API Reference AttestoPhoenix v#0.19.1

Copy Markdown View Source

Modules

AttestoPhoenix

A Phoenix/Ecto OAuth 2.0 / OIDC authorization-server and resource-server layer built on top of Attesto.

AttestoPhoenix.AuthorizationServer.DeviceAuthorization

Device authorization request processing (RFC 8628 §3.1 / §3.2), as conn-free core.

AttestoPhoenix.AuthorizationServer.DeviceAuthorization.Request

Plain-data device-authorization request the controller builds from the conn.

AttestoPhoenix.AuthorizationServer.JwtBearer

The resource server's half of the Identity Assertion JWT Authorization Grant (ID-JAG), the grant behind MCP Enterprise-Managed Authorization (EMA) - draft-ietf-oauth-identity-assertion-authz-grant-04.

AttestoPhoenix.AuthorizationServer.PAR

Pushed Authorization Request storage (RFC 9126), as conn-free core.

AttestoPhoenix.AuthorizationServer.PAR.Request

A parsed Pushed Authorization Request (RFC 9126), all plain data lifted at the controller edge.

AttestoPhoenix.AuthorizationServer.RequestObjectMetadata

Conn-free derivation of the signed-request-object (JAR / RFC 9101 §10.5) discovery metadata shared by the OpenID Provider Metadata document (OpenID Connect Discovery) and the OAuth 2.0 Authorization Server Metadata document (RFC 8414).

AttestoPhoenix.AuthorizationServer.RequestPolicy

Conn-free resolution of the per-request authorization-request validation policy shared by the authorization endpoint and the PAR endpoint.

AttestoPhoenix.AuthorizationServer.SenderConstraint

Sender-constraint resolution for the token endpoint (RFC 9449 / RFC 8705), as conn-free core.

AttestoPhoenix.AuthorizationServer.Token

Token-endpoint grant processing (RFC 6749 §3.2), as conn-free core.

AttestoPhoenix.AuthorizationServer.Token.Request

A parsed token request, all plain data lifted at the controller edge.

AttestoPhoenix.BackChannelLogout

The seam for delivering a Back-Channel Logout logout_token to a Relying Party (OpenID Connect Back-Channel Logout 1.0 §2.5).

AttestoPhoenix.BackChannelLogout.Req

Default AttestoPhoenix.BackChannelLogout deliverer, built on Req.

AttestoPhoenix.Callback

Invocation of configured callbacks in the forms accepted throughout the library.

AttestoPhoenix.ClaimsProvider

The host-owned UserInfo claim source (OpenID Connect Core §5).

AttestoPhoenix.ClientAuthentication

OAuth 2.0 client authentication (RFC 6749 §2.3), as conn-free core.

AttestoPhoenix.ClientAuthentication.ErrorContext

Transport facts known while classifying client authentication.

AttestoPhoenix.ClientAuthentication.Policy

The per-caller policy for AttestoPhoenix.ClientAuthentication.

AttestoPhoenix.ClientAuthentication.Result

The authenticated client and how it authenticated.

AttestoPhoenix.ClientIdMetadata

Integration façade for Client ID Metadata Documents - CIMD (draft-ietf-oauth-client-id-metadata-document-01, IETF OAuth WG).

AttestoPhoenix.ClientIdMetadata.Cache

Behaviour for caching a validated Client ID Metadata Document - CIMD (draft-ietf-oauth-client-id-metadata-document-01, IETF OAuth WG).

AttestoPhoenix.ClientIdMetadata.Cache.ETS

Single-node ETS AttestoPhoenix.ClientIdMetadata.Cache - CIMD (draft-ietf-oauth-client-id-metadata-document-01, IETF OAuth WG).

AttestoPhoenix.ClientIdMetadata.Cache.Ecto

Postgres-backed AttestoPhoenix.ClientIdMetadata.Cache for clustered deployments - CIMD (draft-ietf-oauth-client-id-metadata-document-01, IETF OAuth WG).

AttestoPhoenix.ClientIdMetadata.Fetcher

Behaviour for dereferencing a Client ID Metadata Document URL - CIMD (draft-ietf-oauth-client-id-metadata-document-01, IETF OAuth WG).

AttestoPhoenix.ClientIdMetadata.Fetcher.Req

The default, SSRF-guarded Client ID Metadata Document fetcher - CIMD (draft-ietf-oauth-client-id-metadata-document-01, IETF OAuth WG).

