okta_api v0.1.14 Okta.OIDC View Source
The Okta.OIDC module provides access methods to the Okta OpenID Connect & OAuth 2.0 API.
All methods require a Tesla Client struct created with Okta.OIDC.client.
This client uses client authentication rather than Okta API token authentication.
Currently the supported client authentication method is Client Secret
client_secret_basic
client = Okta.OIDC.oidc_client("https://dev-000000.okta.com", client_secret_basic: %{client_id: "thisistheclientid", client_secret: "thisistheclientsecret"})
client_secret_post
client = Okta.OIDC.oidc_client("https://dev-000000.okta.com", client_secret_post: %{client_id: "thisistheclientid", client_secret: "thisistheclientsecret"})Examples
client = Okta.OIDC.oidc_client("https://dev-000000.okta.com", client_secret_basic: %{client_id: "thisistheclientid", client_secret: "thisistheclientsecret"})
{:ok, result, _env} = Okta.OIDC.token_for_code(client,"thisisthecode", "https://localhost:8080/implicit/callback")Link to this section Summary
Functions
This endpoint takes an access, ID, or refresh token, and returns a boolean that indicates whether it is active or not. If the token is active, additional data about the token is also returned. If the token is invalid, expired, or revoked, it is considered inactive.
Also takes :auth_server_id as an option to change the auth server from the standard "default" and an optional :token_type_hint argument to indicate what type of token it is
Creates a Tesla Client struct specifically for OIDC API calls with client authentication rather than Okta API token authentication. Currently the supported client authentication method is Client Secret
The API takes an access or refresh token and revokes it. Revoked tokens are considered inactive at the introspection endpoint. A client may only revoke its own tokens
Also takes :auth_server_id as an option to change the auth server from the standard "default" and an optional :token_type_hint argument to indicate what type of token it is
Returns access tokens, ID tokens, and refresh tokens, depending on the request parameters.
Also takes :auth_server_id as an option to change the auth server from the standard "default"
Returns access tokens, ID tokens, and refresh tokens given an authorization_code and redirect_uri used when creating the code on the authorize endpoint (usually in a browser)
Also takes :auth_server_id as an option to change the auth server from the standard "default"
Returns access tokens, ID tokens, and refresh tokens given a refresh_cide and redirect_uri used when the refresh_code was retrieved from the token endpoint
Also takes :auth_server_id as an option to change the auth server from the standard "default" and an optional :scope argument, otherwise will default the scope to "offline_access openid"
Link to this section Functions
This endpoint takes an access, ID, or refresh token, and returns a boolean that indicates whether it is active or not. If the token is active, additional data about the token is also returned. If the token is invalid, expired, or revoked, it is considered inactive.
Also takes :auth_server_id as an option to change the auth server from the standard "default" and an optional :token_type_hint argument to indicate what type of token it is
https://developer.okta.com/docs/reference/api/oidc/#introspect
oidc_client(base_url, list)
View Sourceoidc_client(String.t(), keyword()) :: Okta.client()
Creates a Tesla Client struct specifically for OIDC API calls with client authentication rather than Okta API token authentication. Currently the supported client authentication method is Client Secret
client_secret_basic
client = Okta.OIDC.oidc_client("https://dev-000000.okta.com", client_secret_basic: %{client_id: "thisistheclientid", client_secret: "thisistheclientsecret"})
client_secret_post
client = Okta.OIDC.oidc_client("https://dev-000000.okta.com", client_secret_post: %{client_id: "thisistheclientid", client_secret: "thisistheclientsecret"})revoke(client, token, opts \\ [])
View Sourcerevoke(Okta.client(), String.t(), keyword()) :: Okta.result()
The API takes an access or refresh token and revokes it. Revoked tokens are considered inactive at the introspection endpoint. A client may only revoke its own tokens
Also takes :auth_server_id as an option to change the auth server from the standard "default" and an optional :token_type_hint argument to indicate what type of token it is
token(client, params, opts \\ [])
View Sourcetoken(Okta.client(), map(), keyword()) :: Okta.result()
Returns access tokens, ID tokens, and refresh tokens, depending on the request parameters.
Also takes :auth_server_id as an option to change the auth server from the standard "default"
token_for_code(client, code, redirect__uri, opts \\ [])
View Sourcetoken_for_code(Okta.client(), String.t(), String.t(), keyword()) :: Okta.result()
Returns access tokens, ID tokens, and refresh tokens given an authorization_code and redirect_uri used when creating the code on the authorize endpoint (usually in a browser)
Also takes :auth_server_id as an option to change the auth server from the standard "default"
token_for_refresh_token(client, refresh_token, redirect__uri, opts \\ [])
View Sourcetoken_for_refresh_token(Okta.client(), String.t(), String.t(), keyword()) :: Okta.result()
Returns access tokens, ID tokens, and refresh tokens given a refresh_cide and redirect_uri used when the refresh_code was retrieved from the token endpoint
Also takes :auth_server_id as an option to change the auth server from the standard "default" and an optional :scope argument, otherwise will default the scope to "offline_access openid"