View Source AshAuthentication.Strategy.Oidc (ash_authentication v4.2.5)
Strategy for authentication using an OpenID Connect compatible server as the source of truth.
This strategy builds on-top of AshAuthentication.Strategy.OAuth2
and
assent
.
In order to use OIDC you need to provide the following minimum configuration:
client_id
- The client id, requiredsite
- The OIDC issuer, requiredopenid_configuration_uri
- The URI for OpenID Provider, optional, defaults to/.well-known/openid-configuration
client_authentication_method
- The Client Authentication method to use, optional, defaults toclient_secret_basic
client_secret
- The client secret, required if:client_authentication_method
is:client_secret_basic
,:client_secret_post
, or:client_secret_jwt
openid_configuration
- The OpenID configuration, optional, the configuration will be fetched from:openid_configuration_uri
if this is not definedid_token_signed_response_alg
- Theid_token_signed_response_alg
parameter sent by the Client during Registration, defaults toRS256
id_token_ttl_seconds
- The number of seconds fromiat
that an ID Token will be considered valid, optional, defaults to nilnonce
- The nonce to use for authorization request, optional, MUST be session based and unguessable.
Nonce
nonce
can be set in the provider config. The nonce
will be returned in the
session_params
along with state
. You can use this to store the value in
the current session e.g. a httpOnly session cookie.
A random value generator can look like this:
16
|> :crypto.strong_rand_bytes()
|> Base.encode64(padding: false)
AshAuthentication will dynamically generate one for the session if nonce
is
set to true
.
More documentation:
Summary
Functions
Callback implementation for AshAuthentication.Strategy.Custom.transform/2
.
Callback implementation for AshAuthentication.Strategy.Custom.verify/2
.
Functions
Callback implementation for AshAuthentication.Strategy.Custom.transform/2
.
Callback implementation for AshAuthentication.Strategy.Custom.verify/2
.