defmodule Boruta.Oauth.ResourceOwners do @moduledoc """ Resource owner context """ alias Boruta.Oauth.ResourceOwner @doc """ Returns a resource owner by (username) or (id). """ @callback get_by([username: String.t()] | [sub: String.t()]) :: {:ok, resource_owner :: ResourceOwner.t()} | {:error, String.t()} @doc """ Determines if given password is valid for the given resource owner. """ @callback check_password(resource_owner :: ResourceOwner.t(), password :: String.t()) :: :ok | {:error, String.t()} @doc """ Returns a list of authorized scopes for a given resource owner. These scopes will be granted is requested for the user. """ @callback authorized_scopes(resource_owner :: ResourceOwner.t()) :: list(Boruta.Oauth.Scope.t()) @doc """ Returns `id_token` identity claims for the given resource owner. Those claims will be present in resulting `id_token` of OpenID Connect flows. """ @callback claims(resource_owner :: ResourceOwner.t(), scope :: String.t()) :: claims :: Boruta.Oauth.IdToken.claims() @optional_callbacks claims: 2 end