feat(secrets): updated as recommended in ashauthentication docs
This commit is contained in:
parent
425c7bb911
commit
302f9bf2ac
3 changed files with 35 additions and 10 deletions
|
|
@ -90,6 +90,8 @@ config :mv, :secret_key_base, "ryn7D6ssmIHQFWIks2sFiTGATgwwAR1+3bN8p7fy6qVtB8qnx
|
||||||
# Signing Secret for Authentication
|
# Signing Secret for Authentication
|
||||||
config :mv, :token_signing_secret, "IwUwi65TrEeExwBXXFPGm2I7889NsL"
|
config :mv, :token_signing_secret, "IwUwi65TrEeExwBXXFPGm2I7889NsL"
|
||||||
|
|
||||||
config :mv,
|
config :mv, :rauthy,
|
||||||
:oicd_client_secret,
|
client_id: "mv",
|
||||||
"auhoZABKjohxhmeVCIDzMMUkBOtDQjPKiQiFQwmIogfaPPvBOeqtvnEJuTYIWcIc"
|
base_url: "http://localhost:8080/auth/v1",
|
||||||
|
client_secret: "GWGkEWBLRAzZruXhipQKSjeaOtwZtKdETBABHLAXVoqrhsJoXUOsIDfNVOXCQUEv",
|
||||||
|
redirect_uri: "http://localhost:4000/auth/user/rauthy/callback"
|
||||||
|
|
|
||||||
|
|
@ -32,15 +32,12 @@ defmodule Mv.Accounts.User do
|
||||||
|
|
||||||
strategies do
|
strategies do
|
||||||
oidc :rauthy do
|
oidc :rauthy do
|
||||||
client_id "mv"
|
client_id Mv.Secrets
|
||||||
base_url "http://localhost:8080/auth/v1"
|
base_url Mv.Secrets
|
||||||
redirect_uri "http://localhost:4000/auth/user/rauthy/callback"
|
redirect_uri Mv.Secrets
|
||||||
|
client_secret Mv.Secrets
|
||||||
auth_method :client_secret_jwt
|
auth_method :client_secret_jwt
|
||||||
code_verifier true
|
code_verifier true
|
||||||
|
|
||||||
client_secret fn _, _ ->
|
|
||||||
Application.fetch_env(:mv, :oicd_client_secret)
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
password :password do
|
password :password do
|
||||||
|
|
|
||||||
26
lib/mv/secrets.ex
Normal file
26
lib/mv/secrets.ex
Normal file
|
|
@ -0,0 +1,26 @@
|
||||||
|
defmodule Mv.Secrets do
|
||||||
|
use AshAuthentication.Secret
|
||||||
|
|
||||||
|
def secret_for([:authentication, :strategies, :rauthy, :client_id], Mv.Accounts.User, _opts, _meth) do
|
||||||
|
get_config(:client_id)
|
||||||
|
end
|
||||||
|
|
||||||
|
def secret_for([:authentication, :strategies, :rauthy, :redirect_uri], Mv.Accounts.User, _opts, _meth) do
|
||||||
|
get_config(:redirect_uri)
|
||||||
|
end
|
||||||
|
|
||||||
|
def secret_for([:authentication, :strategies, :rauthy, :client_secret], Mv.Accounts.User, _opts, _meth) do
|
||||||
|
get_config(:client_secret)
|
||||||
|
end
|
||||||
|
|
||||||
|
def secret_for([:authentication, :strategies, :rauthy, :base_url], Mv.Accounts.User, _opts, _meth) do
|
||||||
|
get_config(:base_url)
|
||||||
|
end
|
||||||
|
|
||||||
|
defp get_config(key) do
|
||||||
|
:mv
|
||||||
|
|> Application.fetch_env!(:rauthy)
|
||||||
|
|> Keyword.fetch!(key)
|
||||||
|
|> then(&{:ok, &1})
|
||||||
|
end
|
||||||
|
end
|
||||||
Loading…
Add table
Add a link
Reference in a new issue