Ãœberauth OIDC
OIDC Provider for Ueberauth using the OpenIDProvider library.
This library provides an OIDC strategy for Ueberauth using the information in the /.well-known
url.
Only supports authorization_code
flow for now.
Has optional support for /userinfo
endpoints, and has the option to get a user's uid_field
from either the claims or the userinfo.
Originally based on rng2/ueberauth_oidc but has now diverged significantly from the source
Installation
-
Add
:ueberauth_oidc
to your list of dependencies inmix.exs
:def deps do [{:ueberauth_oidc, git: "https://github.com/DefactoSoftware/ueberauth_oidc.git"}] end
Or if available in hex:
def deps do [{:ueberauth_oidc, "~> 1.0"}] end
Configuration
-
Add OIDC to your Ueberauth configuration:
config :ueberauth, Ueberauth, providers: [ oidc: { Ueberauth.Strategy.OIDC, [ default: [ # required, set to default provider you want to use provider: :default_oidc, # optional uid_field: :sub ], # optional override for each provider google: [uid_field: :email], ... ] } ]
-
Update your provider configuration. See OpenIDConnect for a list of supported options.
config :ueberauth, Ueberauth.Strategy.OIDC, # one or more providers default_oidc: [ fetch_userinfo: true, # true/false userinfo_uid_field: "upn", # only include if getting the user_id from userinfo uid_field: "sub" # only include if getting the user_id from the claims discovery_document_uri: "https://oidc.example/.well-known/openid-configuration", client_id: "client_id", client_secret: "123456789", redirect_uri: "https://your.url/auth/oidc/callback", response_type: "code", scope: "openid profile email" ], ...
Usage
-
Include the Ueberauth plug in your controller:
defmodule MyApp.AuthController do use MyApp.Web, :controller plug Ueberauth ... end
-
Create the request and callback routes if you haven't already:
scope "/auth", MyApp do pipe_through :browser get "/:unused", AuthController, :request get "/:unused/callback", AuthController, :callback end
-
Your controller needs to implement callbacks to deal with
Ueberauth.Auth
andUeberauth.Failure
responses. For an example implementation see the Ueberauth Example application. Note that theUeberauth.Strategy.Info
struct stored inUeberauth.Auth
will be empty. Use the information inUeberauth.Auth.Credentials
andUeberauth.Strategy.Extra
instead:-
Ueberauth.Auth.Credentials
contains theaccess_token
and related fields -
The
other
map inUeberauth.Auth.Credentials
containsprovider
anduser_info
-
Ueberauth.Strategy.Extra
contains the raw claims, tokens and opts
-
-
Add
OpenIDConnect.Worker
with a provider list during application startup:def start(_type, _args) do ... children = [ ..., {OpenIDConnect.Worker, Application.get_env(:ueberauth, Ueberauth.Strategy.OIDC)}, ... ] ... Supervisor.start_link(children, opts) end
Calling
Depending on the configured url, you can initialize the request through:
/auth/oidc
To use another provider instead of the configured default, add the oidc_provider
option:
/auth/oidc?oidc_provider=google
License
Please see LICENSE for licensing details.
Loosely based on rng2/ueberauth_oidc.