diff --git a/lib/mv/secrets.ex b/lib/mv/secrets.ex index f315ea3..177ed90 100644 --- a/lib/mv/secrets.ex +++ b/lib/mv/secrets.ex @@ -14,45 +14,59 @@ defmodule Mv.Secrets do - OIDC_BASE_URL / settings.oidc_base_url - OIDC_REDIRECT_URI / settings.oidc_redirect_uri - ## Usage - This module is automatically called by AshAuthentication when resolving - secrets for the User resource's OIDC strategy. + When a value is nil, returns `{:error, MissingSecret}` so that AshAuthentication + does not crash (e.g. URI.new(nil)) and can redirect to sign-in with an error. """ use AshAuthentication.Secret + alias AshAuthentication.Errors.MissingSecret + def secret_for( [:authentication, :strategies, :oidc, :client_id], - Mv.Accounts.User, + resource, _opts, _meth ) do - {:ok, Mv.Config.oidc_client_id()} + secret_or_error(Mv.Config.oidc_client_id(), resource, :client_id) end def secret_for( [:authentication, :strategies, :oidc, :redirect_uri], - Mv.Accounts.User, + resource, _opts, _meth ) do - {:ok, Mv.Config.oidc_redirect_uri()} + secret_or_error(Mv.Config.oidc_redirect_uri(), resource, :redirect_uri) end def secret_for( [:authentication, :strategies, :oidc, :client_secret], - Mv.Accounts.User, + resource, _opts, _meth ) do - {:ok, Mv.Config.oidc_client_secret()} + secret_or_error(Mv.Config.oidc_client_secret(), resource, :client_secret) end def secret_for( [:authentication, :strategies, :oidc, :base_url], - Mv.Accounts.User, + resource, _opts, _meth ) do - {:ok, Mv.Config.oidc_base_url()} + secret_or_error(Mv.Config.oidc_base_url(), resource, :base_url) + end + + defp secret_or_error(nil, resource, key) do + path = [:authentication, :strategies, :oidc, key] + {:error, MissingSecret.exception(path: path, resource: resource)} + end + + defp secret_or_error(value, resource, key) when is_binary(value) do + if String.trim(value) == "" do + secret_or_error(nil, resource, key) + else + {:ok, value} + end end end