diff --git a/README.md b/README.md index e910fc2..b5583c7 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,5 @@ + + # oidcc [![EEF Security WG project](https://img.shields.io/badge/EEF-Security-black)](https://github.com/erlef/security-wg) @@ -14,11 +16,12 @@ OpenID Connect client library for Erlang. + The refactoring for `v3` and the certification is funded as an [Erlang Ecosystem Foundation](https://erlef.org/) stipend entered by the [Security Working Group](https://erlef.org/wg/security). diff --git a/assets/certified.svg b/assets/certified.svg new file mode 100644 index 0000000..13edd41 --- /dev/null +++ b/assets/certified.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/assets/logo.svg b/assets/logo.svg new file mode 100644 index 0000000..464817c --- /dev/null +++ b/assets/logo.svg @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/lib/oidcc.ex b/lib/oidcc.ex index e05c1f8..9273e3d 100644 --- a/lib/oidcc.ex +++ b/lib/oidcc.ex @@ -21,6 +21,7 @@ defmodule Oidcc do * `max_clock_skew` (default `0`) - Maximum allowed clock skew for JWT `exp` / `nbf` validation """ + @moduledoc since: "3.0.0" @doc """ Create Auth Redirect URL @@ -41,6 +42,7 @@ defmodule Oidcc do ...> ) """ + @doc since: "3.0.0" @spec create_redirect_url( provider_configuration_name :: GenServer.name(), client_id :: String.t(), @@ -79,6 +81,7 @@ defmodule Oidcc do ...> # => {:ok, %Oidcc.Token{}} """ + @doc since: "3.0.0" @spec retrieve_token( auth_code :: String.t(), provider_configuration_name :: GenServer.name(), @@ -121,6 +124,7 @@ defmodule Oidcc do ...> # => {:ok, %Oidcc.Token{}} """ + @doc since: "3.0.0" @spec refresh_token( refresh_token :: String.t(), provider_configuration_name :: GenServer.name(), @@ -172,6 +176,7 @@ defmodule Oidcc do ...> # => {:ok, %Oidcc.TokenIntrospection{}} """ + @doc since: "3.0.0" @spec introspect_token( access_token :: String.t() | Oidcc.Token.t(), provider_configuration_name :: GenServer.name(), @@ -229,6 +234,7 @@ defmodule Oidcc do ...> # => {:ok, %{"sub" => "sub"}} """ + @doc since: "3.0.0" @spec retrieve_userinfo( token :: Oidcc.Token.t(), provider_configuration_name :: GenServer.name(), @@ -284,6 +290,7 @@ defmodule Oidcc do ...> ) """ + @doc since: "3.0.0" @spec jwt_profile_token( subject :: String.t(), provider_configuration_name :: GenServer.name(), @@ -328,6 +335,7 @@ defmodule Oidcc do ...> ) """ + @doc since: "3.0.0" @spec client_credentials_token( provider_configuration_name :: GenServer.name(), client_id :: String.t(), diff --git a/lib/oidcc/authorization.ex b/lib/oidcc/authorization.ex index 5f97d43..d0322c6 100644 --- a/lib/oidcc/authorization.ex +++ b/lib/oidcc/authorization.ex @@ -2,6 +2,7 @@ defmodule Oidcc.Authorization do @moduledoc """ Functions to start an OpenID Connect Authorization """ + @moduledoc since: "3.0.0" alias Oidcc.ClientContext @@ -31,6 +32,7 @@ defmodule Oidcc.Authorization do ...> %{redirect_uri: "https://my.server/return"} ...