# `oidcc_authorization`
[🔗](https://github.com/erlef/oidcc/blob/ee3434ddec86c14471af8f8a8f159971e654da3c
/src/oidcc_authorization.erl#L4)

Functions to start an OpenID Connect Authorization

# `error`
*since 3.0.0* 

```elixir
-type error() ::
          {grant_type_not_supported, authorization_code} |
          par_required | request_object_required | pkce_verifier_required | purpose_required |
          no_supported_code_challenge |
          oidcc_http_util:error().
```

# `opts`
*since 3.0.0* 

```elixir
-type opts() ::
          #{scopes => oidcc_scope:scopes(),
            state => binary(),
            nonce => binary(),
            pkce_verifier => binary(),
            require_pkce => boolean(),
            purpose => binary(),
            require_purpose => boolean(),
            redirect_uri => uri_string:uri_string(),
            url_extension => oidcc_http_util:query_params(),
            response_mode => binary()}.
```

Configure authorization redirect URL.

See https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest.

## Parameters

* `scopes` - list of scopes to request (defaults to `[<<"openid">>]`)
* `state` - state to pass to the provider
* `nonce` - nonce to pass to the provider
* `purpose` - purpose of the authorization request, see [https://cdn.connectid.com.au/specifications/oauth2-purpose-01.html]
* `require_purpose` - whether to require a `purpose` value
* `pkce_verifier` - PKCE verifier (random string), see [https://datatracker.ietf.org/doc/html/rfc7636#section-4.1]
* `require_pkce` - whether to require PKCE when getting the token
* `redirect_uri` - redirect target after authorization is completed
* `url_extension` - add custom query parameters to the authorization URL
* `response_mode` - response mode to use (defaults to `<<"query">>`)

# `create_redirect_url`
*since 3.0.0* 

```elixir
-spec create_redirect_url(ClientContext, Opts) -> {ok, Uri} | {error, error()}
                             when
                                 ClientContext :: oidcc_client_context:t(),
                                 Opts :: opts(),
                                 Uri :: uri_string:uri_string().
```

Create Auth Redirect URL.

For a high level interface using `m:oidcc_provider_configuration_worker`
see `oidcc:create_redirect_url/4`.

## Examples

```erlang
{ok, ClientContext} =
    oidcc_client_context:from_configuration_worker(provider_name,
                                                   <<"client_id">>,
                                                   <<"client_secret">>),

{ok, RedirectUri} =
    oidcc_authorization:create_redirect_url(ClientContext,
                                            #{redirect_uri: <<"https://my.server/return">}),

%% RedirectUri = https://my.provider/auth?scope=openid&response_type=code&client_id=client_id&redirect_uri=https%3A%2F%2Fmy.server%2Freturn
```

---

*Consult [api-reference.md](api-reference.md) for complete listing*