Ueberauth HPID v1.0.2 Ueberauth.Strategy.HPID View Source

Provides an Ueberauth strategy for authenticating with HP ID.

Setup

Include the provider in your configuration for Ueberauth

config :ueberauth, Ueberauth,
  providers: [
    hpid: { Ueberauth.Strategy.HPID, [] }
  ]

Then include the configuration for HP ID.

config :ueberauth, Ueberauth.Strategy.HPID.OAuth,
  client_id: System.get_env("HPID_CLIENT_ID"),
  client_secret: System.get_env("HPID_CLIENT_SECRET"),
  use_stage: True,
  redirect_uri: "https://example.com/auth/hpid/callback"

The use_stage and redirect_uri are optional configurations:

- use_stage :: boolean() ->  Enable / Disable the HP ID Staging server. Defaults to false
- redirect_uri :: String.t() -> Allows overriding the callback url. This is useful for runtime configuration.

If you haven’t already, create a pipeline and setup routes for your callback handler

pipeline :auth do
  Ueberauth.plug "/auth"
end

scope "/auth" do
  pipe_through [:browser, :auth]

  get "/:provider/callback", AuthController, :callback
end

Create an endpoint for the callback where you will handle the Ueberauth.Auth struct

defmodule MyApp.AuthController do
  use MyApp.Web, :controller

  def callback_phase(%{ assigns: %{ ueberauth_failure: fails } } = conn, _params) do
    # do things with the failure
  end

  def callback_phase(%{ assigns: %{ ueberauth_auth: auth } } = conn, params) do
    # do things with the auth
  end
end

You can edit the behaviour of the Strategy by including some options when you register your provider.

To set the default ‘scopes’ (permissions):

config :ueberauth, Ueberauth,
  providers: [
    hpid: { Ueberauth.Strategy.HPID, [default_scope: "openid+profile+email"] }
  ]

Default is empty (“openid+profile+email”) which “Grants read-only access to profile information”

Link to this section Summary

Functions

Verify the access token with HP ID. It is especially important to verify the aud matches our client_id

Includes the credentials from the HP ID response

Stores the raw information (including the token) obtained from the HP ID callback

Cleans up the private area of the connection used for passing the raw HP ID response around during the callback

Handles the initial redirect to the HP ID authentication page

Fetches the fields to populate the info section of the Ueberauth.Auth struct

Load the dynamic configuration for the redirect_uri or fallback to Ueberauth’s callback_url

Fetches the uid field from the HP ID response. This defaults to the option uid_field which in-turn defaults to id

Link to this section Functions

Link to this function check_access_token(conn, token) View Source

Verify the access token with HP ID. It is especially important to verify the aud matches our client_id

Includes the credentials from the HP ID response.

Stores the raw information (including the token) obtained from the HP ID callback.

Cleans up the private area of the connection used for passing the raw HP ID response around during the callback.

Handles the initial redirect to the HP ID authentication page.

To customize the scope (permissions) that are requested by hpid include them as part of your url:

"/auth/hpid?scope=openid+profile+email"

You can also include a state param that hpid will return to you.

Fetches the fields to populate the info section of the Ueberauth.Auth struct.

Load the dynamic configuration for the redirect_uri or fallback to Ueberauth’s callback_url.

Fetches the uid field from the HP ID response. This defaults to the option uid_field which in-turn defaults to id