> ) """ + @doc since: "3.0.0" @spec create_redirect_url( client_context :: ClientContext.t(), opts :: :oidcc_authorization.opts() diff --git a/lib/oidcc/client_context.ex b/lib/oidcc/client_context.ex index fea86bf..ba6b9e9 100644 --- a/lib/oidcc/client_context.ex +++ b/lib/oidcc/client_context.ex @@ -7,6 +7,7 @@ defmodule Oidcc.ClientContext do interface of `Oidcc`. In that case direct usage of this module is not needed. """ + @moduledoc since: "3.0.0" use Oidcc.RecordStruct, internal_name: :context, @@ -15,6 +16,7 @@ defmodule Oidcc.ClientContext do alias Oidcc.ProviderConfiguration + @typedoc since: "3.0.0" @type t() :: %__MODULE__{ provider_configuration: ProviderConfiguration.t(), jwks: JOSE.JWK.t(), @@ -47,6 +49,7 @@ defmodule Oidcc.ClientContext do ...> "client_Secret" ...> ) """ + @doc since: "3.0.0" @spec from_configuration_worker( provider_name :: GenServer.name(), client_id :: String.t(), @@ -86,6 +89,7 @@ defmodule Oidcc.ClientContext do ...> "client_Secret" ...> ) """ + @doc since: "3.0.0" @spec from_manual( configuration :: ProviderConfiguration.t(), jwks :: JOSE.JWK.t(), diff --git a/lib/oidcc/provider_configuration.ex b/lib/oidcc/provider_configuration.ex index 27bfe12..fcb92c5 100644 --- a/lib/oidcc/provider_configuration.ex +++ b/lib/oidcc/provider_configuration.ex @@ -50,6 +50,7 @@ defmodule Oidcc.ProviderConfiguration do #{telemetry_docs()} """ + @moduledoc since: "3.0.0" use Oidcc.RecordStruct, internal_name: :configuration, @@ -63,6 +64,7 @@ defmodule Oidcc.ProviderConfiguration do * https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata * https://datatracker.ietf.org/doc/html/draft-jones-oauth-discovery-01#section-4.1 """ + @typedoc since: "3.0.0" @type t() :: %__MODULE__{ issuer: :uri_string.uri_string(), authorization_endpoint: :uri_string.uri_string(), @@ -119,6 +121,7 @@ defmodule Oidcc.ProviderConfiguration do ...> _expiry ...> }} = Oidcc.ProviderConfiguration.load_configuration("https://accounts.google.com") """ + @doc since: "3.0.0" @spec load_configuration( issuer :: :uri_string.uri_string(), opts :: :oidcc_provider_configuration.opts() @@ -140,6 +143,7 @@ defmodule Oidcc.ProviderConfiguration do iex> {:ok, {%JOSE.JWK{}, _expiry}} = ...> Oidcc.ProviderConfiguration.load_jwks("https://www.googleapis.com/oauth2/v3/certs") """ + @doc since: "3.0.0" @spec load_jwks( jwks_uri :: :uri_string.uri_string(), opts :: :oidcc_provider_configuration.opts() @@ -166,6 +170,7 @@ defmodule Oidcc.ProviderConfiguration do ...> {:ok, %ProviderConfiguration{issuer: "https://accounts.google.com"}} = ...> Oidcc.ProviderConfiguration.decode_configuration(decoded_json) """ + @doc since: "3.0.0" @spec decode_configuration(configuration :: map()) :: {:ok, t()} | {:error, :oidcc_provider_configuration.error()} def decode_configuration(configuration) do diff --git a/lib/oidcc/provider_configuration/worker.ex b/lib/oidcc/provider_configuration/worker.ex index 02efb0e..699f713 100644 --- a/lib/oidcc/provider_configuration/worker.ex +++ b/lib/oidcc/provider_configuration/worker.ex @@ -12,12 +12,14 @@ defmodule Oidcc.ProviderConfiguration.Worker do ], strategy: :one_for_one) ``` """ + @moduledoc since: "3.0.0" alias Oidcc.ProviderConfiguration @typedoc """ See `t:oidcc_provider_configuration_worker.opts/0` """ + @typedoc since: "3.0.0" @type opts() :: %{ optional(:name) => GenServer.name(), required(:issuer) => :uri_string.uri_string(), @@ -35,6 +37,7 @@ defmodule Oidcc.ProviderConfiguration.Worker do ...> name: __MODULE__.GoogleConfigProvider ...