Skip to content

Commit 7cbaf6e

Browse files
filmorfilmor
committed
Allow the application to pass additional options to validate_id_token
For example to change the behaviour with regard to the `azp` claim.
1 parent a5a8e4e commit 7cbaf6e

File tree

1 file changed

+11
-4
lines changed

1 file changed

+11
-4
lines changed

lib/oidcc/plug/validate_jwt_token.ex

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ defmodule Oidcc.Plug.ValidateJwtToken do
1515
plug Oidcc.Plug.ValidateJwtToken,
1616
provider: SampleApp.GoogleOpenIdConfigurationProvider,
1717
client_id: Application.compile_env!(:sample_app, [Oidcc.Plug.ValidateJwtToken, :client_id]),
18-
client_secret: Application.compile_env!(:sample_app, [Oidcc.Plug.ValidateJwtToken, :client_secret])
18+
client_secret: Application.compile_env!(:sample_app, [Oidcc.Plug.ValidateJwtToken, :client_secret]),
1919
2020
plug SampleAppWeb.Router
2121
end
@@ -43,13 +43,15 @@ defmodule Oidcc.Plug.ValidateJwtToken do
4343
to fetch the client context from a store instead of using the `provider`, `client_id` and `client_secret`
4444
directly. This is useful for storing the client context in a database or other persistent
4545
storage.
46+
* `validate_opts` - A map of options to pass to `Oidcc.Token.validate_id_token/3`.
4647
"""
4748
@typedoc since: "0.1.0"
4849
@type opts :: [
4950
provider: GenServer.name(),
5051
client_id: String.t() | (-> String.t()),
5152
client_secret: String.t() | (-> String.t()),
52-
send_inactive_token_response: (conn :: Plug.Conn.t() -> Plug.Conn.t())
53+
send_inactive_token_response: (conn :: Plug.Conn.t() -> Plug.Conn.t()),
54+
validate_opts: Oidcc.Token.validate_id_token_opts()
5355
]
5456

5557
defmodule Error do
@@ -74,7 +76,8 @@ defmodule Oidcc.Plug.ValidateJwtToken do
7476
:provider,
7577
:client_id,
7678
:client_secret,
77-
send_inactive_token_response: &__MODULE__.send_inactive_token_response/1
79+
send_inactive_token_response: &__MODULE__.send_inactive_token_response/1,
80+
validate_opts: %{}
7881
])
7982
|> Utils.validate_client_context_opts!()
8083

@@ -86,7 +89,11 @@ defmodule Oidcc.Plug.ValidateJwtToken do
8689

8790
refresh_jwks = Utils.get_refresh_jwks_fun(opts)
8891

89-
validate_opts = %{nonce: :any, refresh_jwks: refresh_jwks}
92+
validate_opts =
93+
Map.merge(
94+
opts[:validate_opts],
95+
%{nonce: :any, refresh_jwks: refresh_jwks}
96+
)
9097

9198
with {:ok, client_context} <-
9299
Utils.get_client_context(conn, opts),

0 commit comments

Comments
 (0)