ex_oauth2_provider
ex_oauth2_provider copied to clipboard
danschultzer
Making OAuth 2 provider and authentication with http bearer as simple as possible for Elixir and Phoenix apps
In order to support use of the library in newer elixir projects (and use of dependent libraries such as `phoenix_oauth2_provider`, update library dependencies to the most recent available versions.
I needed something with device strategy and I didn't necessarilly want to start from scratch. However it's been in prod for a while now and thought it'd be a nice...
I noticed the application is not preloaded when the get_token function is called in ExOauth2Provider.AccessTokens. Found this out when I tried to use the 'client_crendentials' strategy. Apparently I needed access...
Work in Progress: Goal : config can enable pkce for response_type:code. TODO: update schema. persist code_challenge_method , code_challenge. process code_verifier before token generation.
Implement PKCE for authorization code grant type, as per [RFC-7637](https://datatracker.ietf.org/doc/html/rfc7636): - add string fields `code_challenge` and `code_challenge_method` to `oauth_access_grants` table which will contain the PKCE information. Add instructions for upgrading....
I noticed there were two ways to get a resource owner and one had a `:secret` atom. I have interacted with many OAuth providers before, but this is the first...
During an exchange of a `refresh_token` for an access `token`, Google want us to return an invalid grant whenever one this situation happens:  Currently `ex_oauth2_provider` returns an `invalid request`...
Relevant to [issue](https://github.com/danschultzer/phoenix_oauth2_provider/issues/40) Implement token introspection as per [RFC-7662](https://datatracker.ietf.org/doc/html/rfc7662): - introspection works on either access token or refresh token - introspection only works for tokens from the provided client Useful...
I send invalid scopes in client credentials grant and I god error 500, I suspect that problem start [here](https://github.com/danschultzer/ex_oauth2_provider/blob/master/lib/ex_oauth2_provider/oauth2/token/strategy/client_credentials.ex#L49) where touple `{:error, changeset}` is returned and `add_error` expect only [{:error,...
Right now ExOauth2Provider relies on `preload/2` to load the owner from the access token: https://github.com/danschultzer/ex_oauth2_provider/blob/master/lib/ex_oauth2_provider.ex#L92-L98 In our application this less than ideal as we need to do some additional loading...
Metadata
Owner
Metadata
Making OAuth 2 provider and authentication with http bearer as simple as possible for Elixir and Phoenix apps