> }) """ + @doc since: "3.0.0" @spec start_link(opts :: :oidcc_provider_configuration_worker.opts()) :: GenServer.on_start() def start_link(opts) @@ -66,6 +69,7 @@ defmodule Oidcc.ProviderConfiguration.Worker do ...> %Oidcc.ProviderConfiguration{issuer: "https://accounts.google.com"} = ...> Oidcc.ProviderConfiguration.Worker.get_provider_configuration(pid) """ + @doc since: "3.0.0" @spec get_provider_configuration(name :: GenServer.name()) :: ProviderConfiguration.t() def get_provider_configuration(name), do: @@ -85,6 +89,7 @@ defmodule Oidcc.ProviderConfiguration.Worker do ...> %JOSE.JWK{} = ...> Oidcc.ProviderConfiguration.Worker.get_jwks(pid) """ + @doc since: "3.0.0" @spec get_jwks(name :: GenServer.name()) :: JOSE.JWK.t() def get_jwks(name), do: @@ -103,6 +108,7 @@ defmodule Oidcc.ProviderConfiguration.Worker do ...> }) ...> :ok = Oidcc.ProviderConfiguration.Worker.refresh_configuration(pid) """ + @doc since: "3.0.0" @spec refresh_configuration(name :: GenServer.name()) :: :ok def refresh_configuration(name), do: :oidcc_provider_configuration_worker.refresh_configuration(name) @@ -118,6 +124,7 @@ defmodule Oidcc.ProviderConfiguration.Worker do ...> }) ...> :ok = Oidcc.ProviderConfiguration.Worker.refresh_jwks(pid) """ + @doc since: "3.0.0" @spec refresh_jwks(name :: GenServer.name()) :: :ok def refresh_jwks(name), do: :oidcc_provider_configuration_worker.refresh_jwks(name) @@ -133,6 +140,7 @@ defmodule Oidcc.ProviderConfiguration.Worker do ...> }) ...> :ok = Oidcc.ProviderConfiguration.Worker.refresh_jwks_for_unknown_kid(pid, "kid") """ + @doc since: "3.0.0" @spec refresh_jwks_for_unknown_kid(name :: GenServer.name(), kid :: String.t()) :: :ok def refresh_jwks_for_unknown_kid(name, kid), do: :oidcc_provider_configuration_worker.refresh_jwks_for_unknown_kid(name, kid) diff --git a/lib/oidcc/token.ex b/lib/oidcc/token.ex index 173dbdb..ad9762b 100644 --- a/lib/oidcc/token.ex +++ b/lib/oidcc/token.ex @@ -92,6 +92,7 @@ defmodule Oidcc.Token do #{telemetry_docs()} """ + @moduledoc since: "3.0.0" use Oidcc.RecordStruct, internal_name: :token, @@ -103,6 +104,7 @@ defmodule Oidcc.Token do alias Oidcc.Token.Id alias Oidcc.Token.Refresh + @typedoc since: "3.0.0" @type t() :: %__MODULE__{ id: Id.t() | none, access: Access.t() | none, @@ -145,6 +147,7 @@ defmodule Oidcc.Token do ...> # => {:ok, %Oidcc.Token{}} """ + @doc since: "3.0.0" @spec retrieve( auth_code :: String.t(), client_context :: ClientContext.t(), @@ -190,6 +193,7 @@ defmodule Oidcc.Token do ...> # => {:ok, %Oidcc.Token{}} """ + @doc since: "3.0.0" @spec refresh( refresh_token :: String.t(), client_context :: ClientContext.t(), @@ -241,6 +245,7 @@ defmodule Oidcc.Token do ...> # => {:ok, %{"sub" => "sub", ... }} """ + @doc since: "3.0.0" @spec validate_id_token( id_token :: String.t(), client_context :: ClientContext.t(), @@ -291,6 +296,7 @@ defmodule Oidcc.Token do ...> ) """ + @doc since: "3.0.0" @spec jwt_profile( subject :: String.t(), client_context :: ClientContext.t(), @@ -335,6 +341,7 @@ defmodule Oidcc.Token do ...