This task will help creation of a basic OAuth/OpenID Connect server by providing needed phoenix controllers, views and templates to expose OAuth endpoints.

Controllers are unit tested using Mox, you'll need to add that dependency in order to run them (see below).

Examples

mix boruta.gen.controllers

Post installation steps

• You can add OAuth routes in web application router as follow to expose controller actions

scope "/oauth", MyAppWeb.Oauth do
  pipe_through :api

  post "/revoke", RevokeController, :revoke
  post "/token", TokenController, :token
  post "/introspect", IntrospectController, :introspect
end

scope "/openid", MyAppWeb.Openid do
  pipe_through [:api]

  get "/userinfo", UserinfoController, :userinfo
  post "/userinfo", UserinfoController, :userinfo
  get "/jwks", JwksController, :jwks_index
end

####

scope "/oauth", MyAppWeb.Oauth do
  pipe_through [:browser, :fetch_current_user]

  get "/authorize", AuthorizeController, :authorize
end

## OR

scope "/openid", MyAppWeb.Openid do
  pipe_through [:browser, :fetch_current_user]

  get "/authorize", AuthorizeController, :authorize
end

Testing

• Add mox dependency in order to run controller unit tests

{:mox, "~> 0.5", only: :test}

• Add following in config/test.exs

config :myapp, :oauth_module, Boruta.OauthMock
config :myapp, :openid_module, Boruta.OpenidMock

• Add following in test/test_helper.exs

Mox.defmock(Boruta.OauthMock, for: Boruta.OauthModule)
Mox.defmock(Boruta.OpenidMock, for: Boruta.OpenidModule)

User flows

All flows involving resource owners need its integration guided by Boruta.Oauth.ResourceOwners behaviour. For authorize endpoint, you'll need to assign current_user with a plug and setup login redirections which, with raw setup, raise an error where it is required.