Oidcc.Plug.IntrospectToken (Oidcc Plug v0.2.1)
View SourceValidate extracted authorization token using introspection.
See: https://datatracker.ietf.org/doc/html/rfc7662
This module should be used together with Oidcc.Plug.ExtractAuthorization
.
This plug will send an introspection request for every request. To avoid this,
provide a cache
to opts/0
.
defmodule SampleAppWeb.Endpoint do
use Phoenix.Endpoint, otp_app: :sample_app
# ...
plug Oidcc.Plug.ExtractAuthorization
plug Oidcc.Plug.IntrospectToken,
provider: SampleApp.GoogleOpenIdConfigurationProvider,
client_id: Application.compile_env!(:sample_app, [Oidcc.Plug.IntrospectToken, :client_id]),
client_secret: Application.compile_env!(:sample_app, [Oidcc.Plug.IntrospectToken, :client_secret])
plug SampleAppWeb.Router
end
Summary
Types
@type opts() :: [ provider: GenServer.name(), client_id: String.t() | (-> String.t()), client_secret: String.t() | (-> String.t()), token_introspection_opts: :oidcc_token_introspection.opts(), send_inactive_token_response: (conn :: Plug.Conn.t(), introspection :: Oidcc.TokenIntrospection.t() -> Plug.Conn.t()), cache: Oidcc.Plug.Cache.t() ]
Plug Configuration Options
Options
provider
- name of theOidcc.ProviderConfiguration.Worker
client_id
- OAuth Client ID to use for the introspectionclient_secret
- OAuth Client Secret to use for the introspectiontoken_introspection_opts
- Options to pass to the introspectionsend_inactive_token_response
- Customize Error Response for inactive tokencache
- Cache token introspection - SeeOidcc.Plug.Cache