> ) """ + @doc since: "3.0.0" @spec client_credentials( client_context :: ClientContext.t(), opts :: :oidcc_token.client_credentials_opts() diff --git a/lib/oidcc/token/access.ex b/lib/oidcc/token/access.ex index a698076..0bd59ea 100644 --- a/lib/oidcc/token/access.ex +++ b/lib/oidcc/token/access.ex @@ -2,6 +2,7 @@ defmodule Oidcc.Token.Access do @moduledoc """ Access Token struct """ + @moduledoc since: "3.0.0" use Oidcc.RecordStruct, internal_name: :token, @@ -10,6 +11,7 @@ defmodule Oidcc.Token.Access do record_type_name: :access, hrl: "include/oidcc_token.hrl" + @typedoc since: "3.0.0" @type t() :: %__MODULE__{ token: String.t(), expires: pos_integer() | :undefined diff --git a/lib/oidcc/token/id.ex b/lib/oidcc/token/id.ex index 3c3f5af..3d36a46 100644 --- a/lib/oidcc/token/id.ex +++ b/lib/oidcc/token/id.ex @@ -2,6 +2,7 @@ defmodule Oidcc.Token.Id do @moduledoc """ ID Token struct """ + @moduledoc since: "3.0.0" use Oidcc.RecordStruct, internal_name: :token, @@ -10,6 +11,7 @@ defmodule Oidcc.Token.Id do record_type_name: :id, hrl: "include/oidcc_token.hrl" + @typedoc since: "3.0.0" @type t() :: %__MODULE__{ token: String.t(), claims: :oidcc_jwt_util.claims() diff --git a/lib/oidcc/token/refresh.ex b/lib/oidcc/token/refresh.ex index 5fb715e..57a357d 100644 --- a/lib/oidcc/token/refresh.ex +++ b/lib/oidcc/token/refresh.ex @@ -2,6 +2,7 @@ defmodule Oidcc.Token.Refresh do @moduledoc """ Refresh Token struct """ + @moduledoc since: "3.0.0" use Oidcc.RecordStruct, internal_name: :token, @@ -10,6 +11,7 @@ defmodule Oidcc.Token.Refresh do record_type_name: :refresh, hrl: "include/oidcc_token.hrl" + @typedoc since: "3.0.0" @type t() :: %__MODULE__{ token: String.t() } diff --git a/lib/oidcc/token_introspection.ex b/lib/oidcc/token_introspection.ex index 36bde00..73ad0b2 100644 --- a/lib/oidcc/token_introspection.ex +++ b/lib/oidcc/token_introspection.ex @@ -31,6 +31,7 @@ defmodule Oidcc.TokenIntrospection do #{telemetry_docs()} """ + @moduledoc since: "3.0.0" use Oidcc.RecordStruct, internal_name: :introspection, @@ -40,6 +41,7 @@ defmodule Oidcc.TokenIntrospection do alias Oidcc.ClientContext alias Oidcc.Token + @typedoc since: "3.0.0" @type t() :: %__MODULE__{ active: boolean(), client_id: binary(), @@ -74,6 +76,7 @@ defmodule Oidcc.TokenIntrospection do ...> ) ...> # => {:ok, %Oidcc.TokenIntrospection{}} """ + @doc since: "3.0.0" @spec introspect( token :: String.t() | Token.t(), client_context :: ClientContext.t(), diff --git a/lib/oidcc/userinfo.ex b/lib/oidcc/userinfo.ex index 6d94cdb..0832766 100644 --- a/lib/oidcc/userinfo.ex +++ b/lib/oidcc/userinfo.ex @@ -31,6 +31,7 @@ defmodule Oidcc.Userinfo do #{telemetry_docs()} """ + @moduledoc since: "3.0.0" alias Oidcc.ClientContext alias Oidcc.Token @@ -66,6 +67,7 @@ defmodule Oidcc.Userinfo do ...> # => {:ok, %{"sub" => "sub"}} """ + @doc since: "3.0.0" @spec retrieve( access_token :: String.t(), client_context :: ClientContext.t(), diff --git a/mix.exs b/mix.exs index 5dce31f..e53b96b 100644 --- a/mix.exs +++ b/mix.exs @@ -70,7 +70,8 @@ defmodule Oidcc.Mixfile do source_ref: ref, main: "Oidcc", extras: ["README.md"], - groups_for_modules: [Erlang: [~r/oidcc/], "Elixir": [~r/Oidcc/]] + groups_for_modules: [Erlang: [~r/oidcc/], "Elixir": [~r/Oidcc/]], + logo: "assets/logo.svg" ] end diff --git a/src/oidcc.erl b/src/oidcc.erl index 7031900..177c873 100644 --- a/src/oidcc.erl +++ b/src/oidcc.erl @@ -22,6 +22,7 @@ %% `exp' / `nbf' validation %% %% @end +%% @since 3.0.0 %%%------------------------------------------------------------------- -module(oidcc). @@ -50,6 +51,7 @@ %% %% RedirectUri = https://my.provider/auth?scope=openid&response_type=code&client_id=client_id&redirect_uri=https%3A%2F%2Fmy.server%2Freturn %% ''' %% @end +%% @since 3.0.0 -spec create_redirect_url( ProviderConfigurationWorkerName, ClientId, @@ -92,6 +94,7 @@ create_redirect_url(ProviderConfigurationWorkerName, ClientId, ClientSecret, Opt %% #{redirect_uri => <<"https://example.com/callback">>}). %% ''' %% @end +%% @since 3.0.0 -spec retrieve_token( AuthCode, ProviderConfigurationWorkerName, @@ -138,6 +141,7 @@ retrieve_token(AuthCode, %% #{}). %% ''' %% @end +%% @since 3.0.0 -spec retrieve_userinfo ( Token, @@ -188,6 +192,8 @@ retrieve_userinfo(Token, %% <<"client_secret">>, %% #{expected_subject => <<"sub_from_initial_id_token>>}). %% ''' +%% @end +%% @since 3.0.0 -spec refresh_token ( RefreshToken, @@ -249,6 +255,7 @@ refresh_token(RefreshToken, %% #{}). %% ''' %% @end +%% @since 3.0.0 -spec introspect_token( Token, ProviderConfigurationWorkerName, @@ -298,6 +305,7 @@ introspect_token(Token, %% kid => maps:get(<<"keyId">>, KeyMap)}). %% ''' %% @end +%% @since 3.0.0 -spec jwt_profile_token( Subject, ProviderConfigurationWorkerName, @@ -338,6 +346,7 @@ jwt_profile_token(Subject, ProviderConfigurationWorkerName, ClientId, ClientSecr %% #{scope => [<<"scope">>]}). %% ''' %% @end +%% @since 3.0.0 -spec client_credentials_token( ProviderConfigurationWorkerName, ClientId, diff --git a/src/oidcc_authorization.erl b/src/oidcc_authorization.erl index 34e930b..cdece46 100644 --- a/src/oidcc_authorization.erl +++ b/src/oidcc_authorization.erl @@ -1,6 +1,7 @@ %%%------------------------------------------------------------------- %% @doc Functions to start an OpenID Connect Authorization %% @end +%% @since 3.0.0 %%%------------------------------------------------------------------- -module(oidcc_authorization). @@ -67,6 +68,7 @@ %% %% RedirectUri = https://my.provider/auth?scope=openid&response_type=code&client_id=client_id&redirect_uri=https%3A%2F%2Fmy.server%2Freturn %% ''' %% @end +%% @since 3.0.0 -spec create_redirect_url(ClientContext, Opts) -> {ok, Uri} | {error, error()} when ClientContext :: oidcc_client_context:t(), Opts :: opts(), diff --git a/src/oidcc_client_context.erl b/src/oidcc_client_context.erl index af79f6f..1fe9cf8 100644 --- a/src/oidcc_client_context.erl +++ b/src/oidcc_client_context.erl @@ -13,6 +13,7 @@ %% -include_lib(["oidcc/include/oidcc_client_context.hrl"]). %% ''' %% @end +%% @since 3.0.0 %%%------------------------------------------------------------------- -module(oidcc_client_context). @@ -65,6 +66,8 @@ %% <<"client_id">>, %% <<"client_secret">>). %% ''' +%% @end +%% @since 3.0.0 -spec from_configuration_worker(ProviderName, ClientId, ClientSecret) -> {ok, t()} | {error, error()} when @@ -106,6 +109,8 @@ from_configuration_worker(ProviderName, ClientId, ClientSecret) -> %% <<"client_id">>, %% <<"client_secret">>). %% ''' +%% @end +%% @since 3.0.0 -spec from_manual(Configuration, Jwks, ClientId, ClientSecret) -> t() when Configuration :: oidcc_provider_configuration:t(), Jwks :: jose_jwk:key(), diff --git a/src/oidcc_provider_configuration.erl b/src/oidcc_provider_configuration.erl index 