Packages
ash_authentication
4.3.5
5.0.0-rc.12
5.0.0-rc.11
5.0.0-rc.10
5.0.0-rc.9
5.0.0-rc.8
5.0.0-rc.7
5.0.0-rc.6
5.0.0-rc.5
5.0.0-rc.4
5.0.0-rc.3
5.0.0-rc.2
5.0.0-rc.1
5.0.0-rc.0
4.14.1
4.14.0
4.13.7
4.13.6
4.13.5
4.13.4
4.13.3
4.13.2
retired
4.13.1
retired
4.13.0
4.12.0
4.11.0
4.10.0
4.9.9
4.9.8
4.9.7
4.9.6
4.9.5
4.9.4
4.9.3
4.9.2
4.9.1
4.9.0
4.8.7
4.8.6
4.8.5
4.8.3
4.8.2
4.8.1
4.8.0
4.7.6
4.7.5
4.7.4
4.7.3
4.7.2
4.7.1
4.7.0
4.6.4
4.6.3
4.6.2
4.6.1
4.6.0
4.5.6
4.5.5
4.5.4
4.5.3
4.5.2
4.5.1
4.5.0
4.4.9
4.4.8
4.4.7
4.4.6
4.4.5
4.4.4
4.4.3
4.4.2
4.4.1
4.4.0
4.3.12
4.3.11
4.3.10
4.3.9
4.3.8
4.3.7
4.3.6
4.3.5
4.3.4
4.3.3
4.3.2
4.3.1
4.3.0
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2.0
4.1.0
4.0.4
4.0.3
4.0.2
4.0.1
4.0.0
4.0.0-rc.6
4.0.0-rc.5
4.0.0-rc.3
4.0.0-rc.2
4.0.0-rc.1
4.0.0-rc.0
3.12.4
3.12.3
3.12.2
3.12.1
3.12.0
3.11.16
3.11.15
3.11.14
3.11.13
3.11.12
3.11.11
3.11.10
3.11.9
3.11.8
3.11.7
3.11.6
3.11.5
3.11.4
3.11.3
3.11.2
3.11.1
3.11.0
3.10.8
3.10.7
3.10.6
3.10.5
3.10.4
3.10.3
3.10.2
3.10.1
3.10.0
3.9.6
3.9.5
3.9.4
3.9.3
3.9.2
3.9.1
3.9.0
3.8.0
3.7.9
3.7.8
3.7.6
3.7.5
3.7.4
3.7.3
3.7.2
3.7.1
3.7.0
3.6.1
3.6.0
3.5.3
3.5.2
3.5.1
3.5.0
3.3.1
3.3.0
3.2.2
3.2.1
3.2.0
3.1.0
3.0.3
Authentication extension for the Ash Framework.
Security advisory:
This version has known vulnerabilities.
View advisories
Current section
Files
Jump to
Current section
Files
lib/ash_authentication/strategies/oidc/dsl.ex
defmodule AshAuthentication.Strategy.Oidc.Dsl do
@moduledoc false
import Spark.Options.Helpers, only: [make_required!: 2]
alias AshAuthentication.Strategy.{Custom, OAuth2}
@doc false
@spec dsl :: Custom.entity()
def dsl do
OAuth2.dsl()
|> Map.merge(%{
name: :oidc,
args: [{:optional, :name, :oidc}],
describe: """
Provides an OpenID Connect authentication strategy.
This strategy is built using the `:oauth2` strategy, and thus provides
all the same configuration options should you need them.
#### More documentation:
- The [OAuth2 documentation](`AshAuthentication.Strategy.OAuth2`)
""",
auto_set_fields: [assent_strategy: Assent.Strategy.OIDC, icon: :oidc],
schema: patch_schema()
})
end
defp patch_schema do
OAuth2.dsl()
|> Map.get(:schema, [])
|> make_required!(:base_url)
|> Keyword.delete(:authorize_url)
|> Keyword.delete(:token_url)
|> Keyword.delete(:user_url)
|> Keyword.merge(
openid_configuration_uri: [
type: :string,
default: "/.well-known/openid-configuration",
doc: "The URI for the OpenID provider",
required: false
],
client_authentication_method: [
type:
{:in,
["client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt"]},
default: "client_secret_basic",
doc: "The client authentication method to use.",
required: false
],
openid_configuration: [
type: :map,
doc:
"The OpenID configuration. If not set, the configuration will be retrieved from `openid_configuration_uri`.",
required: false,
default: %{}
],
id_token_signed_response_alg: [
type: {:in, Joken.Signer.algorithms()},
doc: """
The `id_token_signed_response_alg` parameter sent by the Client during Registration.
""",
required: false,
default: "RS256"
],
id_token_ttl_seconds: [
type: {:or, [nil, :pos_integer]},
doc: """
The number of seconds from `iat` that an ID Token will be considered valid.
""",
required: false,
default: nil
],
nonce: [
type: {:or, [:boolean, AshAuthentication.Dsl.secret_type()]},
doc:
"A function for generating the session nonce, `true` to automatically generate it with `AshAuthentication.Strategy.Oidc.NonceGenerator`, or `false` to disable.",
default: true,
required: false
]
)
end
end