erlef / oidcc Goto Github PK
View Code? Open in Web Editor NEWOpenId Connect client library in Erlang & Elixir
Home Page: https://hexdocs.pm/oidcc
License: Apache License 2.0
OpenId Connect client library in Erlang & Elixir
Home Page: https://hexdocs.pm/oidcc
License: Apache License 2.0
oidcc_http_util line 40
solution: add providers with configuration in the supervisor, so a restart also reconfigures the provider.
so it still crashes yet gets restarted
I'm trying to include this in a mix project as a dependency and am hitting some issues.
After adding to mix.exs
like this:
defp deps do
[ . . .
{:oidcc, github: "indigo-dc/oidcc/"},
]
end
We got this error.
Dependencies have diverged:
* ranch (https://github.com/extend/ranch.git)
different specs were given for the ranch app:
> In deps/gun/rebar.config:
{:ranch, ~r/.*/, [git: "https://github.com/extend/ranch.git", ref: "master", manager: :rebar]}
> In deps/cowboy/rebar.config:
{:ranch, ~r/.*/, [git: "https://github.com/ninenines/ranch.git", ref: "1.0.0", manager: :rebar]}
Ensure they match or specify one of the above in your deps and set "override: true"
* cowlib (https://github.com/extend/cowlib.git)
different specs were given for the cowlib app:
> In deps/gun/rebar.config:
{:cowlib, ~r/.*/, [git: "https://github.com/extend/cowlib.git", ref: "1.3.0", manager: :rebar]}
> In deps/cowboy/rebar.config:
{:cowlib, ~r/.*/, [git: "https://github.com/ninenines/cowlib.git", ref: "1.0.0", manager: :rebar]}
Ensure they match or specify one of the above in your deps and set "override: true"
** (Mix) Can't continue due to errors on dependencies
So we tried overriding the dependencies like so:
defp deps do
[. . .
{:oidcc, github: "indigo-dc/oidcc/"},
{:ranch, ~r/.*/, [env: :prod, git: "https://github.com/extend/ranch.git", ref: "1.2.1", manager: :rebar, override: true]},
{:cowlib, ~r/.*/, [env: :prod, git: "https://github.com/extend/cowlib.git", ref: "1.3.0", manager: :rebar, override: true]},
]
end
which got all the deps succesfully but now it's failing here in mix compile
:
==> jsx (compile)
Compiled src/jsx_verify.erl
Compiled src/jsx_to_term.erl
Compiled src/jsx_to_json.erl
Compiled src/jsx_encoder.erl
Compiled src/jsx_consult.erl
Compiled src/jsx_config.erl
Compiled src/jsx.erl
Compiled src/jsx_parser.erl
Compiled src/jsx_decoder.erl
Uncaught error in rebar_core: {'EXIT',
{function_clause,
[{code,which,
[{rebar3_lint,
{git,
"https://github.com/bwegh/rebar3_lint.git",
{branch,"master"}}}],
[{file,"code.erl"},{line,719}]},
{rebar_core,'-plugin_modules/3-lc$^0/1-0-',
1,
[{file,"src/rebar_core.erl"},{line,573}]},
{rebar_core,plugin_modules,3,
[{file,"src/rebar_core.erl"},{line,573}]},
{rebar_core,process_dir1,7,
[{file,"src/rebar_core.erl"},{line,244}]},
{rebar_core,process_commands,2,
[{file,"src/rebar_core.erl"},{line,93}]},
{rebar,main,1,
[{file,"src/rebar.erl"},{line,58}]},
{escript,run,2,
[{file,"escript.erl"},{line,757}]},
{escript,start,1,
[{file,"escript.erl"},{line,277}]}]}}
Do you have any suggestions on how to proceed? Thanks!
elixir --version
Erlang/OTP 19 [erts-8.0.2] [source] [64-bit] [smp:8:8] [async-threads:10] [hipe] [kernel-poll:false] [dtrace]
Elixir 1.3.2
by enhancing the ssl_verify_fun
also recheck if new tests are needed
this is also needed for #82
needs to be registered with
userinfo_signed_response_alg=RS256
(or similar supported JWT algorithm)
the userinfo will then be a JWT
this lowers the dependencies of oidcc.
performance is not much of a matter as the communication is only used for login and fetching the configuration.
both, valid and invalid information for a configurable amount of time, max should be the lifetime of the token
Idea:
if 10 parallel request all need the same http request to be performed:
should https://github.com/indigo-dc/oidcc/blob/master/src/oidcc_http_util.erl#L160 be returned as a list? I am getting an argument error with:
:lists.keysearch(:version, 1, [{:timeout, 300000} | {:error, :missing_cacertfile}])
this enables setting the max duration for pending caches and ensure no timing issues.
at least these profiles:
as the configuration endpoint can be derived from the issuer and vice versa
both can be specified without causing issues.
the none algorithm is only allowed when directly communicating with a provider via SSL
add session support for the complete handshake, so the library user can hand off the complete process to the library.
this will include:
keys should be fetched with the above accepted encoding.
so other erlang http servers can also be supported
unify the api, so future changes possibly won't need an api change
so arbitrary data can be passed on success and fail.
these can include implementation specific argument, like
to be most generic it will be a map, which might or might not contain key/value pairs.
at the moment not yet possible due to
https://github.com/erlware/uri
not yet on hex.pm
possible once TLS issue is sorted out
there are OpenId Connect providers that somtimes do not send an id token, this must be handled in a nicer way
ensure it contains 'authorization_code' before marking a provider as ready
and response_type 'code'
the thrown error is: {error,azp_missing}
the causing line is:
https://github.com/indigo-dc/oidcc/blob/f833fe63c7504f76e77612e9c75a5d93852ab9be/src/oidcc_token.erl#L121
solution will be to change the test to validate also check that there are more than one entry in the list
will be added automatically by order
might lead to a login failure if the keys need to be fetched during login
Following OpenId Connect discovery
https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig
different providers might support different scopes so a way to add an openid provider with
a set of scopes would be very helpful.
from jsx to jsone, as it is RFC compliant and faster
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.