View Source oidcc_client_registration (Oidcc v3.2.6)

Dynamic Client Registration Utilities.

See https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata.

Records

To use the record, import the definition:

-include_lib(["oidcc/include/oidcc_client_registration.hrl"]).

Telemetry

See Oidcc.ClientRegistration.

Summary

Types

error()

opts()

Configure configuration loading / parsing.

response()

Record containing Client Registration Response.

t()

Record containing Client Registration Metadata.

Functions

Types

error()

(since 3.0.0)

-type error() ::
          registration_not_supported | invalid_content_type |
          oidcc_decode_util:error() |
          oidcc_http_util:error().

opts()

(since 3.0.0)

-type opts() ::
          #{initial_access_token => binary() | undefined,
            request_opts => oidcc_http_util:request_opts()}.

Configure configuration loading / parsing.

Parameters

initial_access_token - Access Token for registration
request_opts - config for HTTP request

response()

(since 3.0.0)

-type response() ::
          #oidcc_client_registration_response{client_id :: erlang:binary(),
                                              client_secret :: binary() | undefined,
                                              registration_access_token :: binary() | undefined,
                                              registration_client_uri ::
                                                  uri_string:uri_string() | undefined,
                                              client_id_issued_at :: pos_integer() | undefined,
                                              client_secret_expires_at :: pos_integer() | undefined,
                                              extra_fields :: #{binary() => term()}}.

Record containing Client Registration Response.

See https://openid.net/specs/openid-connect-registration-1_0.html#RegistrationResponse.

All unrecognized fields are stored in extra_fields.

t()

(since 3.0.0)

-type t() ::
          #oidcc_client_registration{redirect_uris :: [uri_string:uri_string()],
                                     response_types :: [binary()] | undefined,
                                     grant_types :: [binary()] | undefined,
                                     application_type :: web | native,
                                     contacts :: [binary()] | undefined,
                                     client_name :: binary() | undefined,
                                     logo_uri :: uri_string:uri_string() | undefined,
                                     client_uri :: uri_string:uri_string() | undefined,
                                     policy_uri :: uri_string:uri_string() | undefined,
                                     tos_uri :: uri_string:uri_string() | undefined,
                                     jwks :: jose_jwk:key() | undefined,
                                     jwks_uri :: uri_string:uri_string() | undefined,
                                     sector_identifier_uri :: uri_string:uri_string() | undefined,
                                     subject_type :: pairwise | public | undefined,
                                     id_token_signed_response_alg :: binary() | undefined,
                                     id_token_encrypted_response_alg :: binary() | undefined,
                                     id_token_encrypted_response_enc :: binary() | undefined,
                                     userinfo_signed_response_alg :: binary() | undefined,
                                     userinfo_encrypted_response_alg :: binary() | undefined,
                                     userinfo_encrypted_response_enc :: binary() | undefined,
                                     request_object_signing_alg :: binary() | undefined,
                                     request_object_encryption_alg :: binary() | undefined,
                                     request_object_encryption_enc :: binary() | undefined,
                                     token_endpoint_auth_method :: erlang:binary(),
                                     token_endpoint_auth_signing_alg :: binary() | undefined,
                                     default_max_age :: pos_integer() | undefined,
                                     require_auth_time :: boolean(),
                                     default_acr_values :: [binary()] | undefined,
                                     initiate_login_uri :: uri_string:uri_string() | undefined,
                                     request_uris :: [uri_string:uri_string()] | undefined,
                                     post_logout_redirect_uris :: [uri_string:uri_string()] | undefined,
                                     require_pushed_authorization_requests :: boolean(),
                                     dpop_bound_access_tokens :: boolean(),
                                     extra_fields :: #{binary() => term()}}.

Record containing Client Registration Metadata.

See https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata and https://openid.net/specs/openid-connect-rpinitiated-1_0.html#ClientMetadata.

All unrecognized fields are stored in extra_fields.

Functions

register(ProviderConfiguration, Registration, Opts)

(since 3.0.0)

-spec register(ProviderConfiguration, Registration, Opts) -> {ok, response()} | {error, error()}
                  when
                      ProviderConfiguration :: oidcc_provider_configuration:t(),
                      Registration :: t(),
                      Opts :: opts().

Examples

{ok, ProviderConfiguration} =
  oidcc_provider_configuration:load_configuration("https://your.issuer"),

{ok, #oidcc_client_registration_response{
  client_id = ClientId,
  client_secret = ClientSecret
}} =
  oidcc_client_registration:register(
    ProviderConfiguration,
    #oidcc_client_registration{
      redirect_uris = ["https://your.application.com/oidcc/callback"]
    },
    #{initial_access_token => <<"optional token you got from the provider">>}
  ).