Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/erlef/oidcc_cowboy
Cowboy OpenId Connect support by using oidcc
https://github.com/erlef/oidcc_cowboy
cowboy erlang openid openid-client openid-connect security-wg
Last synced: 14 days ago
JSON representation
Cowboy OpenId Connect support by using oidcc
- Host: GitHub
- URL: https://github.com/erlef/oidcc_cowboy
- Owner: erlef
- License: apache-2.0
- Created: 2016-11-07T07:26:09.000Z (about 8 years ago)
- Default Branch: main
- Last Pushed: 2024-08-24T17:27:45.000Z (3 months ago)
- Last Synced: 2024-10-29T12:59:16.120Z (17 days ago)
- Topics: cowboy, erlang, openid, openid-client, openid-connect, security-wg
- Language: Erlang
- Homepage: https://hexdocs.pm/oidcc_cowboy
- Size: 3.74 MB
- Stars: 4
- Watchers: 10
- Forks: 11
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: .github/CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Code of conduct: .github/CODE_OF_CONDUCT.md
- Security: .github/SECURITY.md
Awesome Lists containing this project
README
# oidcc_cowboy
Cowboy callback module for easy integration of OpenId Connect, using [oidcc](https://github.com/erlef/oidcc).
[](https://github.com/erlef/security-wg)
[](https://github.com/erlef/oidcc_cowboy/actions/workflows/branch_main.yml)
[](https://hex.pm/packages/oidcc_cowboy)
[](https://hex.pm/packages/oidcc_cowboy)
[](https://github.com/erlef/oidcc_cowboy/blob/main/LICENSE)
[](https://github.com/erlef/oidcc_cowboy/commits/master)
[](https://coveralls.io/github/erlef/oidcc_cowboy?branch=main)
OpenID Certified by [Jonatan Männchen](https://github.com/maennchen) at the
[Erlang Ecosystem Foundation](https://github.com/erlef) of multiple Relaying
Party conformance profiles of the OpenID Connect protocol:
For details, check the
[Conformance Test Suite](https://github.com/erlef/oidcc_conformance).
The refactoring for `v2` and the certification is funded as an
[Erlang Ecosystem Foundation](https://erlef.org/) stipend entered by the
[Security Working Group](https://erlef.org/wg/security).
## Usage
### Code Flow
```erlang
-module(basic_client_app).
-behaviour(application).
-export([start/2]).
-export([stop/1]).
start(_, _) ->
OidccCowboyOpts = #{
provider => config_provider_gen_server_name,
client_id => <<"client_id">>,
client_secret => <<"client_secret">>,
redirect_uri => "http://localhost:8080/oidc/return"
},
OidccCowboyCallbackOpts = maps:merge(OidccCowboyOpts, #{
handle_success => fun(Req, _Token, #{<<"sub">> := Subject}) ->
cowboy_req:reply(200, #{}, ["Hello ", Subject, "!"], Req)
end
}),
Dispatch = cowboy_router:compile([
{'_', [
{"/", oidcc_cowboy_authorize, OidccCowboyOpts},
{"/oidc/return", oidcc_cowboy_callback, OidccCowboyCallbackOpts}
]}
]),
{ok, _} = cowboy:start_clear(http, [{port, 8080}], #{
env => #{dispatch => Dispatch}
}),
basic_client_sup:start_link().
stop(_) ->
ok.
```
### Authorization Header Checking
```erlang
-module(api_client_app).
-behaviour(application).
-export([start/2]).
-export([stop/1]).
start(_, _) ->
OidccCowboyOpts = #{
provider => config_provider_gen_server_name,
client_id => <<"client_id">>,
client_secret => <<"client_secret">>
},
Dispatch = cowboy_router:compile([
{'_', [
{"/", api_client, #{}}
]}
]),
{ok, _} = cowboy:start_clear(http, [{port, 8080}], #{
env => #{
dispatch => Dispatch,
oidcc_cowboy_load_userinfo => OidccCowboyOpts,
oidcc_cowboy_introspect_token => OidccCowboyOpts,
oidcc_cowboy_validate_jwt_token => OidccCowboyOpts,
},
middlewares => [
oidcc_cowboy_extract_authorization,
oidcc_cowboy_load_userinfo, %% Check Token via Userinfo
oidcc_cowboy_introspect_token, %% Check Token via Introspection
oidcc_cowboy_validate_jwt_token, %% Check Token via JWT validation
cowboy_router,
cowboy_handler
]
}),
api_client_sup:start_link().
stop(_) ->
ok.
```