Oidcc.Plug.IntrospectToken (Oidcc Plug v0.3.1)

View Source

Validate extracted authorization token using introspection.

See: https://datatracker.ietf.org/doc/html/rfc7662

This module should be used together with Oidcc.Plug.ExtractAuthorization.

This plug will send an introspection request for every request. To avoid this, provide a cache to opts/0.

defmodule SampleAppWeb.Endpoint do
  use Phoenix.Endpoint, otp_app: :sample_app

  # ...

  plug Oidcc.Plug.ExtractAuthorization

  plug Oidcc.Plug.IntrospectToken,
    provider: SampleApp.GoogleOpenIdConfigurationProvider,
    client_id: Application.compile_env!(:sample_app, [Oidcc.Plug.IntrospectToken, :client_id]),
    client_secret: Application.compile_env!(:sample_app, [Oidcc.Plug.IntrospectToken, :client_secret])

  plug SampleAppWeb.Router
end

Summary

Types

Plug Configuration Options

Types

opts()

(since 0.1.0)
@type opts() :: [
  provider: GenServer.name(),
  client_id: String.t() | (-> String.t()),
  client_secret: String.t() | (-> String.t()),
  token_introspection_opts: :oidcc_token_introspection.opts(),
  send_inactive_token_response: (conn :: Plug.Conn.t(),
                                 introspection :: Oidcc.TokenIntrospection.t() ->
                                   Plug.Conn.t()),
  cache: Oidcc.Plug.Cache.t()
]

Plug Configuration Options

Options

  • provider - name of the Oidcc.ProviderConfiguration.Worker
  • client_id - OAuth Client ID to use for the introspection
  • client_secret - OAuth Client Secret to use for the introspection
  • token_introspection_opts - Options to pass to the introspection
  • send_inactive_token_response - Customize Error Response for inactive token
  • cache - Cache token introspection - See Oidcc.Plug.Cache
  • client_store - A module name that implements the Oidcc.Plug.ClientStore behaviour to fetch the client context from a store instead of using the provider, client_id and client_secret directly. This is useful for storing the client context in a database or other persistent storage.