Quick start

Step 1: install the redirect URI plug

In your router.ex file, add at the beginning:

  use Plugoid.RedirectURI

Step 2: create an OpenID Connect pipeline

Still in router.ex, add a Plugoid pipeline:

  pipeline :oidc_auth do
    plug Plugoid,
      issuer: "<issuer>",
      client_id: "<client_id>",
      client_config: MyApp.ClientCallback
  end

where <issuer> is the OpenID Provider's (OP) issuer URL and <client_id> is the client identifier provided upon application registration at the OP.

Step 3: protect some routes with the pipeline

Again in router.ex, add the pipeline to some routes:

  scope "/private", MyAppWeb do
    pipe_through :browser
    pipe_through :oidc_auth

    get "/", PageController, :index
  end

Step 4: create a client callback

Create the myapp/lib/myapp/client_callback.ex file (where myapp is replaced by the name of your application) and add the following code:

defmodule MyApp.ClientCallback do
  @behaviour OIDC.Auth.ClientConfig

  @impl true
  def get("<client_id>") do
    %{
      "client_id" => "<client_id>",
      "client_secret" => "<client_secret>"
    }
  end
end

where <client_id> is the same client identifier as before, and <client_secret> is the application password provided by the OP upon registration of the application.

If another type of credential was provided, refer to TeslaOAuth2ClientAuth documentation.

In production environment, it is unsafe to hardcode application password in an Elixir module. Use Application.fetch_env!/2 or another secure mean instead.