AshAuthentication.Phoenix.Oauth2Server.Router (ash_authentication_oauth2_server v0.1.0)

Phoenix router macros for mounting the OAuth 2.1 authorization server.

use this module inside your router to gain access to oauth2_server_consent_routes/1 (browser-facing, user consent) and oauth2_server_protocol_routes/1 (client-facing protocol endpoints).

Example

defmodule MyAppWeb.Router do
  use Phoenix.Router
  use AshAuthentication.Phoenix.Oauth2Server.Router

  scope "/" do
    pipe_through :browser
    oauth2_server_consent_routes oauth2_server: MyApp.Oauth2Server
  end

  scope "/" do
    pipe_through :api
    oauth2_server_protocol_routes oauth2_server: MyApp.Oauth2Server
  end
end

The two macros forward to:

AshAuthentication.Phoenix.Oauth2Server.ConsentRouter — handles /oauth/authorize (the user-driven consent step).
AshAuthentication.Phoenix.Oauth2Server.ProtocolRouter — handles /oauth/register, /oauth/token, /oauth/revoke, and the three metadata documents under /.well-known.

Summary

Functions

oauth2_server_consent_routes(opts \\ [])

Generate the routes for the user-driven consent step of an OAuth 2.1 authorization-server flow.

oauth2_server_protocol_routes(opts \\ [])

Generate the routes for the client-facing OAuth 2.1 protocol endpoints — discovery, dynamic client registration, token, and revocation.

Functions

oauth2_server_consent_routes(opts \\ [])

(macro)

Generate the routes for the user-driven consent step of an OAuth 2.1 authorization-server flow.

Mount this inside a scope that pipes through your browser pipeline (with :protect_from_forgery and session loading) — both the consent GET and POST need a logged-in user and CSRF protection.

Example

scope "/" do
  pipe_through :browser
  oauth2_server_consent_routes oauth2_server: MyApp.Oauth2Server
end

Options

:oauth2_server (required) — your Oauth2Server config module.
:path — base path. Defaults to /oauth/authorize.
:consent_view — module exposing render(:consent, assigns). Defaults to AshAuthentication.Phoenix.Oauth2Server.ConsentView.

oauth2_server_protocol_routes(opts \\ [])

(macro)

Generate the routes for the client-facing OAuth 2.1 protocol endpoints — discovery, dynamic client registration, token, and revocation.

Mount this inside a scope that pipes through your API pipeline. These endpoints are called by external OAuth clients without a browser session, so CSRF must NOT apply.

Example

scope "/" do
  pipe_through :api
  oauth2_server_protocol_routes oauth2_server: MyApp.Oauth2Server
end

Options

:oauth2_server (required) — your Oauth2Server config module.
:oauth_path — prefix for /token, /register, etc. Defaults to /oauth.
:well_known_path — prefix for /oauth-authorization-server, /oauth-protected-resource, /openid-configuration. Defaults to /.well-known.