refactor: add opts argument to Oauth module

lekkice.moe / atex

forked from comet.sh/atex

fork atom

A set of utilities for working with the AT Protocol in Elixir.

fork atom

refactor: add opts argument to Oauth module

lekkice.moe 1 month ago 75481f7e f3ce4f63

+34 -24

1 changed file

expand all

lib

atex

oauth.ex

+34 -24

lib/atex/oauth.ex

··· 52 52 Get a map cnotaining the client metadata information needed for an 53 53 authorization server to validate this client. 54 54 """ 55 - @spec create_client_metadata() :: map() 56 - def create_client_metadata() do 57 - key = Config.get_key() 55 + @spec create_client_metadata(list()) :: map() 56 + def create_client_metadata(opts \\ []) do 57 + key = opts[:key] || Config.get_key() 58 58 {_, jwk} = key |> JOSE.JWK.to_public_map() 59 59 jwk = Map.merge(jwk, %{use: "sig", kid: key.fields["kid"]}) 60 60 61 + redirect_uris = 62 + [ 63 + opts[:redirect_uri] || Config.redirect_uri() 64 + | opts[:extra_redirect_uris] || Config.extra_redirect_uris() 65 + ] 66 + 61 67 %{ 62 - client_id: Config.client_id(), 63 - redirect_uris: [Config.redirect_uri() | Config.extra_redirect_uris()], 68 + client_id: opts[:client_id] || Config.client_id(), 69 + redirect_uris: redirect_uris, 64 70 application_type: "web", 65 71 grant_types: ["authorization_code", "refresh_token"], 66 - scope: Config.scopes(), 72 + scope: opts[:scopes] || Config.scopes(), 67 73 response_type: ["code"], 68 74 token_endpoint_auth_method: "private_key_jwt", 69 75 token_endpoint_auth_signing_alg: "ES256", ··· 129 135 authorization_metadata(), 130 136 String.t(), 131 137 String.t(), 132 - String.t() 138 + String.t(), 139 + list() 133 140 ) :: {:ok, String.t()} | {:error, any()} 134 141 def create_authorization_url( 135 142 authz_metadata, 136 143 state, 137 144 code_verifier, 138 - login_hint 145 + login_hint, 146 + opts \\ [] 139 147 ) do 140 148 code_challenge = :crypto.hash(:sha256, code_verifier) |> Base.url_encode64(padding: false) 141 - key = get_key() 149 + key = opts[:key] || get_key() 142 150 143 151 client_assertion = 144 - create_client_assertion(key, Config.client_id(), authz_metadata.issuer) 152 + create_client_assertion(key, opts[:client_id] || Config.client_id(), authz_metadata.issuer) 145 153 146 154 body = 147 155 %{ 148 156 response_type: "code", 149 - client_id: Config.client_id(), 150 - redirect_uri: Config.redirect_uri(), 157 + client_id: opts[:client_id] || Config.client_id(), 158 + redirect_uri: opts[:redirect_uri] || Config.redirect_uri(), 151 159 state: state, 152 160 code_challenge_method: "S256", 153 161 code_challenge: code_challenge, 154 - scope: Config.scopes(), 162 + scope: opts[:scopes] || Config.scopes(), 155 163 client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", 156 164 client_assertion: client_assertion, 157 165 login_hint: login_hint ··· 160 168 case Req.post(authz_metadata.par_endpoint, form: body) do 161 169 {:ok, %{body: %{"request_uri" => request_uri}}} -> 162 170 query = 163 - %{client_id: Config.client_id(), request_uri: request_uri} 171 + %{client_id: opts[:client_id] || Config.client_id(), request_uri: request_uri} 164 172 |> URI.encode_query() 165 173 166 174 {:ok, "#{authz_metadata.authorization_endpoint}?#{query}"} ··· 196 204 authorization_metadata(), 197 205 JOSE.JWK.t(), 198 206 String.t(), 199 - String.t() 207 + String.t(), 208 + list() 200 209 ) :: {:ok, tokens(), String.t()} | {:error, any()} 201 210 def validate_authorization_code( 202 211 authz_metadata, 203 212 dpop_key, 204 213 code, 205 - code_verifier 214 + code_verifier, 215 + opts \\ [] 206 216 ) do 207 - key = get_key() 217 + key = opts[:key] || get_key() 208 218 209 219 client_assertion = 210 - create_client_assertion(key, Config.client_id(), authz_metadata.issuer) 220 + create_client_assertion(key, opts[:client_id] || Config.client_id(), authz_metadata.issuer) 211 221 212 222 body = 213 223 %{ 214 224 grant_type: "authorization_code", 215 - client_id: Config.client_id(), 216 - redirect_uri: Config.redirect_uri(), 225 + client_id: opts[:client_id] || Config.client_id(), 226 + redirect_uri: opts[:redirect_uri] || Config.redirect_uri(), 217 227 code: code, 218 228 code_verifier: code_verifier, 219 229 client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", ··· 245 255 end 246 256 end 247 257 248 - def refresh_token(refresh_token, dpop_key, issuer, token_endpoint) do 249 - key = get_key() 258 + def refresh_token(refresh_token, dpop_key, issuer, token_endpoint, opts \\ []) do 259 + key = opts[:key] || get_key() 250 260 251 261 client_assertion = 252 - create_client_assertion(key, Config.client_id(), issuer) 262 + create_client_assertion(key, opts[:client_id] || Config.client_id(), issuer) 253 263 254 264 body = %{ 255 265 grant_type: "refresh_token", 256 266 refresh_token: refresh_token, 257 - client_id: Config.client_id(), 267 + client_id: opts[:client_id] || Config.client_id(), 258 268 client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", 259 269 client_assertion: client_assertion 260 270 }