OpenID Connect / OAuth 2.0 client library for Clojure. Port of https://github.com/panva/openid-client
OpenID Connect / OAuth 2.0 client library for Clojure. Port of https://github.com/panva/openid-client
(authorization-code-grant config opts)Exchange an authorization code for tokens.
opts map keys:
:code - the authorization code (required)
:redirect_uri - must match the one used in the authorization request
:code_verifier - PKCE code verifier (when PKCE was used)
Exchange an authorization `code` for tokens. `opts` map keys: :code - the authorization code (required) :redirect_uri - must match the one used in the authorization request :code_verifier - PKCE code verifier (when PKCE was used)
(base64url-decode s)Base64url-decode a string to bytes.
Base64url-decode a string to bytes.
(base64url-encode bs)Base64url-encode bytes (no padding).
Base64url-encode bytes (no padding).
(build-authorization-url config params)Build the authorization URL the user-agent should be redirected to.
config - configuration map from configuration
params - map of authorization request params, e.g.:
:redirect_uri, :scope, :state, :nonce,
:code_challenge, :code_challenge_method,
:response_type (default "code"), :response_mode, etc.
Build the authorization URL the user-agent should be redirected to. `config` - configuration map from `configuration` `params` - map of authorization request params, e.g.: :redirect_uri, :scope, :state, :nonce, :code_challenge, :code_challenge_method, :response_type (default "code"), :response_mode, etc.
(build-end-session-url config & [params])Build a RP-Initiated Logout URL.
params - optional map with :id_token_hint, :post_logout_redirect_uri, :state.
Build a RP-Initiated Logout URL. `params` - optional map with :id_token_hint, :post_logout_redirect_uri, :state.
(client-credentials-grant config & [extra-params])Perform a client credentials grant.
extra-params - optional map (e.g. :scope, :resource).
Perform a client credentials grant. `extra-params` - optional map (e.g. :scope, :resource).
(configuration server-metadata
client-id
&
[{:keys [client-secret redirect-uris
token-endpoint-auth-method]}])Build a client configuration.
server-metadata - map returned by discover (or constructed manually)
client-id - OAuth 2.0 client identifier
opts - optional map:
:client-secret - client secret (string)
:redirect-uris - vector of redirect URIs
:token-endpoint-auth-method - keyword, one of:
:client-secret-post (default when secret present)
:client-secret-basic
:none (default when no secret)
Build a client configuration.
`server-metadata` - map returned by `discover` (or constructed manually)
`client-id` - OAuth 2.0 client identifier
`opts` - optional map:
:client-secret - client secret (string)
:redirect-uris - vector of redirect URIs
:token-endpoint-auth-method - keyword, one of:
:client-secret-post (default when secret present)
:client-secret-basic
:none (default when no secret)(discover issuer)Fetch the OpenID Connect discovery document for issuer.
Returns the parsed server metadata map (keys are keywords matching
the standard JSON field names, e.g. :authorization_endpoint).
Fetch the OpenID Connect discovery document for `issuer`. Returns the parsed server metadata map (keys are keywords matching the standard JSON field names, e.g. :authorization_endpoint).
(fetch-protected-resource access-token
url
&
[{:keys [method] :or {method :get}}])Make a GET request to a protected resource with the given access-token.
Returns {:status :body :headers}.
Make a GET request to a protected resource with the given `access-token`.
Returns {:status :body :headers}.(fetch-userinfo config access-token)Fetch claims from the UserInfo endpoint using access-token.
Fetch claims from the UserInfo endpoint using `access-token`.
(introspect-token config token & [opts])Introspect a token. Returns the parsed introspection response.
Introspect a token. Returns the parsed introspection response.
(pkce-code-challenge code-verifier)Compute the S256 PKCE code_challenge for the given code-verifier.
Compute the S256 PKCE `code_challenge` for the given `code-verifier`.
(random-bytes n)Return n cryptographically random bytes.
Return `n` cryptographically random bytes.
(random-nonce)Generate a random nonce parameter value.
Generate a random `nonce` parameter value.
(random-pkce-code-verifier)Generate a random PKCE code_verifier.
Generate a random PKCE `code_verifier`.
(random-state)Generate a random state parameter value.
Generate a random `state` parameter value.
(refresh-token-grant config refresh-token & [extra-params])Use a refresh-token to obtain new tokens.
extra-params - optional map of additional params (e.g. :scope, :resource).
Use a `refresh-token` to obtain new tokens. `extra-params` - optional map of additional params (e.g. :scope, :resource).
(revoke-token config token & [opts])Revoke a token at the revocation endpoint.
opts - optional map with :token_type_hint ("access_token" or "refresh_token").
Revoke a token at the revocation endpoint.
`opts` - optional map with :token_type_hint ("access_token" or "refresh_token").(supports-pkce? server-metadata)Returns true if the server metadata indicates S256 PKCE support.
Returns true if the server metadata indicates S256 PKCE support.
cljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs |
| ← | Move to previous article |
| → | Move to next article |
| Ctrl+/ | Jump to the search field |