|
| 1 | +%% Vendored from hex_core v0.12.2 (c4db9f6), do not edit manually |
| 2 | + |
| 3 | +%% @doc |
| 4 | +%% Hex HTTP API - OAuth. |
| 5 | +-module(mix_hex_api_oauth). |
| 6 | +-export([ |
| 7 | + device_authorization/3, |
| 8 | + device_authorization/4, |
| 9 | + poll_device_token/3, |
| 10 | + refresh_token/3, |
| 11 | + revoke_token/3, |
| 12 | + client_credentials_token/4, |
| 13 | + client_credentials_token/5 |
| 14 | +]). |
| 15 | + |
| 16 | +%% @doc |
| 17 | +%% Initiates the OAuth device authorization flow. |
| 18 | +%% |
| 19 | +%% @see device_authorization/4 |
| 20 | +%% @end |
| 21 | +-spec device_authorization(mix_hex_core:config(), binary(), binary()) -> mix_hex_api:response(). |
| 22 | +device_authorization(Config, ClientId, Scope) -> |
| 23 | + device_authorization(Config, ClientId, Scope, []). |
| 24 | + |
| 25 | +%% @doc |
| 26 | +%% Initiates the OAuth device authorization flow with optional parameters. |
| 27 | +%% |
| 28 | +%% Returns device code, user code, and verification URIs for user authentication. |
| 29 | +%% |
| 30 | +%% Options: |
| 31 | +%% * `name' - A name to identify the token (e.g., hostname of the device) |
| 32 | +%% |
| 33 | +%% Examples: |
| 34 | +%% |
| 35 | +%% ``` |
| 36 | +%% 1> Config = mix_hex_core:default_config(). |
| 37 | +%% 2> mix_hex_api_oauth:device_authorization(Config, <<"cli">>, <<"api:write">>). |
| 38 | +%% {ok,{200, ..., #{ |
| 39 | +%% <<"device_code">> => <<"...">>, |
| 40 | +%% <<"user_code">> => <<"ABCD-1234">>, |
| 41 | +%% <<"verification_uri">> => <<"https://hex.pm/oauth/device">>, |
| 42 | +%% <<"verification_uri_complete">> => <<"https://hex.pm/oauth/device?user_code=ABCD-1234">>, |
| 43 | +%% <<"expires_in">> => 600, |
| 44 | +%% <<"interval">> => 5 |
| 45 | +%% }}} |
| 46 | +%% |
| 47 | +%% 3> mix_hex_api_oauth:device_authorization(Config, <<"cli">>, <<"api:write">>, [{name, <<"MyMachine">>}]). |
| 48 | +%% ''' |
| 49 | +%% @end |
| 50 | +-spec device_authorization(mix_hex_core:config(), binary(), binary(), proplists:proplist()) -> |
| 51 | + mix_hex_api:response(). |
| 52 | +device_authorization(Config, ClientId, Scope, Opts) -> |
| 53 | + Path = <<"oauth/device_authorization">>, |
| 54 | + Params0 = #{ |
| 55 | + <<"client_id">> => ClientId, |
| 56 | + <<"scope">> => Scope |
| 57 | + }, |
| 58 | + Params = |
| 59 | + case proplists:get_value(name, Opts) of |
| 60 | + undefined -> Params0; |
| 61 | + Name -> Params0#{<<"name">> => Name} |
| 62 | + end, |
| 63 | + mix_hex_api:post(Config, Path, Params). |
| 64 | + |
| 65 | +%% @doc |
| 66 | +%% Polls the OAuth token endpoint for device authorization completion. |
| 67 | +%% |
| 68 | +%% Returns: |
| 69 | +%% - `{ok, {200, _, Token}}` - Authorization complete |
| 70 | +%% - `{ok, {400, _, #{<<"error">> => <<"authorization_pending">>}}}` - Still waiting |
