OAuthクライアント作成
クライアントID/シークレット
# id = SecureRandom.uuid()
# secret = SecureRandom.hex(64)
id = "ceeffaba-4e66-42b0-8490-0488aa9c9a95"
secret =
"7a12a9894977231919c7fc990cc5deb7abd7f3e7f118f6c53fd9aaeadb8c12d6e0ba66079c57b61b648ff0f5717dee2820d1ca13df32f637d02121985eb60260"
[client_id: id, client_secret: secret]
クライアント作成
Boruta.Ecto.Admin.create_client(%{
# OAuth client_id
id: id,
# OAuth client_secret
secret: secret,
# Display name
name: "Bright local",
# one day
access_token_ttl: 60 * 60 * 24,
# one minute
authorization_code_ttl: 60,
# one month
refresh_token_ttl: 60 * 60 * 24 * 30,
# one day
id_token_ttl: 60 * 60 * 24,
# ID token signature algorithm, defaults to "RS512"
id_token_signature_alg: "RS256",
# userinfo signature algorithm, defaults to nil (no signature)
userinfo_signed_response_alg: "RS256",
# OAuth client redirect_uris
redirect_uris: [
"http://localhost:4001/auth/bright/callback",
"http://localhost:4001/auth/oidc/callback"
],
# take following authorized_scopes into account (skip public scopes)
authorize_scope: true,
# scopes that are authorized using this client
authorized_scopes: [%{name: "a:scope"}],
# client supported grant types
supported_grant_types: [
"client_credentials",
"password",
"authorization_code",
"refresh_token",
"implicit",
"revoke",
"introspect"
],
# PKCE enabled
pkce: false,
# do not require client_secret for refreshing tokens
public_refresh_token: false,
# do not require client_secret for revoking tokens
public_revoke: false,
# see OAuth 2.0 confidentiality (requires client secret for some flows)
confidential: true,
# activable client authentication methods
token_endpont_auth_methods: [
"client_secret_basic",
"client_secret_post",
"client_secret_jwt",
"private_key_jwt"
],
# associated to authentication methods, the algorithm to use along
token_endpoint_jwt_auth_alg: "HS256",
# pem public key to be used with `private_key_jwt` authentication method
jwt_public_key: nil
})
