comet.sh / atex
An Elixir toolkit for the AT Protocol. hexdocs.pm/atex
elixir bluesky atproto decentralization
fork atom

Add opts argument to functions in Atex.OAuth module #2

merged opened by lekkice.moe targeting main from lekkice.moe/atex: oauth-opts

This PR adds an opts argument to allow overriding config values. This makes integration with external frameworks easier, as secrets can be provided at the function call level.

Labels

None yet.

assignee

None yet.

Participants 2
AT URI
at://did:plc:dgzvruva4jbzqbta335jtvoz/sh.tangled.repo.pull/3mdgohawhku22
+34 -24
Diff #0
+34 -24
lib/atex/oauth.ex
··· 52 52 Get a map cnotaining the client metadata information needed for an 53 53 authorization server to validate this client. 54 54 """ 55 - @spec create_client_metadata() :: map() 56 - def create_client_metadata() do 57 - key = Config.get_key() 55 + @spec create_client_metadata(list()) :: map() 56 + def create_client_metadata(opts \\ []) do 57 + key = opts[:key] || Config.get_key() 58 58 {_, jwk} = key |> JOSE.JWK.to_public_map() 59 59 jwk = Map.merge(jwk, %{use: "sig", kid: key.fields["kid"]}) 60 60 61 + redirect_uris = 62 + [ 63 + opts[:redirect_uri] || Config.redirect_uri() 64 + | opts[:extra_redirect_uris] || Config.extra_redirect_uris() 65 + ] 66 + 61 67 %{ 62 - client_id: Config.client_id(), 63 - redirect_uris: [Config.redirect_uri() | Config.extra_redirect_uris()], 68 + client_id: opts[:client_id] || Config.client_id(), 69 + redirect_uris: redirect_uris, 64 70 application_type: "web", 65 71 grant_types: ["authorization_code", "refresh_token"], 66 - scope: Config.scopes(), 72 + scope: opts[:scopes] || Config.scopes(), 67 73 response_type: ["code"], 68 74 token_endpoint_auth_method: "private_key_jwt", 69 75 token_endpoint_auth_signing_alg: "ES256", ··· 129 135 authorization_metadata(), 130 136 String.t(), 131 137 String.t(), 132 - String.t() 138 + String.t(), 139 + list() 133 140 ) :: {:ok, String.t()} | {:error, any()} 134 141 def create_authorization_url( 135 142 authz_metadata, 136 143 state, 137 144 code_verifier, 138 - login_hint 145 + login_hint, 146 + opts \\ [] 139 147 ) do 140 148 code_challenge = :crypto.hash(:sha256, code_verifier) |> Base.url_encode64(padding: false) 141 - key = get_key() 149 + key = opts[:key] || get_key() 142 150 143 151 client_assertion = 144 - create_client_assertion(key, Config.client_id(), authz_metadata.issuer) 152 + create_client_assertion(key, opts[:client_id] || Config.client_id(), authz_metadata.issuer) 145 153 146 154 body = 147 155 %{ 148 156 response_type: "code", 149 - client_id: Config.client_id(), 150 - redirect_uri: Config.redirect_uri(), 157 + client_id: opts[:client_id] || Config.client_id(), 158 + redirect_uri: opts[:redirect_uri] || Config.redirect_uri(), 151 159 state: state, 152 160 code_challenge_method: "S256", 153 161 code_challenge: code_challenge, 154 - scope: Config.scopes(), 162 + scope: opts[:scopes] || Config.scopes(), 155 163 client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", 156 164 client_assertion: client_assertion, 157 165 login_hint: login_hint ··· 160 168 case Req.post(authz_metadata.par_endpoint, form: body) do 161 169 {:ok, %{body: %{"request_uri" => request_uri}}} -> 162 170 query = 163 - %{client_id: Config.client_id(), request_uri: request_uri} 171 + %{client_id: opts[:client_id] || Config.client_id(), request_uri: request_uri} 164 172 |> URI.encode_query() 165 173 166 174 {:ok, "#{authz_metadata.authorization_endpoint}?#{query}"} ··· 196 204 authorization_metadata(), 197 205 JOSE.JWK.t(), 198 206 String.t(), 199 - String.t() 207 + String.t(), 208 + list() 200 209 ) :: {:ok, tokens(), String.t()} | {:error, any()} 201 210 def validate_authorization_code( 202 211 authz_metadata, 203 212 dpop_key, 204 213 code, 205 - code_verifier 214 + code_verifier, 215 + opts \\ [] 206 216 ) do 207 - key = get_key() 217 + key = opts[:key] || get_key() 208 218 209 219 client_assertion = 210 - create_client_assertion(key, Config.client_id(), authz_metadata.issuer) 220 + create_client_assertion(key, opts[:client_id] || Config.client_id(), authz_metadata.issuer) 211 221 212 222 body = 213 223 %{ 214 224 grant_type: "authorization_code", 215 - client_id: Config.client_id(), 216 - redirect_uri: Config.redirect_uri(), 225 + client_id: opts[:client_id] || Config.client_id(), 226 + redirect_uri: opts[:redirect_uri] || Config.redirect_uri(), 217 227 code: code, 218 228 code_verifier: code_verifier, 219 229 client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", ··· 245 255 end 246 256 end 247 257 248 - def refresh_token(refresh_token, dpop_key, issuer, token_endpoint) do 249 - key = get_key() 258 + def refresh_token(refresh_token, dpop_key, issuer, token_endpoint, opts \\ []) do 259 + key = opts[:key] || get_key() 250 260 251 261 client_assertion = 252 - create_client_assertion(key, Config.client_id(), issuer) 262 + create_client_assertion(key, opts[:client_id] || Config.client_id(), issuer) 253 263 254 264 body = %{ 255 265 grant_type: "refresh_token", 256 266 refresh_token: refresh_token, 257 - client_id: Config.client_id(), 267 + client_id: opts[:client_id] || Config.client_id(), 258 268 client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", 259 269 client_assertion: client_assertion 260 270 }

History

2 rounds 5 comments
sign up or login to add to the discussion
lekkice.moe submitted #1
diff interdiff
1 commit
expand
fdcad938
refactor: add opts argument to Oauth module
expand 1 comment
ovyerus.com

Thank you!

pull request successfully merged
lekkice.moe submitted #0
1 commit
expand
75481f7e
refactor: add opts argument to Oauth module
expand 4 comments
ovyerus.com

Permissions are a bit broken for my tangled repos at the moment, recreate this PR on https://github.com/cometsh/atex instead and I can merge there.

ovyerus.com

Nevermind, it's been resolved and I can do things now.

ovyerus.com

Could you use Keyword.validate & Keyword.get to be consistent with the rest of the codebase?

lekkice.moe

no problem, i fixed the typespecs too