View Source oidcc_userinfo (Oidcc v3.2.0)

OpenID Connect Userinfo

See https://openid.net/specs/openid-connect-core-1_0.html#UserInfo

Telemetry

See 'Elixir.Oidcc.Userinfo'

Summary

Types

error/0
retrieve_opts/0

Configure userinfo request

retrieve_opts_no_sub/0
See retrieve_opts()

Functions

retrieve(Token, ClientContext, Opts)

Load userinfo for the given token

Types

Link to this type

error/0

View Source (since 3.0.0 -------------------------------------------------------------------) 
-type error() ::
    {distributed_claim_not_found, {ClaimSource :: binary(), ClaimName :: binary()}} |
    no_access_token | invalid_content_type | bad_subject |
    oidcc_jwt_util:error() |
    oidcc_http_util:error().
Link to this type

retrieve_opts/0

View Source (since 3.0.0 -------------------------------------------------------------------) 
-type retrieve_opts() ::
    #{refresh_jwks => oidcc_jwt_util:refresh_jwks_for_unknown_kid_fun(),
      expected_subject => binary() | any,
      dpop_nonce => binary()}.

Configure userinfo request

See https://openid.net/specs/openid-connect-core-1_0.html#UserInfoRequest

Parameters

  • refresh_jwks - How to handle tokens with an unknown kid. See oidcc_jwt_util:refresh_jwks_for_unknown_kid_fun()
  • expected_subject - expected subject for the userinfo (sub from id token)
  • dpop_nonce - if using DPoP, the nonce value to use in the proof claim
Link to this type

retrieve_opts_no_sub/0

View Source (since 3.0.0 -------------------------------------------------------------------) 
-type retrieve_opts_no_sub() ::
    #{refresh_jwks => oidcc_jwt_util:refresh_jwks_for_unknown_kid_fun(), dpop_nonce => binary()}.
See retrieve_opts()

Functions

Link to this function

retrieve(Token, ClientContext, Opts)

View Source (since 3.0.0) 
-spec retrieve(Token, ClientContext, Opts) -> {ok, oidcc_jwt_util:claims()} | {error, error()}
            when
                Token :: oidcc_token:t(),
                ClientContext :: oidcc_client_context:t(),
                Opts :: retrieve_opts_no_sub();
        (Token, ClientContext, Opts) -> {ok, oidcc_jwt_util:claims()} | {error, error()}
            when
                Token :: oidcc_token:access() | binary(),
                ClientContext :: oidcc_client_context:t(),
                Opts :: retrieve_opts().

Load userinfo for the given token

For a high level interface using oidcc_provider_configuration_worker see oidcc:retrieve_userinfo/5.

Examples 

  {ok, ClientContext} =
    oidcc_client_context:from_configuration_worker(provider_name,
                                                   <<"client_id">>,
                                                   <<"client_secret">>),
 
  %% Get Token
 
  {ok, #{<<"sub">> => Sub}} =
    oidcc_userinfo:retrieve(Token, ClientContext, #{}).