Azure Active Directory authentication using OpenID.
This is a simple and opinionated OpenID authentication library for Azure Active Directory. The following decisions have been made:
- The nonce has a timeout of 15 minutes
- The callback will reject id_tokens with an iat that is more than 6 minutes old
The package can be installed by adding azure_ad_openid to your list of dependencies in mix.exs:
def deps do
[
{:azure_ad_openid, "~> 0.2"},
]
endThis library can be used with or without the standard Elixir configuration. If you want to use it with configuration set the following in your config files:
config :azure_ad_openid, AzureADOpenId,
tenant: <your tenant>,
client_id: <your client_id>,
client_secret: <>, # only needed to generate access tokens
aud: <> # used to overide client_id as the value for audIf you don't setup the config, you will need to pass these values in manually at runtime. For example to get the authorization url:
config = [tenant: <your tenant>, client_id: <your client_id>]
AzureADOpenId.authorize_url!(<redirect_uri>, config)The following is a simple example of a Phoenix authentication controller that uses this library:
defmodule MyAppWeb.AuthController do
use MyAppWeb, :controller
alias AzureADOpenId
def login(conn, _) do
base_uri = Application.get_env(:my_app, :base_uri)
redirect_uri = "#{base_uri}/auth/callback"
redirect conn, external: AzureADOpenId.authorize_url!(redirect_uri)
end
def callback(conn, _) do
{:ok, claims} = AzureADOpenId.handle_callback!(conn)
conn
|> put_session(:user_claims, claims)
|> redirect(to: "/")
end
def logout(conn, _) do
conn
|> put_session(:user_claims, nil)
|> redirect(external: AzureADOpenId.logout_url())
end
endThe docs can be found at https://hexdocs.pm/azure_ad_openid .
The following repository was used as a base for the AzureAD authentication:
https://github.com/onurkucukkece/oauth_azure_activedirectory
Please see LICENSE for licensing details.