View Source Assent.Strategy.OAuth2 (Assent v0.2.9)
OAuth 2.0 strategy.
This strategy only supports the Authorization Code flow per RFC 6749.
authorize_url/1 returns a map with a :url and :session_params key. The
:session_params should be stored and passed back into callback/3 as part
of config when the user returns. The :session_params carries a :state
value for the request to prevent
CSRF.
This library also supports JWT tokens for client authentication as per RFC 7523.
Configuration
:client_id- The OAuth2 client id, required:base_url- The base URL of the OAuth2 server, required:auth_method- The authentication strategy used, optional. If not set, no authentication will be used during the access token request. The value may be one of the following::client_secret_basic- Authenticate with basic authorization header:client_secret_post- Authenticate with post params:client_secret_jwt- Authenticate with JWT using:client_secretas secret:private_key_jwt- Authenticate with JWT using:private_key_pathor:private_keyas secret
:client_secret- The OAuth2 client secret, required if:auth_methodis:client_secret_basic,:client_secret_post, or:client_secret_jwt:private_key_id- The private key ID, required if:auth_methodis:private_key_jwt:private_key_path- The path for the private key, required if:auth_methodis:private_key_jwtand:private_keyhasn't been set:private_key- The private key content that can be defined instead of:private_key_path, required if:auth_methodis:private_key_jwtand:private_key_pathhasn't been set:jwt_algorithm- The algorithm to use for JWT signing, optional, defaults toHS256for:client_secret_jwtandRS256for:private_key_jwt
Usage
config = [
client_id: "REPLACE_WITH_CLIENT_ID",
client_secret: "REPLACE_WITH_CLIENT_SECRET",
auth_method: :client_secret_post,
base_url: "https://auth.example.com",
authorization_params: [scope: "user:read user:write"],
user_url: "https://example.com/api/user"
]
{:ok, %{url: url, session_params: session_params}} =
config
|> Assent.Config.put(:redirect_uri, "http://localhost:4000/auth/callback")
|> Assent.Strategy.OAuth2.authorize_url()
{:ok, %{user: user, token: token}} =
config
|> Assent.Config.put(:redirect_uri, "http://localhost:4000/auth/callback")
|> Assent.Config.put(:session_params, session_params)
|> Assent.Strategy.OAuth2.callback(params)Summary
Functions
Generate authorization URL for request phase.
Callback phase for generating access token with authorization code and fetch
user data. Returns a map with access token in :token and user data in
:user.
Fetch user data with the access token.
Grants an access token.
Refreshes the access token.
Performs a HTTP request to the API using the access token.
Functions
@spec authorize_url(Assent.Config.t()) :: {:ok, %{session_params: %{state: binary()}, url: binary()}} | {:error, term()}
Generate authorization URL for request phase.
Configuration
:redirect_uri- The URI that the server redirects the user to after authentication, required:authorize_url- The path or URL for the OAuth2 server to redirect users to, defaults to/oauth/authorize:authorization_params- The authorization parameters, defaults to[]
@spec callback(Assent.Config.t(), map(), atom()) :: {:ok, %{user: map(), token: map()}} | {:error, term()}
Callback phase for generating access token with authorization code and fetch
user data. Returns a map with access token in :token and user data in
:user.
Configuration
:token_url- The path or URL to fetch the token from, optional, defaults to/oauth/token:user_url- The path or URL to fetch user data, required:session_params- The session parameters that was returned fromauthorize_url/1, optional
@spec fetch_user(Assent.Config.t(), map(), map() | Keyword.t(), [{binary(), binary()}]) :: {:ok, map()} | {:error, term()}
Fetch user data with the access token.
Uses request/6 to fetch the user data.
@spec grant_access_token(Assent.Config.t(), binary(), Keyword.t()) :: {:ok, map()} | {:error, term()}
Grants an access token.
@spec refresh_access_token(Assent.Config.t(), map(), Keyword.t()) :: {:ok, map()} | {:error, term()}
Refreshes the access token.
@spec request(Assent.Config.t(), map(), atom(), binary(), map() | Keyword.t(), [ {binary(), binary()} ]) :: {:ok, map()} | {:error, term()}
Performs a HTTP request to the API using the access token.