View Source Oidcc.Plug.IntrospectToken (Oidcc Plug v0.1.1)

Validate extracted authorization token using introspection.

See: https://datatracker.ietf.org/doc/html/rfc7662

This module should be used together with Oidcc.Plug.ExtractAuthorization.

This plug will send an introspection request for every request. To avoid this, provide a cache to opts/0.

defmodule SampleAppWeb.Endpoint do
  use Phoenix.Endpoint, otp_app: :sample_app

  # ...

  plug Oidcc.Plug.ExtractAuthorization

  plug Oidcc.Plug.IntrospectToken,
    provider: SampleApp.GoogleOpenIdConfigurationProvider,
    client_id: Application.compile_env!(:sample_app, [Oidcc.Plug.IntrospectToken, :client_id]),
    client_secret: Application.compile_env!(:sample_app, [Oidcc.Plug.IntrospectToken, :client_secret])

  plug SampleAppWeb.Router
end

Link to this section Summary

Types

Plug Configuration Options

Link to this section Types

@type opts() :: [
  provider: GenServer.name(),
  client_id: String.t() | (-> String.t()),
  client_secret: String.t() | (-> String.t()),
  token_introspection_opts: :oidcc_token_introspection.opts(),
  send_inactive_token_response:
    (conn :: Plug.Conn.t(), introspection :: Oidcc.TokenIntrospection.t() ->
       Plug.Conn.t()),
  cache: Oidcc.Plug.Cache.t()
]

Plug Configuration Options

options

Options

  • provider - name of the Oidcc.ProviderConfiguration.Worker
  • client_id - OAuth Client ID to use for the introspection
  • client_secret - OAuth Client Secret to use for the introspection
  • token_introspection_opts - Options to pass to the introspection
  • send_inactive_token_response - Customize Error Response for inactive token
  • cache - Cache token introspection - See Oidcc.Plug.Cache