| 71 | +%% - `{ok, {400, _, #{<<"error">> => <<"slow_down">>}}}` - Polling too fast |
| 72 | +%% - `{ok, {400, _, #{<<"error">> => <<"expired_token">>}}}` - Code expired |
| 73 | +%% - `{ok, {403, _, #{<<"error">> => <<"access_denied">>}}}` - User denied |
| 74 | +%% |
| 75 | +%% Examples: |
| 76 | +%% |
| 77 | +%% ``` |
| 78 | +%% 1> Config = mix_hex_core:default_config(). |
| 79 | +%% 2> mix_hex_api_oauth:poll_device_token(Config, <<"cli">>, DeviceCode). |
| 80 | +%% {ok, {200, _, #{ |
| 81 | +%% <<"access_token">> => <<"...">>, |
| 82 | +%% <<"refresh_token">> => <<"...">>, |
| 83 | +%% <<"token_type">> => <<"Bearer">>, |
| 84 | +%% <<"expires_in">> => 3600 |
| 85 | +%% }}} |
| 86 | +%% ''' |
| 87 | +%% @end |
| 88 | +-spec poll_device_token(mix_hex_core:config(), binary(), binary()) -> mix_hex_api:response(). |
| 89 | +poll_device_token(Config, ClientId, DeviceCode) -> |
| 90 | + Path = <<"oauth/token">>, |
| 91 | + Params = #{ |
| 92 | + <<"grant_type">> => <<"urn:ietf:params:oauth:grant-type:device_code">>, |
| 93 | + <<"device_code">> => DeviceCode, |
| 94 | + <<"client_id">> => ClientId |
| 95 | + }, |
| 96 | + mix_hex_api:post(Config, Path, Params). |
| 97 | + |
| 98 | +%% @doc |
| 99 | +%% Refreshes an access token using a refresh token. |
| 100 | +%% |
| 101 | +%% Examples: |
| 102 | +%% |
| 103 | +%% ``` |
| 104 | +%% 1> Config = mix_hex_core:default_config(). |
| 105 | +%% 2> mix_hex_api_oauth:refresh_token(Config, <<"cli">>, RefreshToken). |
| 106 | +%% {ok, {200, _, #{ |
| 107 | +%% <<"access_token">> => <<"...">>, |
| 108 | +%% <<"refresh_token">> => <<"...">>, |
| 109 | +%% <<"token_type">> => <<"Bearer">>, |
| 110 | +%% <<"expires_in">> => 3600 |
| 111 | +%% }}} |
| 112 | +%% ''' |
| 113 | +%% @end |
| 114 | +-spec refresh_token(mix_hex_core:config(), binary(), binary()) -> mix_hex_api:response(). |
| 115 | +refresh_token(Config, ClientId, RefreshToken) -> |
| 116 | + Path = <<"oauth/token">>, |
| 117 | + Params = #{ |
| 118 | + <<"grant_type">> => <<"refresh_token">>, |
| 119 | + <<"refresh_token">> => RefreshToken, |
| 120 | + <<"client_id">> => ClientId |
| 121 | + }, |
| 122 | + mix_hex_api:post(Config, Path, Params). |
| 123 | + |
| 124 | +%% @doc |
| 125 | +%% Exchanges an API key for an OAuth access token using the client credentials grant. |
| 126 | +%% |
| 127 | +%% @see client_credentials_token/5 |
| 128 | +%% @end |
| 129 | +-spec client_credentials_token(mix_hex_core:config(), binary(), binary(), binary()) -> |
| 130 | + mix_hex_api:response(). |
| 131 | +client_credentials_token(Config, ClientId, ApiKey, Scope) -> |
| 132 | + client_credentials_token(Config, ClientId, ApiKey, Scope, []). |
| 133 | + |
| 134 | +%% @doc |
| 135 | +%% Exchanges an API key for an OAuth access token using the client credentials grant with optional parameters. |
| 136 | +%% |
