This module provides oauth2 based login. Oauth2 is a federated identity protocol. It allows a user to login to a service by redirecting to an identity provider. After validating the user, the identity provider redirects back to our service. In the process we obtain an anonymous identifier for the user and optionally user attributes such as the user's name, email, etc.
As oauth2 does not use HTTP authentication the fact that a user has logged in must be handled using an HTTP session.
Using this module requires the user to define two hooks:
oauth2(ServerID/reply)
. It may be left
undefined if the server can find its own location. This URI
is normally registered with the identity provider.url
,
followed by /.well-known/openid-configuration
. The
discovery URL is used if one of the other required attributes
is not defined by the hook.cert_accept_any
, any certificate
is accepted. This can be used to deal with self-signed
certificates in expertimental setups.oauth2(reply)
.
If this hook fails, oauth2_reply/2 returns a text/plain
document with the obtained information. This can be used for
debugging and development purposes.
access_token
.