# `Oidcc.ProviderConfiguration` [🔗](https://github.com/erlef/oidcc/blob/ee3434ddec86c14471af8f8a8f159971e654da3c /lib/oidcc/provider_configuration.ex#L4) Tooling to load and parse Openid Configuration ## Telemetry * `[:oidcc, :load_configuration, :start]` * Description: Emitted at the start of loading the provider configuration * Measurements: `%{system_time: non_neg_integer(), monotonic_time: integer()}` * Metadata: `%{issuer: :uri_string.uri_string()}` * `[:oidcc, :load_configuration, :stop]` * Description: Emitted at the end of loading the provider configuration * Measurements: `%{duration: integer(), monotonic_time: integer()}` * Metadata: `%{issuer: :uri_string.uri_string()}` * `[:oidcc, :load_configuration, :exception]` * Description: Emitted at the end of loading the provider configuration * Measurements: `%{duration: integer(), monotonic_time: integer()}` * Metadata: `%{issuer: :uri_string.uri_string()}` * `[:oidcc, :load_jwks, :start]` * Description: Emitted at the start of loading the provider jwks * Measurements: `%{system_time: non_neg_integer(), monotonic_time: integer()}` * Metadata: `%{jwks_uri: :uri_string.uri_string()}` * `[:oidcc, :load_jwks, :stop]` * Description: Emitted at the end of loading the provider jwks * Measurements: `%{duration: integer(), monotonic_time: integer()}` * Metadata: `%{jwks_uri: :uri_string.uri_string()}` * `[:oidcc, :load_jwks, :exception]` * Description: Emitted at the end of loading the provider jwks * Measurements: `%{duration: integer(), monotonic_time: integer()}` * Metadata: `%{jwks_uri: :uri_string.uri_string()}` # `t` *since 3.0.0* ```elixir @type t() :: %Oidcc.ProviderConfiguration{ acr_values_supported: [String.t()] | :undefined, authorization_encryption_alg_values_supported: [String.t()] | :undefined, authorization_encryption_enc_values_supported: [String.t()] | :undefined, authorization_endpoint: :uri_string.uri_string(), authorization_response_iss_parameter_supported: boolean(), authorization_signing_alg_values_supported: [String.t()] | :undefined, claim_types_supported: [:normal | :aggregated | :distributed], claims_locales_supported: [String.t()] | :undefined, claims_parameter_supported: boolean(), claims_supported: [String.t()] | :undefined, code_challenge_methods_supported: [String.t()] | :undefined, display_values_supported: [String.t()] | :undefined, dpop_signing_alg_values_supported: [String.t()] | :undefined, end_session_endpoint: :uri_string.uri_string() | :undefined, extra_fields: %{required(String.t()) => term()}, grant_types_supported: [String.t()], id_token_encryption_alg_values_supported: [String.t()] | :undefined, id_token_encryption_enc_values_supported: [String.t()] | :undefined, id_token_signing_alg_values_supported: [String.t()], introspection_endpoint: :uri_string.uri_string() | :undefined, introspection_endpoint_auth_methods_supported: [String.t()], introspection_endpoint_auth_signing_alg_values_supported: [String.t()] | :undefined, issuer: :uri_string.uri_string(), issuer_regex: binary() | :undefined, jwks_uri: :uri_string.uri_string() | :undefined, mtls_endpoint_aliases: %{required(binary()) => :uri_string.uri_string()}, op_policy_uri: :uri_string.uri_string() | :undefined, op_tos_uri: :uri_string.uri_string() | :undefined, pushed_authorization_request_endpoint: :uri_string.uri_string() | :undefined, registration_endpoint: :uri_string.uri_string() | :undefined, request_object_encryption_alg_values_supported: [String.t()] | :undefined, request_object_encryption_enc_values_supported: [String.t()] | :undefined, request_object_signing_alg_values_supported: [String.t()] | :undefined, request_parameter_supported: boolean(), request_uri_parameter_supported: boolean(), require_pushed_authorization_requests: boolean(), require_request_uri_registration: boolean(), require_signed_request_object: boolean(), response_modes_supported: [String.t()], response_types_supported: [String.t()], revocation_endpoint: :uri_string.uri_string() | :undefined, revocation_endpoint_auth_methods_supported: [String.t()], revocation_endpoint_auth_signing_alg_values_supported: [String.t()] | :undefined, scopes_supported: [String.t()] | :undefined, service_documentation: :uri_string.uri_string() | :undefined, subject_types_supported: [:pairwise | :public], tls_client_certificate_bound_access_tokens: boolean(), token_endpoint: :uri_string.uri_string() | :undefined, token_endpoint_auth_methods_supported: [String.t()], token_endpoint_auth_signing_alg_values_supported: [String.t()] | :undefined, ui_locales_supported: [String.t()] | :undefined, userinfo_encryption_alg_values_supported: [String.t()] | :undefined, userinfo_encryption_enc_values_supported: [String.t()] | :undefined, userinfo_endpoint: :uri_string.uri_string() | :undefined, userinfo_signing_alg_values_supported: [String.t()] | :undefined } ``` Configuration Struct For details on the fields see: * https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata * https://datatracker.ietf.org/doc/html/draft-jones-oauth-discovery-01#section-4.1 * https://openid.net/specs/openid-connect-rpinitiated-1_0.html#OPMetadata # `decode_configuration` *since 3.0.0* ```elixir @spec decode_configuration( configuration :: map(), opts :: :oidcc_provider_configuration.opts() ) :: {:ok, t()} | {:error, :oidcc_provider_configuration.error()} ``` Decode JSON into OpenID configuration ## Examples iex> {:ok, {{~c"HTTP/1.1",200, ~c"OK"}, _headers, body}} = ...> :httpc.request("https://accounts.google.com/.well-known/openid-configuration") ...> ...> decoded_json = body |> to_string() |> JOSE.decode() ...> ...> {:ok, %ProviderConfiguration{issuer: "https://accounts.google.com"}} = ...> Oidcc.ProviderConfiguration.decode_configuration(decoded_json) # `load_configuration` *since 3.0.0* ```elixir @spec load_configuration( issuer :: :uri_string.uri_string(), opts :: :oidcc_provider_configuration.opts() ) :: {:ok, {configuration :: t(), expiry :: pos_integer()}} | {:error, :oidcc_provider_configuration.error()} ``` Load OpenID Configuration ## Examples iex> {:ok, { ...> %ProviderConfiguration{issuer: "https://accounts.google.com"}, ...> _expiry ...> }} = Oidcc.ProviderConfiguration.load_configuration("https://accounts.google.com") # `load_jwks` *since 3.0.0* ```elixir @spec load_jwks( jwks_uri :: :uri_string.uri_string(), opts :: :oidcc_provider_configuration.opts() ) :: {:ok, {jwks :: JOSE.JWK.t(), expiry :: pos_integer()}} | {:error, :oidcc_provider_configuration.error()} ``` Load JWKs ## Examples iex> {:ok, {%JOSE.JWK{}, _expiry}} = ...> Oidcc.ProviderConfiguration.load_jwks("https://www.googleapis.com/oauth2/v3/certs") --- *Consult [api-reference.md](api-reference.md) for complete listing*