Assent v0.1.11 Assent.Strategy.OAuth2 View Source

OAuth 2.0 strategy.

This strategy only supports the Authorization Code flow per RFC 6749.

authorize_url/1 returns a map with a :url and :session_params key. The :session_params should be stored and passed back into callback/3 as part of config when the user returns. The :session_params carries a :state value for the request to prevent CSRF.

This library also supports JWT tokens for client authentication as per RFC 7523.


  • :client_id - The OAuth2 client id, required

  • :site - The domain of the OAuth2 server, required

  • :auth_method - The authentication strategy used, optional. If not set, no authentication will be used during the access token request. The value may be one of the following:

    • :client_secret_basic - Authenticate with basic authorization header
    • :client_secret_post - Authenticate with post params
    • :client_secret_jwt - Authenticate with JWT using :client_secret as secret
    • :private_key_jwt - Authenticate with JWT using :private_key_path or :private_key as secret
  • :client_secret - The OAuth2 client secret, required if :auth_method is :client_secret_basic, :client_secret_post, or :client_secret_jwt

  • :private_key_id - The private key ID, required if :auth_method is :private_key_jwt

  • :private_key_path - The path for the private key, required if :auth_method is :private_key_jwt and :private_key hasn't been set

  • :private_key - The private key content that can be defined instead of :private_key_path, required if :auth_method is :private_key_jwt and :private_key_path hasn't been set

  • :jwt_algorithm - The algorithm to use for JWT signing, optional, defaults to HS256 for :client_secret_jwt and RS256 for :private_key_jwt


config =  [
  client_id: "REPLACE_WITH_CLIENT_ID",
  client_secret: "REPLACE_WITH_CLIENT_SECRET",
  auth_method: :client_secret_post,
  site: "",
  authorization_params: [scope: "user:read user:write"],
  user_url: ""

{:ok, {url: url, session_params: session_params}} =
  |> Assent.Config.put(:redirect_uri, "http://localhost:4000/auth/callback")
  |> Assent.Strategy.OAuth2.authorize_url()

{:ok, %{user: user, token: token}} =
  |> Assent.Config.put(:session_params, session_params)
  |> Assent.Strategy.OAuth2.callback(params)

Link to this section Summary


Generate authorization URL for request phase.

Callback phase for generating access token and fetch user data.

Makes a HTTP get request to the API.

Link to this section Functions

Link to this function

authorization_headers(config, token)

View Source
authorization_headers(Assent.Config.t(), map()) :: [{binary(), binary()}]
Link to this function


View Source
authorize_url(Assent.Config.t()) ::
  {:ok, %{session_params: %{state: binary()}, url: binary()}} | {:error, term()}

Generate authorization URL for request phase.


  • :redirect_uri - The URI that the server redirects the user to after authentication, required
  • :authorize_url - The path or URL for the OAuth2 server to redirect users to, defaults to /oauth/authorize
  • :authorization_params - The authorization parameters, defaults to []
Link to this function

callback(config, params, strategy \\ __MODULE__)

View Source
callback(Assent.Config.t(), map(), atom()) ::
  {:ok, %{user: map(), token: map()}} | {:error, term()}

Callback phase for generating access token and fetch user data.


  • :token_url - The path or URL to fetch the token from, optional, defaults to /oauth/token
  • :user_url - The path or URL to fetch user data, required
  • :session_params - The session parameters that was returned from authorize_url/1, optional
Link to this function

get(config, token, url, params \\ [])

View Source
get(Assent.Config.t(), map(), binary(), map() | Keyword.t()) ::
  {:ok, map()} | {:error, term()}

Makes a HTTP get request to the API.

JSON responses will be decoded to maps.

Link to this function

get_user(config, token, params \\ [])

View Source
get_user(Assent.Config.t(), map(), map() | Keyword.t()) ::
  {:ok, map()} | {:error, term()}