Skip to content

Latest commit

 

History

History
96 lines (76 loc) · 2.56 KB

README.md

File metadata and controls

96 lines (76 loc) · 2.56 KB

Elm OpenID Connect

This package offers some utilities to implement a client-side OpenID Connect authentication in Elm. It covers only the 'Implicit' grant type.

The design is heavily based on truqu/elm-oauth2, on which it will probably depend in a later version.

Getting Started

Installation

elm install elm-community/random-string
elm install solcates/elm-openid-connect

Usage

Imports

import OpenIDConnect
import OpenIDConnect.Decode

import Random
import Random.Char
import Random.String

Authorization

update : Msg -> Model -> ( Model, Cmd Msg )
update msg model =
    case msg of
        NoOp ->
            model ! []

        AuthorizeStart ->
            model !
                [ Random.generate Authorize <| Random.String.string 16 Random.Char.latin ]

        Authorize nonce ->
            -- The nonce should be stored in a local storage
            model
                ! [ OpenIDConnect.newAuth "authorizationEndpoint" "redirectUri" "clientId"
                    |> withScope ["extra", "scope"]  -- optional extra scope
                    |> withState "a state"  -- optional state
                    |> withNonce nonce -- A nonce, must be a random string!
                    |> OpenIDConnect.authorize
                  ]

Parsing the token

init : Navigation.Location -> ( Model, Cmd Msg )
init location =  -- The nonce should be passed as a flag
    let
        model = {}
    in
        -- If the nonce is known, use OpenIDConnect.parseWithNonce instead
        case OpenIDConnect.parse subDecoder location of
            -- A token has been parsed
            Ok token ->
                { model | token = Just token } ! []

            -- Nothing to parse, unauthenticated
            Err OpenIDConnect.NoToken ->
                model ! []

            -- An other type of error (invalid parsing or an actual OAuth error)
            Err _ ->
                model ! []

Using the token

let
    req =
        Http.request
            { method = "GET"
            , body = Http.emptyBody
            , headers = OpenIDConnect.use token [] -- Add the token to the http headers
            , withCredentials = False
            , url = "whatever"
            , expect = Http.expectJson decoder
            , timeout = Nothing
            }
in
    { model | token = Just token } ! [ Http.send handleResponse req ]