| 137 | +%% This grant type allows exchanging a long-lived API key for a short-lived OAuth access token. |
| 138 | +%% The API key is sent as the client_secret parameter. |
| 139 | +%% |
| 140 | +%% Options: |
| 141 | +%% * `name' - A name to identify the token (e.g., hostname of the client) |
| 142 | +%% |
| 143 | +%% Returns: |
| 144 | +%% - `{ok, {200, _, Token}}` - Token exchange successful |
| 145 | +%% - `{ok, {400, _, #{<<"error">> => ...}}}` - Invalid request or scope |
| 146 | +%% - `{ok, {401, _, #{<<"error">> => ...}}}` - Invalid API key |
| 147 | +%% |
| 148 | +%% Examples: |
| 149 | +%% |
| 150 | +%% ``` |
| 151 | +%% 1> Config = mix_hex_core:default_config(). |
| 152 | +%% 2> mix_hex_api_oauth:client_credentials_token(Config, <<"cli">>, ApiKey, <<"api">>). |
| 153 | +%% {ok, {200, _, #{ |
| 154 | +%% <<"access_token">> => <<"...">>, |
| 155 | +%% <<"token_type">> => <<"bearer">>, |
| 156 | +%% <<"expires_in">> => 1800, |
| 157 | +%% <<"scope">> => <<"api">> |
| 158 | +%% }}} |
| 159 | +%% |
| 160 | +%% 3> mix_hex_api_oauth:client_credentials_token(Config, <<"cli">>, ApiKey, <<"api">>, [{name, <<"MyMachine">>}]). |
| 161 | +%% ''' |
| 162 | +%% @end |
| 163 | +-spec client_credentials_token( |
| 164 | + mix_hex_core:config(), binary(), binary(), binary(), proplists:proplist() |
| 165 | +) -> mix_hex_api:response(). |
| 166 | +client_credentials_token(Config, ClientId, ApiKey, Scope, Opts) -> |
| 167 | + Path = <<"oauth/token">>, |
| 168 | + Params0 = #{ |
| 169 | + <<"grant_type">> => <<"client_credentials">>, |
| 170 | + <<"client_id">> => ClientId, |
| 171 | + <<"client_secret">> => ApiKey, |
| 172 | + <<"scope">> => Scope |
| 173 | + }, |
| 174 | + Params = |
| 175 | + case proplists:get_value(name, Opts) of |
| 176 | + undefined -> Params0; |
| 177 | + Name -> Params0#{<<"name">> => Name} |
| 178 | + end, |
| 179 | + mix_hex_api:post(Config, Path, Params). |
| 180 | + |
| 181 | +%% @doc |
| 182 | +%% Revokes an OAuth token (RFC 7009). |
| 183 | +%% |
| 184 | +%% Can revoke either access tokens or refresh tokens. |
| 185 | +%% Returns 200 OK regardless of whether the token was found, |
| 186 | +%% following RFC 7009 security recommendations. |
| 187 | +%% |
| 188 | +%% Examples: |
| 189 | +%% |
| 190 | +%% ``` |
| 191 | +%% 1> Config = mix_hex_core:default_config(). |
| 192 | +%% 2> mix_hex_api_oauth:revoke_token(Config, <<"cli">>, Token). |
| 193 | +%% {ok, {200, ..., nil}} |
| 194 | +%% ''' |
| 195 | +%% @end |
| 196 | +-spec revoke_token(mix_hex_core:config(), binary(), binary()) -> mix_hex_api:response(). |
| 197 | +revoke_token(Config, ClientId, Token) -> |
| 198 | + Path = <<"oauth/revoke">>, |
| 199 | + Params = #{ |
| 200 | + <<"token">> => Token, |
| 201 | + <<"client_id">> => ClientId |
| 202 | + }, |
| 203 | + mix_hex_api:post(Config, Path, Params). |
0 commit comments