View Source Plugoid

OpenID Connect Plug for Phoenix

Plugoid lets you protect some routes with OpenID Connect authentication, for instance:

defmodule PlugoidDemoWeb.Router do
  use PlugoidDemoWeb, :router
  use Plugoid.RedirectURI

  pipeline :oidc_auth do
    plug Plugoid,
      issuer: "",
      client_id: "client1",
      client_config: PlugoidDemo.OpenIDConnect.Client

  scope "/private", PlugoidDemoWeb do
    pipe_through :browser
    pipe_through :oidc_auth

    get "/", PageController, :index
    post "/", PageController, :index





def deps do
    {:plugoid, "~> 0.6.0"},
    {:hackney, "~> 1.0"}

The hackney dependency is used as the default adapter for Tesla (for outbound HTTP requests). Another one can be used instead (see and then has to be configured in your config.exs:

config :tesla, adapter: Tesla.Adapter.AnotherOne


When to use it

Possible uses are:

  • when you entirely delegate user authentication to an external OpenID Connect Provider (OP)
  • when you want to integrate with third-party providers ("social login"). Note that:
    • this library and the library it uses are very strict and might fail with some social login providers that don't strictly follows the standard
    • it has not been tested with any public OpenID Connect Provider (social login provider)
    • it does not support pure OAuth2 authentication providers


Project status

The implementation of the standard is comprehsensive but as for all security related libraries, care should be taken when assessing it. This library is not (yet?) widely used and has received little scrutiny by other programmers or security specialists.

This project is also looking for contributors. Feel free to take a look at issues opened in the following projects:


Protocol support