Authorization endpoint implementation for OAuth2/OIDC.
Authorization endpoint implementation for OAuth2/OIDC.
Malli schema for authorization request parameters.
Malli schema for authorization request parameters.
Malli schema for authorization response.
Malli schema for authorization response.
(build-redirect-url {:keys [redirect-uri params]})Builds the redirect URL with query parameters.
Takes an authorization response map (from handle-authorization-approval or
handle-authorization-denial) containing a redirect URI and parameters. URL-encodes
the parameters and appends them to the redirect URI as query parameters, properly
handling whether the URI already contains a query string. Returns the complete
redirect URL string.
Builds the redirect URL with query parameters. Takes an authorization response map (from [[handle-authorization-approval]] or [[handle-authorization-denial]]) containing a redirect URI and parameters. URL-encodes the parameters and appends them to the redirect URI as query parameters, properly handling whether the URI already contains a query string. Returns the complete redirect URL string.
(handle-authorization-approval {:keys [response_type client_id redirect_uri
scope state nonce code_challenge
code_challenge_method resource]}
user-id
provider-config
code-store)Handles user approval of authorization request.
Takes a parsed authorization request (from parse-authorization-request), the
user ID of the approving user, provider configuration, and an AuthorizationCodeStore.
Generates an authorization code, calculates its expiry time, parses the requested
scopes, and saves the authorization code to the store. Returns an authorization
response map containing the redirect URI and response parameters (including the code
and optional state). Currently supports response_type "code"; throws ex-info for
unsupported response types.
Handles user approval of authorization request. Takes a parsed authorization request (from [[parse-authorization-request]]), the user ID of the approving user, provider configuration, and an AuthorizationCodeStore. Generates an authorization code, calculates its expiry time, parses the requested scopes, and saves the authorization code to the store. Returns an authorization response map containing the redirect URI and response parameters (including the code and optional state). Currently supports response_type "code"; throws ex-info for unsupported response types.
(handle-authorization-denial {:keys [redirect_uri state]}
error-code
error-description
provider-config)Handles user denial of authorization request.
Takes a parsed authorization request, an OAuth2 error code (defaults to
"access_denied" if not provided), a human-readable error description, and
provider configuration. Includes the iss response parameter per RFC 9207.
Returns the response map with the error, optional error description, and
optional state parameter.
Handles user denial of authorization request. Takes a parsed authorization request, an OAuth2 error code (defaults to "access_denied" if not provided), a human-readable error description, and provider configuration. Includes the `iss` response parameter per RFC 9207. Returns the response map with the error, optional error description, and optional state parameter.
(parse-authorization-request params client-store)Validates a pre-parsed authorization request.
Takes a params map with keyword keys (as produced by Ring's wrap-params and
wrap-keyword-params middleware) and a client-store implementing
oidc-provider.protocol/ClientStore. Validates against AuthorizationRequest,
looks up the client, and validates the redirect URI, response type, scopes, PKCE,
and resource indicator parameters. Returns the validated request map.
The :resource parameter may be a string (single value) or a vector (multiple
values); it is normalized to a vector. Throws ex-info on validation errors or
if the client is unknown.
Validates a pre-parsed authorization request. Takes a `params` map with keyword keys (as produced by Ring's `wrap-params` and `wrap-keyword-params` middleware) and a `client-store` implementing [[oidc-provider.protocol/ClientStore]]. Validates against [[AuthorizationRequest]], looks up the client, and validates the redirect URI, response type, scopes, PKCE, and resource indicator parameters. Returns the validated request map. The `:resource` parameter may be a string (single value) or a vector (multiple values); it is normalized to a vector. Throws `ex-info` on validation errors or if the client is unknown.
cljdoc builds & hosts documentation for Clojure/Script libraries
| Ctrl+k | Jump to recent docs |
| ← | Move to previous article |
| → | Move to next article |
| Ctrl+/ | Jump to the search field |