View Source oidcc_provider_configuration (Oidcc v3.2.6)
Tooling to load and parse Openid Configuration.
Records
To use the record, import the definition:
-include_lib(["oidcc/include/oidcc_provider_configuration.hrl"]).Telemetry
Summary
Types
Configure configuration loading / parsing.
Allow Specification Non-compliance.
Record containing OpenID and OAuth 2.0 Configuration.
Functions
Decode JSON into a oidcc_provider_configuration:t/0 record.
Load OpenID Configuration into a oidcc_provider_configuration:t/0 record.
Load JWKs into a jose_jwk:key/0 record.
Types
-type error() :: invalid_content_type | {issuer_mismatch, Issuer :: binary()} | oidcc_decode_util:error() | oidcc_http_util:error().
-type opts() :: #{fallback_expiry => timeout(), request_opts => oidcc_http_util:request_opts(), quirks => quirks()}.
Configure configuration loading / parsing.
Parameters
fallback_expiry- How long to keep configuration cached if the server doesn't specify expiry.request_opts- config for HTTP request.
Allow Specification Non-compliance.
Exceptions
allow_unsafe_http- Allow unsafe HTTP. Use this for development providers and never in production.document_overrides- a map to merge with the real OIDD document, in case the OP left out some values.
-type t() :: #oidcc_provider_configuration{issuer :: uri_string:uri_string(), authorization_endpoint :: uri_string:uri_string(), token_endpoint :: uri_string:uri_string() | undefined, userinfo_endpoint :: uri_string:uri_string() | undefined, jwks_uri :: uri_string:uri_string() | undefined, registration_endpoint :: uri_string:uri_string() | undefined, scopes_supported :: [binary()] | undefined, response_types_supported :: [binary()], response_modes_supported :: [binary()], grant_types_supported :: [binary()], acr_values_supported :: [binary()] | undefined, subject_types_supported :: [pairwise | public], id_token_signing_alg_values_supported :: [binary()], id_token_encryption_alg_values_supported :: [binary()] | undefined, id_token_encryption_enc_values_supported :: [binary()] | undefined, userinfo_signing_alg_values_supported :: [binary()] | undefined, userinfo_encryption_alg_values_supported :: [binary()] | undefined, userinfo_encryption_enc_values_supported :: [binary()] | undefined, request_object_signing_alg_values_supported :: [binary()] | undefined, request_object_encryption_alg_values_supported :: [binary()] | undefined, request_object_encryption_enc_values_supported :: [binary()] | undefined, token_endpoint_auth_methods_supported :: [binary()], token_endpoint_auth_signing_alg_values_supported :: [binary()] | undefined, display_values_supported :: [binary()] | undefined, claim_types_supported :: [normal | aggregated | distributed], claims_supported :: [binary()] | undefined, service_documentation :: uri_string:uri_string() | undefined, claims_locales_supported :: [binary()] | undefined, ui_locales_supported :: [binary()] | undefined, claims_parameter_supported :: boolean(), request_parameter_supported :: boolean(), request_uri_parameter_supported :: boolean(), require_request_uri_registration :: boolean(), op_policy_uri :: uri_string:uri_string() | undefined, op_tos_uri :: uri_string:uri_string() | undefined, revocation_endpoint :: uri_string:uri_string() | undefined, revocation_endpoint_auth_methods_supported :: [binary()], revocation_endpoint_auth_signing_alg_values_supported :: [binary()] | undefined, introspection_endpoint :: uri_string:uri_string() | undefined, introspection_endpoint_auth_methods_supported :: [binary()], introspection_endpoint_auth_signing_alg_values_supported :: [binary()] | undefined, code_challenge_methods_supported :: [binary()] | undefined, end_session_endpoint :: uri_string:uri_string() | undefined, require_pushed_authorization_requests :: boolean(), pushed_authorization_request_endpoint :: uri_string:uri_string() | undefined, authorization_signing_alg_values_supported :: [binary()] | undefined, authorization_encryption_alg_values_supported :: [binary()] | undefined, authorization_encryption_enc_values_supported :: [binary()] | undefined, authorization_response_iss_parameter_supported :: boolean(), dpop_signing_alg_values_supported :: [binary()] | undefined, require_signed_request_object :: boolean(), mtls_endpoint_aliases :: #{binary() => uri_string:uri_string()}, extra_fields :: #{binary() => term()}, tls_client_certificate_bound_access_tokens :: boolean()}.
Record containing OpenID and OAuth 2.0 Configuration.
See:
- https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
- https://datatracker.ietf.org/doc/html/draft-jones-oauth-discovery-01#section-4.1
- https://openid.net/specs/openid-connect-rpinitiated-1_0.html#OPMetadata
All unrecognized fields are stored in extra_fields.
Functions
-spec decode_configuration(Configuration, Opts) -> {ok, t()} | {error, error()} when Configuration :: map(), Opts :: opts().
Decode JSON into a oidcc_provider_configuration:t/0 record.
Examples
{ok, {{"HTTP/1.1",200,"OK"}, _Headers, Body}} =
httpc:request("https://accounts.google.com/.well-known/openid-configuration"),
{ok, DecodedJson} = your_json_lib:decode(Body),
{ok, #oidcc_provider_configuration{}} =
oidcc_provider_configuration:decode_configuration(DecodedJson).-spec load_configuration(Issuer) -> {ok, {Configuration :: t(), Expiry :: pos_integer()}} | {error, error()} when Issuer :: uri_string:uri_string().
See load_configuration/2.
-spec load_configuration(Issuer, Opts) -> {ok, {Configuration :: t(), Expiry :: pos_integer()}} | {error, error()} when Issuer :: uri_string:uri_string(), Opts :: opts().
Load OpenID Configuration into a oidcc_provider_configuration:t/0 record.
Examples
{ok, #oidcc_provider_configuration{}} =
oidcc_provider_configuration:load_configuration("https://accounts.google.com").-spec load_jwks(JwksUri, Opts) -> {ok, {Jwks :: jose_jwk:key(), Expiry :: pos_integer()}} | {error, term()} when JwksUri :: uri_string:uri_string(), Opts :: opts().
Load JWKs into a jose_jwk:key/0 record.
Examples
{ok, #jose_jwk{}} =
oidcc_provider_configuration:load_jwks("https://www.googleapis.com/oauth2/v3/certs").