20e6448..48025f8 100644 --- a/src/oidcc_provider_configuration.erl +++ b/src/oidcc_provider_configuration.erl @@ -13,6 +13,7 @@ %% %% See {@link 'Elixir.Oidcc.ProviderConfiguration'} %% @end +%% @since 3.0.0 %%%------------------------------------------------------------------- -module(oidcc_provider_configuration). @@ -172,6 +173,8 @@ %% {ok, #oidcc_provider_configuration{}} = %% oidcc_provider_configuration:load_configuration("https://accounts.google.com"). %% ''' +%% @end +%% @since 3.0.0 -spec load_configuration(Issuer, Opts) -> {ok, {Configuration :: t(), Expiry :: pos_integer()}} | {error, error()} when @@ -200,6 +203,8 @@ load_configuration(Issuer, Opts) -> %% {ok, #jose_jwk{}} = %% oidcc_provider_configuration:load_jwks("https://www.googleapis.com/oauth2/v3/certs"). %% ''' +%% @end +%% @since 3.0.0 -spec load_jwks(JwksUri, Opts) -> {ok, {Jwks :: jose_jwk:key(), Expiry :: pos_integer()}} | {error, term()} when @@ -232,6 +237,8 @@ load_jwks(JwksUri, Opts) -> %% {ok, #oidcc_provider_configuration{}} = %% oidcc_provider_configuration:decode_configuration(DecodedJson). %% ''' +%% @end +%% @since 3.0.0 -spec decode_configuration(Configuration :: map()) -> {ok, t()} | {error, error()}. decode_configuration(Configuration) -> maybe diff --git a/src/oidcc_provider_configuration_worker.erl b/src/oidcc_provider_configuration_worker.erl index 1ea2b81..186dce8 100644 --- a/src/oidcc_provider_configuration_worker.erl +++ b/src/oidcc_provider_configuration_worker.erl @@ -5,6 +5,7 @@ %% @end %% @todo Store configuration in ETS instead of GenServer state to allow %% concurrent reads +%% @since 3.0.0 %%%------------------------------------------------------------------- -module(oidcc_provider_configuration_worker). @@ -84,6 +85,8 @@ %% modules => [oidcc_provider_configuration_worker]}], %% {ok, {SupFlags, ChildSpecs}}. %% ''' +%% @end +%% @since 3.0.0 -spec start_link(Opts :: opts()) -> gen_server:start_ret(). start_link(Opts) -> case maps:get(name, Opts, undefined) of @@ -204,6 +207,8 @@ get_jwks(Name) -> %% %% oidcc_provider_configuration_worker:refresh_configuration(Pid). %% ''' +%% @end +%% @since 3.0.0 -spec refresh_configuration(Name :: gen_server:server_ref()) -> ok. refresh_configuration(Name) -> gen_server:cast(Name, refresh_configuration). @@ -222,6 +227,8 @@ refresh_configuration(Name) -> %% %% oidcc_provider_configuration_worker:refresh_jwks(Pid). %% ''' +%% @end +%% @since 3.0.0 -spec refresh_jwks(Name :: gen_server:server_ref()) -> ok. refresh_jwks(Name) -> gen_server:cast(Name, refresh_jwks). @@ -238,6 +245,8 @@ refresh_jwks(Name) -> %% %% oidcc_provider_configuration_worker:refresh_jwks_for_unknown_kid(Pid, <<"kid">>). %% ''' +%% @end +%% @since 3.0.0 -spec refresh_jwks_for_unknown_kid(Name :: gen_server:server_ref(), Kid :: binary()) -> ok. refresh_jwks_for_unknown_kid(Name, Kid) -> diff --git a/src/oidcc_scope.erl b/src/oidcc_scope.erl index 5578630..d5e546d 100644 --- a/src/oidcc_scope.erl +++ b/src/oidcc_scope.erl @@ -1,6 +1,7 @@ %%%------------------------------------------------------------------- %% @doc OpenID Scope Utilities %% @end +%% @since 3.0.0 %%%------------------------------------------------------------------- -module(oidcc_scope). @@ -25,6 +26,8 @@ %% <<"openid profile