View Source Zoth.Authorization.Code (Zoth v1.0.1)
Methods for authorization code flow.
The flow consists of three method calls:
preauthorize(resource_owner, request)
This validates the request. If a resource owner already have been authenticated previously it'll respond with a redirect tuple.
authorize(resource_owner, request)
This confirms a resource owner authorization, and will generate an access token.
deny(resource_owner, request)
This rejects a resource owner authorization.
In a controller it could look like this:
alias Zoth.Authorization
def new(conn, params) do
case Authorization.preauthorize(current_resource_owner(conn), params) do
{:ok, client, scopes} ->
render(conn, "new.html", params: params, client: client, scopes: scopes)
{:native_redirect, %{code: code}} ->
redirect(conn, to: oauth_authorization_path(conn, :show, code))
{:redirect, redirect_uri} ->
redirect(conn, external: redirect_uri)
{:error, error, status} ->
conn
|> put_status(status)
|> render("error.html", error: error)
end
end
def create(conn, params) do
conn
|> current_resource_owner
|> Authorization.authorize(params)
|> redirect_or_render(conn)
end
def delete(conn, params) do
conn
|> current_resource_owner
|> Authorization.deny(params)
|> redirect_or_render(conn)
endLink to this section Summary
Functions
Authorizes an authorization code flow request.
Rejects an authorization code flow request.
Validates an authorization code flow request.
Link to this section Functions
@spec authorize(Ecto.Schema.t(), map(), keyword()) :: Zoth.Authorization.Utils.Response.authorization_success() | Zoth.Authorization.Utils.Response.error() | Zoth.Authorization.Utils.Response.redirect() | Zoth.Authorization.Utils.Response.native_redirect()
Authorizes an authorization code flow request.
This is used when a resource owner has authorized access. If successful, this will generate an access token grant.
example
Example
resource_owner
|> Zoth.Authorization.authorize(%{
"client_id" => "Jf5rM8hQBc",
"response_type" => "code",
"scope" => "read write", # Optional
"state" => "46012", # Optional
"redirect_uri" => "https://example.com/" # Optional
}, otp_app: :my_app)
response
Response
{:ok, code} # A grant was generated
{:error, %{error: error, error_description: _}, http_status} # Error occurred
{:redirect, redirect_uri} # Redirect
{:native_redirect, %{code: code}} # Redirect to :show page@spec deny(Ecto.Schema.t(), map(), keyword()) :: Zoth.Authorization.Utils.Response.error() | Zoth.Authorization.Utils.Response.redirect()
Rejects an authorization code flow request.
This is used when a resource owner has rejected access.
example
Example
resource_owner
|> Zoth.Authorization.deny(%{
"client_id" => "Jf5rM8hQBc",
"response_type" => "code"
}, otp_app: :my_app)
response-type
Response type
{:error, %{error: error, error_description: _}, http_status} # Error occurred
{:redirect, redirect_uri} # Redirect@spec preauthorize(Ecto.Schema.t(), map(), keyword()) :: Zoth.Authorization.Utils.Response.preauthorization_success() | Zoth.Authorization.Utils.Response.error() | Zoth.Authorization.Utils.Response.redirect() | Zoth.Authorization.Utils.Response.native_redirect()
Validates an authorization code flow request.
Will check if there's already an existing access token with same scope and client for the resource owner.
example
Example
resource_owner
|> Zoth.Authorization.preauthorize(%{
"client_id" => "Jf5rM8hQBc",
"response_type" => "code"
}, otp_app: :my_app)
response
Response
{:ok, client, scopes} # Show request page with client and scopes
{:error, %{error: error, error_description: _}, http_status} # Show error page with error and http status
{:redirect, redirect_uri} # Redirect
{:native_redirect, %{code: code}} # Redirect to :show page