# UeberauthOidcc

![pipeline status badge](
![coverage badge](
![latest release badge](

Implementation of [Ueberauth.Strategy]( based on the [Oidcc]( library.

## Installation

The package can be installed by adding `ueberauth_oidcc` to your list of dependencies in `mix.exs`:

def deps do
    {:ueberauth_oidcc, "~> 0.2.0"}

## Configuration

1. Add an OIDC Issuer to your Ueberauth configuration.

An issuer is a single OIDC endpoint, but it can be shared by multiple
`Ueberauth.Strategy.Oidcc` providers.

``` elixir
config :ueberauth_oidcc, :issuers, [
  %{name: :oidcc_issuer, issuer: "<issuer URI>"}

The issuer must provide OIDC configuration at `<issuer URI>/.well-known/openid-configuration`.

[oidcc_provider_configuration:opts/0]( for issuer parameters.

2. Add the `Ueberauth.Strategy.Oidcc` strategy to your configuration.

See [Ueberauth]( and [Oidcc]( for a list of supported options.

config :ueberauth, Ueberauth,
  providers: [
    oidc: { Ueberauth.Strategy.Oidcc,
      issuer: :oidcc_issuer, # matches the name above
      client_id: "client_id",
      client_secret: "123456789",
      scopes: ["openid", "profile", "email"],
      # optional
      callback_path: "/auth/oidc/callback",
      userinfo: true, # whether to pull info from the Userinfo endpoint, default: false
      validate_scopes: true, # whether to validate the returned scopes are a subset of those request, default: false
      uid_field: "email", # pulled from the merge of the claims and userinfo (if fetched), default: sub
      authorization_params: %{}, # additional parameters for the authorization request
      authorization_endpoint: "https://oidc-override/request" # override the initial request URI
The core Ueberauth configuration is only read at compile time, so if you have runtime configuration you'll need to put it under the `:ueberauth_oidcc` `:providers` config. 

config :ueberauth, Ueberauth,
  providers: [
    oidc: { Ueberauth.Strategy.Oidcc,
      issuer: :oidcc_issuer,
      client_id: "client_id"

 config :ueberauth_oidcc, :providers,
  oidc: [
    client_secret: System.fetch_env!("OIDC_CLIENT_SECRET")

## Usage

1. Include the Ueberauth plug in your controller:

defmodule MyApp.AuthController do
  use MyApp.Web, :controller
  plug Ueberauth

2. Create the request and callback routes if you haven't already:

scope "/auth", MyApp do
  pipe_through :browser

  get "/:unused", AuthController, :request
  get "/:unused/callback", AuthController, :callback

3. Your controller needs to implement `callback/2` to deal with `Ueberauth.Auth`
and `Ueberauth.Failure` responses. For an example implementation see the
[Ueberauth Example]( application.

   - `Ueberauth.Auth.Credentials` contains the `access_token` and related fields
     - The `other` map in `Ueberauth.Auth.Credentials` contains `id_token`
   - `Ueberauth.Auth.Extra` contains the raw claims, userinfo, and options

## Calling

Depending on the configured url, you can initialize the request through:


## Documentation

Documentation can be generated with [ExDoc](
and or found at <>.

## License

Released under the MIT License. Please see [LICENSE](./LICENSE) for details.