https://github.com/tanguilp/apiac_auth_client_secret_post

APIac Elixir plug for OAuth2 post client authentication
https://github.com/tanguilp/apiac_auth_client_secret_post

Last synced: 2 months ago
JSON representation

APIac Elixir plug for OAuth2 post client authentication

• Host: GitHub
• URL: https://github.com/tanguilp/apiac_auth_client_secret_post
• Owner: tanguilp
• License: apache-2.0
• Created: 2019-06-14T19:26:56.000Z (almost 6 years ago)
• Default Branch: master
• Last Pushed: 2020-04-29T19:23:01.000Z (about 5 years ago)
• Last Synced: 2025-02-28T13:00:51.883Z (3 months ago)
• Language: Elixir
• Homepage: https://hex.pm/packages/apiac_auth_client_secret_post
• Size: 14.6 KB
• Stars: 0
• Watchers: 3
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# APIacAuthClientSecretPost

An `APIac.Authenticator` plug for API authentication using the OAuth2 client secret post

scheme

The OAuth2 client secret post scheme simply consists in transmitting a client and its password

in www-URL-encoded body (example from RFC6749):

```http

 POST /token HTTP/1.1

 Host: server.example.com

 Content-Type: application/x-www-form-urlencoded

 grant_type=refresh_token&refresh_token=tGzv3JOkF0XG5Qx2TlKWIA

 &client_id=s6BhdRkqt3&client_secret=7Fjfp0ZBr1KtDRbnfVdmIw

```

## Installation

```elixir

def deps do

  [

    {:apiac_auth_client_secret_post, "~> 1.0"}

  ]

end

```

## Example with callback function

The callback function will be called with the `realm` and `client` and return string password or an `%Expwd.Hashed{}` struct:

```elixir

plug APIacAuthClientSecretPost, realm: "my realm",

		      callback: &Module.get_client_password/2

```

## Example with configuration file

`{client_id, client_secret}` pairs can be configured in you application configuration files.

There will be compiled at **compile time**. If you need runtime configurability,

use the `callback` option instead.

Storing cleartext password requires special care, for instance: using \*.secret.exs files,

encrypted storage of these config files, etc. Consider using hashed password instead, such

as `Expwd.Hashed.Portable.t`

Pairs a to be set separately for each realm in the `clients` key, as following:

``` elixir

config :apiac_auth_client_secret_post,

  clients: %{

    # using Expwd Hashed portable password

    "realm_a" => [

      {"client_1", {:expwd, :sha256, "lYOmCIZUR603rPiIN0agzBHFyZDw9xEtETfbe6Q1ubU"}},

      {"client_2", {:expwd, :sha256, "mnAWHn1tSHEOCj6sMDIrB9BTRuD4yZkiLbjx9x2i3ug"}},

      {"client_3", {:expwd, :sha256, "9RYrMJSmXJSN4CSJZtOX0Xs+vP94meTaSzGc+oFcwqM"}},

      {"client_4", {:expwd, :sha256, "aCL154jd8bNw868cbsCUw3skHun1n6fGYhBiITSmREw"}},

      {"client_5", {:expwd, :sha256, "xSE6MkeC+gW7R/lEZKxsWGDs1MlqEV4u693fCBNlV4g"}}

    ],

    "realm_b" => [

      {"client_1", {:expwd, :sha256, "lYOmCIZUR603rPiIN0agzBHFyZDw9xEtETfbe6Q1ubU"}}

    ],

    # UNSAFE: cleartext passwords set directly in the config file

    "realm_c" => [

      {"client_6", "cleartext password"},

      {"client_7", "cleartext password again"}

    ]

  }

```

then in your Plug pipeline:

```elixir

Plug APIacAuthClientSecretPost, realm: "realm_a"

```