View Source oidcc_client_context (Oidcc v3.2.0)
Client Configuration for authorization, token exchange and userinfo
For most projects, it makes sense to use oidcc_provider_configuration_worker and the high-level interface of oidcc. In that case direct usage of this module is not needed.
To use the record, import the definition:
-include_lib(["oidcc/include/oidcc_client_context.hrl"]).Summary
Functions
Apply OpenID Connect / OAuth2 Profiles to the context
Create Client Context from a oidcc_provider_configuration_worker
Create Client Context from a oidcc_provider_configuration_worker
Create Client Context manually
Create Client Context manually
Types
Link to this type
authenticated_opts/0
View Source (since 3.0.0 -------------------------------------------------------------------)-type authenticated_opts() :: #{client_jwks => jose_jwk:key()}.
Link to this type
authenticated_t/0
View Source (since 3.0.0 -------------------------------------------------------------------)-type authenticated_t() :: #oidcc_client_context{provider_configuration :: oidcc_provider_configuration:t(), jwks :: jose_jwk:key(), client_id :: binary(), client_secret :: binary(), client_jwks :: jose_jwk:key() | none}.
Link to this type
error/0
View Source (since 3.0.0 -------------------------------------------------------------------)-type error() :: provider_not_ready.
Link to this type
opts/0
View Source (since 3.0.0 -------------------------------------------------------------------)-type opts() :: authenticated_opts() | unauthenticated_opts().
Link to this type
t/0
View Source (since 3.0.0 -------------------------------------------------------------------)-type t() :: authenticated_t() | unauthenticated_t().
Link to this type
unauthenticated_opts/0
View Source (since 3.0.0 -------------------------------------------------------------------)-type unauthenticated_opts() :: #{}.
Link to this type
unauthenticated_t/0
View Source (since 3.0.0 -------------------------------------------------------------------)-type unauthenticated_t() :: #oidcc_client_context{provider_configuration :: oidcc_provider_configuration:t(), jwks :: jose_jwk:key(), client_id :: binary(), client_secret :: unauthenticated, client_jwks :: none}.
Functions
-spec apply_profiles(ClientContext, oidcc_profile:opts()) -> {ok, ClientContext, oidcc_profile:opts_no_profiles()} | {error, oidcc_profile:error()} when ClientContext :: oidcc_client_context:t().
Apply OpenID Connect / OAuth2 Profiles to the context
Currently, the only supported profiles are: - fapi2_security_profile - https://openid.bitbucket.io/fapi/fapi-2_0-security-profile.html - fapi2_message_signing - https://openid.bitbucket.io/fapi/fapi-2_0-message-signing.html
#oidcc_client_context{} record and a map of options to be merged into the oidcc_authorization` and `oidcc_token` functions. <h2>Examples</h2> ``` ClientContext = #oidcc_client_context{} = oidcc_client_context:from_...(...), {#oidcc_client_context{} = ClientContext1, Opts} = oidcc_client_context:apply_profiles( ClientContext, #{ profiles => [fapi2_message_signing] }), {ok, Uri} = oidcc_authorization:create_redirect_uri( ClientContext1, maps:merge(Opts, #{...}) ).''
Link to this function
from_configuration_worker(ProviderName, ClientId, ClientSecret)
View Source (since 3.0.0)-spec from_configuration_worker(ProviderName, ClientId, ClientSecret) -> {ok, authenticated_t()} | {error, error()} when ProviderName :: gen_server:server_ref(), ClientId :: binary(), ClientSecret :: binary(); (ProviderName, ClientId, ClientSecret) -> {ok, unauthenticated_t()} | {error, error()} when ProviderName :: gen_server:server_ref(), ClientId :: binary(), ClientSecret :: unauthenticated.
Create Client Context from a oidcc_provider_configuration_worker
from_configuration_worker/4
Link to this function
from_configuration_worker(ProviderName, ClientId, ClientSecret, Opts)
View Source (since 3.0.0)-spec from_configuration_worker(ProviderName, ClientId, ClientSecret, Opts) -> {ok, authenticated_t()} | {error, error()} when ProviderName :: gen_server:server_ref(), ClientId :: binary(), ClientSecret :: binary(), Opts :: authenticated_opts(); (ProviderName, ClientId, ClientSecret, Opts) -> {ok, unauthenticated_t()} | {error, error()} when ProviderName :: gen_server:server_ref(), ClientId :: binary(), ClientSecret :: unauthenticated, Opts :: unauthenticated_opts().
Create Client Context from a oidcc_provider_configuration_worker
Examples
{ok, Pid} =
oidcc_provider_configuration_worker:start_link(#{
issuer => <<"https://login.salesforce.com">>
}),
{ok, #oidcc_client_context{}} =
oidcc_client_context:from_configuration_worker(Pid,
<<"client_id">>,
<<"client_secret">>). {ok, Pid} =
oidcc_provider_configuration_worker:start_link(#{
issuer => <<"https://login.salesforce.com">>,
name => {local, salesforce_provider}
}),
{ok, #oidcc_client_context{}} =
oidcc_client_context:from_configuration_worker($
salesforce_provider,
<<"client_id">>,
<<"client_secret">>,
#{client_jwks => jose_jwk:generate_key(16)}
).
Link to this function
from_manual(Configuration, Jwks, ClientId, ClientSecret)
View Source (since 3.0.0)-spec from_manual(Configuration, Jwks, ClientId, ClientSecret) -> authenticated_t() when Configuration :: oidcc_provider_configuration:t(), Jwks :: jose_jwk:key(), ClientId :: binary(), ClientSecret :: binary(); (Configuration, Jwks, ClientId, ClientSecret) -> unauthenticated_t() when Configuration :: oidcc_provider_configuration:t(), Jwks :: jose_jwk:key(), ClientId :: binary(), ClientSecret :: unauthenticated.
Create Client Context manually
Seefrom_manual/5
Link to this function
from_manual(Configuration, Jwks, ClientId, ClientSecret, Opts)
View Source (since 3.0.0)-spec from_manual(Configuration, Jwks, ClientId, ClientSecret, Opts) -> authenticated_t() when Configuration :: oidcc_provider_configuration:t(), Jwks :: jose_jwk:key(), ClientId :: binary(), ClientSecret :: binary(), Opts :: authenticated_opts(); (Configuration, Jwks, ClientId, ClientSecret, Opts) -> unauthenticated_t() when Configuration :: oidcc_provider_configuration:t(), Jwks :: jose_jwk:key(), ClientId :: binary(), ClientSecret :: unauthenticated, Opts :: unauthenticated_opts().
Create Client Context manually
Examples
{ok, Configuration} =
oidcc_provider_configuration:load_configuration(<<"https://login.salesforce.com">>,
[]),
#oidcc_provider_configuration{jwks_uri = JwksUri} = Configuration,
{ok, Jwks} = oidcc_provider_configuration:load_jwks(JwksUri, []).
#oidcc_client_context{} =
oidcc_client_context:from_manual(
Metadata,
Jwks,
<<"client_id">>,
<<"client_secret">>,
#{client_jwks => jose_jwk:generate_key(16)}
).