IBMId OAuth2 strategy for Überauth.
- Setup your application with IBM Security Verify to get a Client ID and Secret. Ensure that a callback URL is specified in the OpenID Connect configuration (i.e.
https://localhost:PORT/auth/ibmid/callback). Learn more about IBM Security Verify & OpenID Connect.
NOTE: IBMId only allows HTTPS callback URLs. Learn how to serve a Phoenix App locally with HTTPS.
-
Add
:ueberauth_ibmidto your list of dependencies inmix.exs:def deps do [ ... {:ueberauth_ibmid, "~> 0.1.0"} ... ] end
-
Add IBMId to your Überauth configuration:
config :ueberauth, Ueberauth, providers: [ ibmid: {Ueberauth.Strategy.IBMId, []} ]
-
Update your provider configuration:
config :ueberauth, Ueberauth.Strategy.IBMId.OAuth, client_id: System.get_env("IBMID_OIDC_CLIENT_ID"), client_secret: System.get_env("IBMID_OIDC_CLIENT_SECRET")
Or, to read the client credentials at runtime
config :ueberauth, Ueberauth.Strategy.IBMId.OAuth, client_id: {:system, "IBMID_OIDC_CLIENT_ID"}, client_secret: {:system, "IBMID_OIDC_CLIENT_SECRET"}
-
Include the Überauth plug in your controller:
defmodule MyApp.Router do use MyApp.Web, :router pipeline :browser do plug Ueberauth ... end end
-
Create the request and callback routes if you haven't already:
scope "/auth", MyApp do pipe_through :browser get "/:provider", AuthController, :request get "/:provider/callback", AuthController, :callback end
-
Your controller needs to implement callbacks to deal with
Ueberauth.AuthandUeberauth.Failureresponses.
You can initialize the request through:
/auth/ibmid
By default the requested scope is "openid", which also happens to be the only required scope. Scope can be configured explicitly in your configuration (see below). Learn more about OIDC scopes.
config :ueberauth, Ueberauth,
providers: [
ibmid: {Ueberauth.Strategy.IBMId, [default_scope: "openid profile"]}
]Please see LICENSE for licensing details.