Skip to content

Latest commit

 

History

History
158 lines (137 loc) · 4.7 KB

README.md

File metadata and controls

158 lines (137 loc) · 4.7 KB
Raw
OpenID Connect Logo

oidcc_cowboy

Cowboy callback module for easy integration of OpenId Connect, using oidcc.

EEF Security WG project Main Branch Module Version Total Download License Last Updated Coverage Status


OpenID Connect Certified Logo

OpenID Certified by Jonatan Männchen at the Erlang Ecosystem Foundation of multiple Relaying Party conformance profiles of the OpenID Connect protocol: For details, check the Conformance Test Suite.


Erlang Ecosystem Foundation Logo

The refactoring for v2 and the certification is funded as an Erlang Ecosystem Foundation stipend entered by the Security Working Group.


Usage

Code Flow

-module(basic_client_app).
-behaviour(application).

-export([start/2]).
-export([stop/1]).

start(_, _) ->
    OidccCowboyOpts = #{
        provider => config_provider_gen_server_name,
        client_id => <<"client_id">>,
        client_secret => <<"client_secret">>,
        redirect_uri => "http://localhost:8080/oidc/return"
    },
    OidccCowboyCallbackOpts = maps:merge(OidccCowboyOpts, #{
        handle_success => fun(Req, _Token, #{<<"sub">> := Subject}) ->
            cowboy_req:reply(200, #{}, ["Hello ", Subject, "!"], Req)
        end
    }),
    Dispatch = cowboy_router:compile([
        {'_', [
            {"/", oidcc_cowboy_authorize, OidccCowboyOpts},
            {"/oidc/return", oidcc_cowboy_callback, OidccCowboyCallbackOpts}
        ]}
    ]),
    {ok, _} = cowboy:start_clear(http, [{port, 8080}], #{
        env => #{dispatch => Dispatch}
    }),
    basic_client_sup:start_link().

stop(_) ->
    ok.

Authorization Header Checking

-module(api_client_app).
-behaviour(application).

-export([start/2]).
-export([stop/1]).

start(_, _) ->
    OidccCowboyOpts = #{
        provider => config_provider_gen_server_name,
        client_id => <<"client_id">>,
        client_secret => <<"client_secret">>
    },
    Dispatch = cowboy_router:compile([
        {'_', [
            {"/", api_client, #{}}
        ]}
    ]),
    {ok, _} = cowboy:start_clear(http, [{port, 8080}], #{
        env => #{
            dispatch => Dispatch,
            oidcc_cowboy_load_userinfo => OidccCowboyOpts,
            oidcc_cowboy_introspect_token => OidccCowboyOpts,
            oidcc_cowboy_validate_jwt_token => OidccCowboyOpts,
        },
        middlewares => [
            oidcc_cowboy_extract_authorization,
            oidcc_cowboy_load_userinfo, %% Check Token via Userinfo
            oidcc_cowboy_introspect_token, %% Check Token via Introspection
            oidcc_cowboy_validate_jwt_token, %% Check Token via JWT validation
            cowboy_router,
            cowboy_handler
        ]
    }),
    api_client_sup:start_link().

stop(_) ->
    ok.