README.md

# Überauth OIDC

> OIDC Provider for Ueberauth using the OpenIDProvider library.

This library provides an OIDC strategy for Ueberauth using the information in the `/.well-known` url.
Only supports `authorization_code` flow for now.
Has optional support for `/userinfo` endpoints, and has the option to get a user's `uid_field` from either the claims or the userinfo.

*Originally based on rng2/ueberauth_oidc but has now diverged significantly from the source*

## Installation

1. Add `:ueberauth_oidc` to your list of dependencies in `mix.exs`:

    ```elixir
    def deps do
      [{:ueberauth_oidc, git: "https://github.com/DefactoSoftware/ueberauth_oidc.git"}]
    end
    ```

   Or if available in hex:

   ```elixir
    def deps do
      [{:ueberauth_oidc, "~> 1.0"}]
    end
   ```

## Configuration

1. Add OIDC to your Ueberauth configuration:

    ```elixir
    config :ueberauth, Ueberauth,
      providers: [
        oidc: { Ueberauth.Strategy.OIDC, [
          default: [
            # required, set to default provider you want to use
            provider: :default_oidc,

            # optional
            uid_field: :sub
          ],

          # optional override for each provider
          google: [uid_field: :email],
          ...
        ] }
      ]
    ```

1. Update your provider configuration.
See [OpenIDConnect](https://hexdocs.pm/openid_connect/readme.html)
for a list of supported options.

    ```elixir
    config :ueberauth, Ueberauth.Strategy.OIDC,
      # one or more providers
      default_oidc: [
        fetch_userinfo: true, # true/false
        userinfo_uid_field: "upn", # only include if getting the user_id from userinfo
        uid_field: "sub" # only include if getting the user_id from the claims
        discovery_document_uri: "https://oidc.example/.well-known/openid-configuration",
        client_id: "client_id",
        client_secret: "123456789",
        redirect_uri: "https://your.url/auth/oidc/callback",
        response_type: "code",
        scope: "openid profile email"
      ],
      ...
    ```

## Usage

1. Include the Ueberauth plug in your controller:

    ```elixir
    defmodule MyApp.AuthController do
      use MyApp.Web, :controller
      plug Ueberauth
      ...
    end
    ```

1. Create the request and callback routes if you haven't already:

    ```elixir
    scope "/auth", MyApp do
      pipe_through :browser

      get "/:unused", AuthController, :request
      get "/:unused/callback", AuthController, :callback
    end
    ```

1. Your controller needs to implement callbacks to deal with `Ueberauth.Auth`
and `Ueberauth.Failure` responses. For an example implementation see the
[Ueberauth Example](https://github.com/ueberauth/ueberauth_example) application.
Note that the `Ueberauth.Strategy.Info` struct stored in `Ueberauth.Auth`
will be empty. Use the information in `Ueberauth.Auth.Credentials` and
`Ueberauth.Strategy.Extra` instead:

   - `Ueberauth.Auth.Credentials` contains the `access_token` and related fields

   - The `other` map in `Ueberauth.Auth.Credentials` contains `provider` and `user_info`

   - `Ueberauth.Strategy.Extra` contains the raw claims, tokens and opts

1.  Add `OpenIDConnect.Worker` with a provider list during application startup:

	  ```elixir
    def start(_type, _args) do
      ...
      children = [
        ...,
        {OpenIDConnect.Worker, Application.get_env(:ueberauth, Ueberauth.Strategy.OIDC)},
        ...
      ]
      ...
      Supervisor.start_link(children, opts)
    end
    ```

## Calling

Depending on the configured url, you can initialize the request through:

    /auth/oidc

To use another provider instead of the configured default, add the `oidc_provider` option:

    /auth/oidc?oidc_provider=google

## License

Please see [LICENSE](https://github.com/DefactoSoftware/ueberauth_oidc/blob/master/LICENSE)
for licensing details.

Loosely based on [rng2/ueberauth_oidc](https://github.com/rng2/ueberauth_oidc).