apiac_auth_bearer v2.0.0

APIacAuthBearer.Validator.Introspect (apiac_auth_bearer v2.0.0) View Source

An implementation of client Bearer validation conforming to RFC7662

This validator accepts the following options:

  • :client_config [Mandatory]: a ( -> %{required(String.t()) => any()}) function that returns the OAuth2 / OpenID Connect client configuration of the current resource server. This is used for client authentication using TeslaOAuth2ClientAuth. For instance, a client using the "client_secret_basic" authentication scheme should return:

    %{
  "client_id": "some_client_id",
  "client_secret": "TGcGGFGhjYpi5J5bZ3nggG4L9cM",
  "token_endpoint_auth_method": "client_secret_basic" # default, can be removed
}

  • issuer [Mandatory]: an OAuth2 issuer whose metadata will be resolved by OAuth2MetadataUpdater

  • :oauth2_metadata_updater_opts: options that will be passed to Oauth2MetadataUpdater

  • :server_metadata: server metadata that takes precedence over those automatically retrieve from the server (requested from the issuer). Usefull when the OP does not support OAuth2 metadata or OpenID Connect discovery, or to override one or more parameters

  • :tesla_auth_middleware_opts: additional Keyword.t() options to be passed as options to the TeslaOAuth2ClientAuth authentication middleware

  • :tesla_middlewares: Tesla middlewares added to outbound request to the token endpoint)