# Überauth OIDC

> OIDC Provider for Ueberauth using the OpenIDProvider library.

This library provides an OIDC strategy for Ueberauth using the information in the `/.well-known` url.
Only supports `authorization_code` flow for now.
Has optional support for `/userinfo` endpoints, and has the option to get a user's `uid_field` from either the claims or the userinfo.

*Originally based on rng2/ueberauth_oidc but has now diverged significantly from the source*

## Installation

1. Add `:ueberauth_oidc` to your list of dependencies in `mix.exs`:

    def deps do
      [{:ueberauth_oidc, git: ""}]

   Or if available in hex:

    def deps do
      [{:ueberauth_oidc, "~> 1.0"}]

## Configuration

1. Add OIDC to your Ueberauth configuration:

    config :ueberauth, Ueberauth,
      providers: [
        oidc: { Ueberauth.Strategy.OIDC, [
          default: [
            # required, set to default provider you want to use
            provider: :default_oidc,

            # optional
            uid_field: :sub

          # optional override for each provider
          google: [uid_field: :email],
        ] }

1. Update your provider configuration.
See [OpenIDConnect](
for a list of supported options.

    config :ueberauth, Ueberauth.Strategy.OIDC,
      # one or more providers
      default_oidc: [
        fetch_userinfo: true, # true/false
        userinfo_uid_field: "upn", # only include if getting the user_id from userinfo
        uid_field: "sub" # only include if getting the user_id from the claims
        discovery_document_uri: "https://oidc.example/.well-known/openid-configuration",
        client_id: "client_id",
        client_secret: "123456789",
        redirect_uri: "https://your.url/auth/oidc/callback",
        response_type: "code",
        scope: "openid profile email"

## Usage

1. Include the Ueberauth plug in your controller:

    defmodule MyApp.AuthController do
      use MyApp.Web, :controller
      plug Ueberauth

1. Create the request and callback routes if you haven't already:

    scope "/auth", MyApp do
      pipe_through :browser

      get "/:unused", AuthController, :request
      get "/:unused/callback", AuthController, :callback

1. Your controller needs to implement callbacks to deal with `Ueberauth.Auth`
and `Ueberauth.Failure` responses. For an example implementation see the
[Ueberauth Example]( application.
Note that the `Ueberauth.Strategy.Info` struct stored in `Ueberauth.Auth`
will be empty. Use the information in `Ueberauth.Auth.Credentials` and
`Ueberauth.Strategy.Extra` instead:

   - `Ueberauth.Auth.Credentials` contains the `access_token` and related fields

   - The `other` map in `Ueberauth.Auth.Credentials` contains `provider` and `user_info`

   - `Ueberauth.Strategy.Extra` contains the raw claims, tokens and opts

1.  Add `OpenIDConnect.Worker` with a provider list during application startup:

    def start(_type, _args) do
      children = [
        {OpenIDConnect.Worker, Application.get_env(:ueberauth, Ueberauth.Strategy.OIDC)},
      Supervisor.start_link(children, opts)

## Calling

Depending on the configured url, you can initialize the request through:


To use another provider instead of the configured default, add the `oidc_provider` option:


## License

Please see [LICENSE](
for licensing details.

Loosely based on [rng2/ueberauth_oidc](