# `Oidcc.Plug.AuthorizationCallback` [🔗](https://github.com/erlef/oidcc_plug/blob/989b809174070ef71c9dc545de149854f86d8f7c /lib/oidcc/plug/authorization_callback.ex#L1) Retrieve Token for Code Flow Authorization Callback This plug does not send a response. Instead it will load and validate all token data and leave the rest to a controller action that will be executed after. ## Via `Phoenix.Router` ```elixir defmodule SampleAppWeb.Router do use Phoenix.Router # ... pipeline :oidcc_callback do plug Oidcc.Plug.AuthorizationCallback, provider: SampleApp.GoogleOpenIdConfigurationProvider, client_id: Application.compile_env!(:sample_app, [Oidcc.Plug.Authorize, :client_id]), client_secret: Application.compile_env!(:sample_app, [Oidcc.Plug.Authorize, :client_secret]), redirect_uri: "https://localhost:4000/oidcc/callback" end forward "/oidcc/authorize", to: Oidcc.Plug.Authorize, init_opts: [...] scope "/oidcc/callback", SampleAppWeb do pipe_through :oidcc_callback get "/", AuthController, :handle_callback post "/", AuthController, :handle_callback end end ``` ## Via `Controller` ```elixir defmodule SampleAppWeb.AuthController do # ... plug Oidcc.Plug.AuthorizationCallback, provider: SampleApp.GoogleOpenIdConfigurationProvider, client_id: Application.compile_env!(:sample_app, [Oidcc.Plug.Authorize, :client_id]), client_secret: Application.compile_env!(:sample_app, [Oidcc.Plug.Authorize, :client_secret]), redirect_uri: "https://localhost:4000/oidcc/callback" when action in [:handle_callback] def handle_callback( %Plug.Conn{private: %{ Oidcc.Plug.AuthorizationCallback => {:ok, {token, userinfo}} Oidcc.Plug.Authorize.State => "query_param_state" | nil }}, _params ) do # Handle Success conn |> put_session("auth_token", token) |> put_session("auth_userinfo", userinfo) |> redirect(to: "/") end def handle_callback( %Plug.Conn{private: %{ Oidcc.Plug.AuthorizationCallback => {:error, reason}} }, _params ) do # Handle Error conn |> put_status(400) |> render("error.html", reason: reason) end end ``` # `error` *since 0.1.0* ```elixir @type error() :: :oidcc_client_context.error() | :oidcc_token.error() | :oidcc_userinfo.error() | :useragent_mismatch | :peer_ip_mismatch | {:missing_request_param, param :: String.t()} ``` # `opts` *since 0.1.0* ```elixir @type opts() :: [ provider: GenServer.name() | nil, client_store: module() | nil, client_id: String.t() | (-> String.t()) | (Plug.Conn.t() -> String.t()) | nil, client_secret: String.t() | (-> String.t()) | (Plug.Conn.t() -> String.t()) | nil, client_context_opts: :oidcc_client_context.opts() | (-> :oidcc_client_context.opts()), client_profile_opts: :oidcc_profile.opts(), redirect_uri: String.t() | (-> String.t()) | (Plug.Conn.t() -> String.t()), check_useragent: boolean(), check_peer_ip: boolean(), retrieve_userinfo: boolean(), request_opts: :oidcc_http_util.request_opts() ] ``` Plug Configuration Options ## Options * `provider` - name of the `Oidcc.ProviderConfiguration.Worker` * `client_id` - OAuth Client ID to use for the introspection * `client_secret` - OAuth Client Secret to use for the introspection * `client_context_opts` - Options for Client Context Initialization * `client_profile_opts` - Options for Client Context Profiles * `redirect_uri` - Where to redirect for callback * `check_useragent` - check if useragent is the same as before the authorization request * `check_peer_ip` - check if the client IP is the same as before the authorization request * `retrieve_userinfo` - whether to load userinfo from the provider * `request_opts` - request opts for http calls to provider * `client_store` - A module name that implements the `Oidcc.Plug.ClientStore` behaviour to fetch the client context from a store instead of using the `provider`, `client_id` and `client_secret` directly. This is useful for storing the client context in a database or other persistent storage. --- *Consult [api-reference.md](api-reference.md) for complete listing*