View Source oidcc_provider_configuration_worker (Oidcc v3.2.0)
OIDC Config Provider Worker
Loads and continuously refreshes the OIDC configuration and JWKs
The worker supports reading values concurrently via an ets table. To use this performance improvement, the worker has to be registered with a{local, Name}. No name / {global, Name} and {via, RegModule, ViaName} are not supported.
Summary
Functions
Get Parsed Jwks
Get Configuration
Refresh Configuration
Refresh JWKs
Refresh JWKs if the provided Kid is not matching any currently loaded keys
Start Configuration Provider
Types
Link to this type
opts/0
View Source (since 3.0.0 -------------------------------------------------------------------)-type opts() :: #{name => gen_server:server_name(), issuer := uri_string:uri_string(), provider_configuration_opts => oidcc_provider_configuration:opts(), backoff_min => oidcc_backoff:min(), backoff_max => oidcc_backoff:max(), backoff_type => oidcc_backoff:type()}.
Configuration Options
name- The gen_server name of the provider.issuer- The issuer URI.provider_configuration_opts- Options for the provider configuration fetching.backoff_min- The minimum backoff interval in ms (default:1_000`)</li> <li>`backoff_max- The maximum backoff interval in ms (default:30_000`)</li> <li>`backoff_type- The backoff strategy,stopfor no backoff and to stop,exponentialfor exponential,randomfor random andrandom_exponentialfor random exponential (default:stop)
Link to this type
state/0
View Source (since 3.0.0 -------------------------------------------------------------------)-type state() :: #state{provider_configuration :: #oidcc_provider_configuration{issuer :: uri_string:uri_string(), authorization_endpoint :: uri_string:uri_string(), token_endpoint :: uri_string:uri_string() | undefined, userinfo_endpoint :: uri_string:uri_string() | undefined, jwks_uri :: uri_string:uri_string() | undefined, registration_endpoint :: uri_string:uri_string() | undefined, scopes_supported :: [binary()] | undefined, response_types_supported :: [binary()], response_modes_supported :: [binary()], grant_types_supported :: [binary()], acr_values_supported :: [binary()] | undefined, subject_types_supported :: [pairwise | public], id_token_signing_alg_values_supported :: [binary()], id_token_encryption_alg_values_supported :: [binary()] | undefined, id_token_encryption_enc_values_supported :: [binary()] | undefined, userinfo_signing_alg_values_supported :: [binary()] | undefined, userinfo_encryption_alg_values_supported :: [binary()] | undefined, userinfo_encryption_enc_values_supported :: [binary()] | undefined, request_object_signing_alg_values_supported :: [binary()] | undefined, request_object_encryption_alg_values_supported :: [binary()] | undefined, request_object_encryption_enc_values_supported :: [binary()] | undefined, token_endpoint_auth_methods_supported :: [binary()], token_endpoint_auth_signing_alg_values_supported :: [binary()] | undefined, display_values_supported :: [binary()] | undefined, claim_types_supported :: [normal | aggregated | distributed], claims_supported :: [binary()] | undefined, service_documentation :: uri_string:uri_string() | undefined, claims_locales_supported :: [binary()] | undefined, ui_locales_supported :: [binary()] | undefined, claims_parameter_supported :: boolean(), request_parameter_supported :: boolean(), request_uri_parameter_supported :: boolean(), require_request_uri_registration :: boolean(), op_policy_uri :: uri_string:uri_string() | undefined, op_tos_uri :: uri_string:uri_string() | undefined, revocation_endpoint :: uri_string:uri_string() | undefined, revocation_endpoint_auth_methods_supported :: [binary()], revocation_endpoint_auth_signing_alg_values_supported :: [binary()] | undefined, introspection_endpoint :: uri_string:uri_string() | undefined, introspection_endpoint_auth_methods_supported :: [binary()], introspection_endpoint_auth_signing_alg_values_supported :: [binary()] | undefined, code_challenge_methods_supported :: [binary()] | undefined, end_session_endpoint :: uri_string:uri_string() | undefined, require_pushed_authorization_requests :: boolean(), pushed_authorization_request_endpoint :: uri_string:uri_string() | undefined, authorization_signing_alg_values_supported :: [binary()] | undefined, authorization_encryption_alg_values_supported :: [binary()] | undefined, authorization_encryption_enc_values_supported :: [binary()] | undefined, authorization_response_iss_parameter_supported :: boolean(), dpop_signing_alg_values_supported :: [binary()] | undefined, require_signed_request_object :: boolean(), mtls_endpoint_aliases :: #{binary() => uri_string:uri_string()}, tls_client_certificate_bound_access_tokens :: boolean(), extra_fields :: #{binary() => term()}} | undefined, jwks :: jose_jwk:key() | undefined, issuer :: uri_string:uri_string(), provider_configuration_opts :: oidcc_provider_configuration:opts(), configuration_refresh_timer :: timer:tref() | undefined, jwks_refresh_timer :: timer:tref() | undefined, ets_table :: ets:table() | undefined, backoff_min :: oidcc_backoff:min(), backoff_max :: oidcc_backoff:max(), backoff_type :: oidcc_backoff:type(), backoff_state :: oidcc_backoff:state() | undefined}.
Functions
Link to this function
get_jwks(Name)
View Source (since 3.0.0 -------------------------------------------------------------------)-spec get_jwks(Name :: gen_server:server_ref()) -> jose_jwk:key() | undefined.
Link to this function
get_provider_configuration(Name)
View Source (since 3.0.0 -------------------------------------------------------------------)-spec get_provider_configuration(Name :: gen_server:server_ref()) -> oidcc_provider_configuration:t() | undefined.
-spec refresh_configuration(Name :: gen_server:server_ref()) -> ok.
Refresh Configuration
Examples
{ok, Pid} =
oidcc_provider_configuration_worker:start_link(#{
issuer => <<"https://accounts.google.com">>
}).
%% Later
oidcc_provider_configuration_worker:refresh_configuration(Pid).-spec refresh_jwks(Name :: gen_server:server_ref()) -> ok.
Refresh JWKs
Examples
{ok, Pid} =
oidcc_provider_configuration_worker:start_link(#{
issuer => <<"https://accounts.google.com">>
}).
%% Later
oidcc_provider_configuration_worker:refresh_jwks(Pid).-spec refresh_jwks_for_unknown_kid(Name :: gen_server:server_ref(), Kid :: binary()) -> ok.
Refresh JWKs if the provided Kid is not matching any currently loaded keys
Examples
{ok, Pid} =
oidcc_provider_configuration_worker:start_link(#{
issuer => <<"https://accounts.google.com">>
}).
oidcc_provider_configuration_worker:refresh_jwks_for_unknown_kid(Pid, <<"kid">>).-spec start_link(Opts :: opts()) -> gen_server:start_ret().
Start Configuration Provider
Examples
{ok, Pid} =
oidcc_provider_configuration_worker:start_link(#{
issuer => <<"https://accounts.google.com">>,
name => {local, google_config_provider}
}). %% ...
-behaviour(supervisor).
%% ...
init(_opts) ->
SupFlags = #{strategy => one_for_one, intensity => 1, period => 5},
ChildSpecs = [#{id => google_config_provider,
start => {oidcc_provider_configuration_worker,
start_link,
[
#{issuer => <<"https://accounts.google.com">>}
]},
restart => permanent,
type => worker,
modules => [oidcc_provider_configuration_worker]}],
{ok, {SupFlags, ChildSpecs}}.