Packages
ash_authentication
3.11.0
5.0.0-rc.12
5.0.0-rc.11
5.0.0-rc.10
5.0.0-rc.9
5.0.0-rc.8
5.0.0-rc.7
5.0.0-rc.6
5.0.0-rc.5
5.0.0-rc.4
5.0.0-rc.3
5.0.0-rc.2
5.0.0-rc.1
5.0.0-rc.0
4.14.1
4.14.0
4.13.7
4.13.6
4.13.5
4.13.4
4.13.3
4.13.2
retired
4.13.1
retired
4.13.0
4.12.0
4.11.0
4.10.0
4.9.9
4.9.8
4.9.7
4.9.6
4.9.5
4.9.4
4.9.3
4.9.2
4.9.1
4.9.0
4.8.7
4.8.6
4.8.5
4.8.3
4.8.2
4.8.1
4.8.0
4.7.6
4.7.5
4.7.4
4.7.3
4.7.2
4.7.1
4.7.0
4.6.4
4.6.3
4.6.2
4.6.1
4.6.0
4.5.6
4.5.5
4.5.4
4.5.3
4.5.2
4.5.1
4.5.0
4.4.9
4.4.8
4.4.7
4.4.6
4.4.5
4.4.4
4.4.3
4.4.2
4.4.1
4.4.0
4.3.12
4.3.11
4.3.10
4.3.9
4.3.8
4.3.7
4.3.6
4.3.5
4.3.4
4.3.3
4.3.2
4.3.1
4.3.0
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2.0
4.1.0
4.0.4
4.0.3
4.0.2
4.0.1
4.0.0
4.0.0-rc.6
4.0.0-rc.5
4.0.0-rc.3
4.0.0-rc.2
4.0.0-rc.1
4.0.0-rc.0
3.12.4
3.12.3
3.12.2
3.12.1
3.12.0
3.11.16
3.11.15
3.11.14
3.11.13
3.11.12
3.11.11
3.11.10
3.11.9
3.11.8
3.11.7
3.11.6
3.11.5
3.11.4
3.11.3
3.11.2
3.11.1
3.11.0
3.10.8
3.10.7
3.10.6
3.10.5
3.10.4
3.10.3
3.10.2
3.10.1
3.10.0
3.9.6
3.9.5
3.9.4
3.9.3
3.9.2
3.9.1
3.9.0
3.8.0
3.7.9
3.7.8
3.7.6
3.7.5
3.7.4
3.7.3
3.7.2
3.7.1
3.7.0
3.6.1
3.6.0
3.5.3
3.5.2
3.5.1
3.5.0
3.3.1
3.3.0
3.2.2
3.2.1
3.2.0
3.1.0
3.0.3
Authentication extension for the Ash Framework.
Security advisory:
This version has known vulnerabilities.
View advisories
Current section
Files
Jump to
Current section
Files
lib/ash_authentication/strategies/oidc/dsl.ex
defmodule AshAuthentication.Strategy.Oidc.Dsl do
@moduledoc false
alias AshAuthentication.Strategy.{Custom, OAuth2}
@doc false
@spec dsl :: Custom.entity()
def dsl do
OAuth2.dsl()
|> Map.merge(%{
name: :oidc,
args: [{:optional, :name, :oidc}],
describe: """
Provides an OpenID Connect authentication strategy.
This strategy is built using the `:oauth2` strategy, and thus provides
all the same configuration options should you need them.
#### Schema:
""",
auto_set_fields: [assent_strategy: Assent.Strategy.OIDC, icon: :oidc],
schema: patch_schema()
})
end
defp patch_schema do
OAuth2.dsl()
|> Map.get(:schema, [])
|> Keyword.delete(:user_url)
|> Keyword.merge(
openid_configuration_uri: [
type: :string,
default: "/.well-known/openid-configuration",
doc: "The URI for the OpenID provider",
required: false
],
client_authentication_method: [
type:
{:in, [:client_secret_basic, :client_secret_post, :client_secret_jwt, :private_key_jwt]},
default: :client_secret_basic,
doc: "The client authentication method to use.",
required: false
],
openid_configuration: [
type: :map,
doc: """
The OpenID configuration.
If not set, the configuration will be retrieved from `openid_configuration_uri`.
""",
required: false,
default: %{}
],
id_token_signed_response_alg: [
type: {:in, Joken.Signer.algorithms()},
doc: """
The `id_token_signed_response_alg` parameter sent by the Client during Registration.
""",
required: false,
default: "RS256"
],
id_token_ttl_seconds: [
type: {:or, [nil, :pos_integer]},
doc: """
The number of seconds from `iat` that an ID Token will be considered valid.
""",
required: false,
default: nil
],
nonce: [
type: {:or, [:boolean, AshAuthentication.Dsl.secret_type()]},
doc: """
A function for generating the session nonce.
When set to `true` the nonce will be automatically generated using
`AshAuthentication.Strategy.Oidc.NonceGenerator`. Set to `false`
to explicitly disable.
#{AshAuthentication.Dsl.secret_doc()}
Example:
```elixir
nonce fn _, _ ->
16
|> :crypto.strong_rand_bytes()
|> Base.encode64(padding: false)
end
```
""",
default: true,
required: false
],
trusted_audiences: [
type: {:or, [nil, {:list, :string}]},
doc: """
A list of audiences which are trusted.
""",
default: nil,
required: false
]
)
end
end