuth Client Secret to use for the introspection
  • redirect_uri - Where to redirect for callback
  • check_useragent - check if useragent is the same as before the authorization request
  • check_peer_ip - check if the client IP is the same as before the authorization request
  • retrieve_userinfo - whether to load userinfo from the provider
  • request_opts - request opts for http calls to provider