<img align="left" src="" width="150px" style="margin-right: 15px">

# Oidcc.Plug

[![EEF Security WG project](](
[![Main Branch](](
[![Module Version](](
[![Total Download](](
[![Last Updated](](
[![Coverage Status](](

Plug Integration for [`oidcc`]( library.

<!-- TODO: Uncomment after certification -->
OpenID Certified by Jonatan Männchen at the Erlang Ecosystem Foundation for the
basic and configuration profile of the OpenID Connect protocol. For details,
check the [Conformance Documentation](

![OpenID Connect Certified Logo](

<picture style="margin-right: 15px; float: left">
  <source media="(prefers-color-scheme: dark)" srcset="" width="115px" align="left">
  <source media="(prefers-color-scheme: light)" srcset="" width="115px" align="left">
  <img alt="Erlang Ecosystem Foundation Logo" src="" width="115px" align="left">

The development of the library and the certification is funded as an
[Erlang Ecosystem Foundation]( stipend entered by the
[Security Working Group](

## Installation

The package can be installed by adding `oidcc_plug` to your list of dependencies
in `mix.exs`:

def deps do
    {:oidcc_plug, "~> 0.1.0"}

## Usage

defmodule SampleApp.Application do
  # ...

  @impl true
  def start(_type, _args) do
    children = [
      # ...

      {Oidcc.ProviderConfiguration.Worker, %{
        issuer: "",
        name: SampleApp.GoogleOpenIdConfigurationProvider

      # Start the Endpoint (http/https)

    # See
    # for other strategies and supported options
    opts = [strategy: :one_for_one, name: SampleApp.Supervisor]
    Supervisor.start_link(children, opts)

  # ...

defmodule SampleAppWeb.Endpoint do
  use Phoenix.Endpoint, otp_app: :sample_app

  # ...

  plug Oidcc.Plug.ExtractAuthorization

  @client_id Application.compile_env!(:sample_app, [:openid_credentials, :client_id])
  @client_secret Application.compile_env!(:sample_app, [:openid_credentials, :client_secret])

  # Check Token via Introspection
  plug Oidcc.Plug.IntrospectToken,
    provider: SampleApp.GoogleOpenIdConfigurationProvider,
    client_id: @client_id,
    client_secret: @client_secret

  # OR: Check Token via Userinfo
  plug Oidcc.Plug.LoadUserinfo,
    provider: SampleApp.GoogleOpenIdConfigurationProvider,
    client_id: @client_id,
    client_secret: @client_secret

  # OR: Check Token via JWT validation
  plug Oidcc.Plug.ValidateJwtToken,
    provider: SampleApp.GoogleOpenIdConfigurationProvider,
    client_id: @client_id,
    client_secret: @client_secret

  plug SampleAppWeb.Router