email">> = oidcc_scope:scopes_to_bin( %% [<<"openid">>, profile, "email"]). %% ''' +%% @end +%% @since 3.0.0 -spec scopes_to_bin(Scopes :: scopes()) -> t(). scopes_to_bin(Scopes) -> NormalizedScopes = @@ -60,6 +63,8 @@ query_append_scope(Scopes, QueryList) when is_list(Scopes) -> %% ``` %% [<<"openid">>, <<"profile">>] = oidcc_scope:parse(<<"openid profile">>). %% ''' +%% @end +%% @since 3.0.0 -spec parse(Scope :: t()) -> scopes(). parse(Scope) -> binary:split(Scope, [<<" ">>], [trim_all, global]). diff --git a/src/oidcc_token.erl b/src/oidcc_token.erl index 39c72ce..476f386 100644 --- a/src/oidcc_token.erl +++ b/src/oidcc_token.erl @@ -13,6 +13,7 @@ %% %% See {@link 'Elixir.Oidcc.Token'} %% @end +%% @since 3.0.0 %%%------------------------------------------------------------------- -module(oidcc_token). @@ -281,6 +282,7 @@ %% redirect_uri => <<"https://example.com/callback">>}). %% ''' %% @end +%% @since 3.0.0 -spec retrieve(AuthCode, ClientContext, Opts) -> {ok, t()} | {error, error()} when @@ -339,6 +341,7 @@ retrieve(AuthCode, ClientContext, Opts) -> %% #{expected_subject => <<"sub_from_initial_id_token>>}). %% ''' %% @end +%% @since 3.0.0 -spec refresh (RefreshToken, ClientContext, Opts) -> {ok, t()} | {error, error()} @@ -412,6 +415,7 @@ refresh(RefreshToken, ClientContext, Opts) -> %% kid => maps:get(<<"keyId">>, KeyMap)}). %% ''' %% @end +%% @since 3.0.0 -spec jwt_profile(Subject, ClientContext, Jwk, Opts) -> {ok, t()} | {error, error()} when Subject :: binary(), ClientContext :: oidcc_client_context:t(), @@ -492,6 +496,7 @@ jwt_profile(Subject, ClientContext, Jwk, Opts) -> %% #{scope => [<<"scope">>]}). %% ''' %% @end +%% @since 3.0.0 -spec client_credentials(ClientContext, Opts) -> {ok, t()} | {error, error()} when ClientContext :: oidcc_client_context:t(), Opts :: client_credentials_opts(). @@ -639,6 +644,7 @@ verify_access_token_map_hash(#oidcc_token{}) -> %% oidcc:validate_id_token(IdToken, ClientContext, ExpectedNonce). %% ''' %% @end +%% @since 3.0.0 -spec validate_id_token(IdToken, ClientContext, Nonce) -> {ok, Claims} | {error, error()} when diff --git a/src/oidcc_token_introspection.erl b/src/oidcc_token_introspection.erl index 8cde982..1d251bf 100644 --- a/src/oidcc_token_introspection.erl +++ b/src/oidcc_token_introspection.erl @@ -15,6 +15,7 @@ %% %% See {@link 'Elixir.Oidcc.TokenIntrospection'} %% @end +%% @since 3.0.0 %%%------------------------------------------------------------------- -module(oidcc_token_introspection). @@ -87,6 +88,7 @@ %% oidcc_token_introspection:introspect(AccessToken, ClientContext, #{}). %% ''' %% @end +%% @since 3.0.0 -spec introspect(Token, ClientContext, Opts) -> {ok, t()} | {error, error()} diff --git a/src/oidcc_userinfo.erl b/src/oidcc_userinfo.erl index 8215589..500aab3 100644 --- a/src/oidcc_userinfo.erl +++ b/src/oidcc_userinfo.erl @@ -7,6 +7,7 @@ %% %% See {@link 'Elixir.Oidcc.Userinfo'} %% @end +%% @since 3.0.0 %%%------------------------------------------------------------------- -module(oidcc_userinfo). @@ -95,6 +96,7 @@ %% oidcc_userinfo:retrieve(Token, ClientContext, #{}). %% ''' %% @end +%% @since 3.0.0 -spec retrieve (Token, ClientContext, Opts) -> {ok, oidcc_jwt_util:claims()} | {error, error()} when Token :: oidcc_token:t(),