AttestoPhoenix.ClientIdMetadata.Resolver

Resolves a Client ID Metadata Document URL into a client - CIMD (draft-ietf-oauth-client-id-metadata-document-01, IETF OAuth WG).

AttestoPhoenix.ClientStore

The host-owned OAuth client registry contract (RFC 6749 §2 / §3.1.2).

AttestoPhoenix.Config

Configuration for the attesto_phoenix authorization-server layer.

AttestoPhoenix.ConsentGrant

The request binding a single-use consent grant is tied to, and the canonical hash over it (RFC 6749 §4.1.1).

AttestoPhoenix.ConsentGrantStore

Behaviour for single-use, request-bound consent grants (RFC 6749 §4.1.1).

AttestoPhoenix.ConsentPolicy

The host-owned resource-owner authentication and consent contract (RFC 6749 §3.1 / §4.1.1, OpenID Connect Core §3.1.2).

AttestoPhoenix.Controller.AuthorizeController

OAuth 2.0 / OpenID Connect authorization endpoint (RFC 6749 §3.1, OIDC Core §3.1.2).

AttestoPhoenix.Controller.DeviceAuthorizationController

OAuth 2.0 Device Authorization Endpoint (RFC 8628 §3.1).

AttestoPhoenix.Controller.DeviceVerificationController

Device verification page (RFC 8628 §3.3).

AttestoPhoenix.Controller.DiscoveryController

RFC 8414 - OAuth 2.0 Authorization Server Metadata endpoint.

AttestoPhoenix.Controller.EndSessionController

End-session endpoint (OpenID Connect RP-Initiated Logout 1.0 §2 + Back-Channel Logout 1.0).

AttestoPhoenix.Controller.IntrospectionController

POST /oauth/introspect - OAuth 2.0 Token Introspection (RFC 7662), with the signed-JWT response of RFC 9701 (FAPI 2.0 Message Signing §5.5).

AttestoPhoenix.Controller.JWKSController

GET /.well-known/jwks.json - the JSON Web Key Set (RFC 7517 §5).

AttestoPhoenix.Controller.OpenIDConfigurationController

OpenID Connect Discovery 1.0 - OpenID Provider Metadata endpoint.

AttestoPhoenix.Controller.PARController

Pushed Authorization Request endpoint (RFC 9126).

AttestoPhoenix.Controller.ProtectedResourceController

RFC 9728 - OAuth 2.0 Protected Resource Metadata endpoint.

AttestoPhoenix.Controller.RegistrationController

OAuth 2.0 Dynamic Client Registration endpoint (RFC 7591 §3).

AttestoPhoenix.Controller.RevocationController

POST /oauth/revoke - OAuth 2.0 Token Revocation (RFC 7009).

AttestoPhoenix.Controller.TokenController

OAuth 2.0 token endpoint (RFC 6749 §3.2).

AttestoPhoenix.Controller.UserinfoController

OpenID Connect UserInfo endpoint (OpenID Connect Core 1.0 §5.3).

AttestoPhoenix.Event

Neutral event struct and dispatcher for the optional :on_event callback.

AttestoPhoenix.EventSink

The host-owned audit/telemetry contract.

AttestoPhoenix.OAuthError

The error value type and the wire-rendering helpers for the authorization-server controllers and the protected-resource plugs.

AttestoPhoenix.OpenAPI.TokenEndpoint

OpenApiSpex operation and schema values for the OAuth 2.0 token endpoint.

AttestoPhoenix.PARStore

Behaviour for Pushed Authorization Request storage (RFC 9126).

AttestoPhoenix.Plug.Authenticate

Phoenix-friendly protected-resource authentication.

AttestoPhoenix.Plug.RequireScopes

Phoenix alias for Attesto.Plug.RequireScopes.

AttestoPhoenix.PrincipalStore

The host-owned subject/principal contract.

AttestoPhoenix.RegistrationStore

The host-owned dynamic client registration persistence contract (RFC 7591 §3 / RFC 7592 §2).

AttestoPhoenix.RequestContext

Neutral request-fact helpers the OAuth 2.0 / OIDC flows derive from a Plug.Conn.

AttestoPhoenix.Router

Router macro that mounts the authorization-server endpoints.

AttestoPhoenix.Schema.Authorization

Ecto schema for the single-use authorization codes backing an Attesto.CodeStore.

AttestoPhoenix.Schema.ClientIdMetadata

Ecto schema for one cached Client ID Metadata Document - CIMD (draft-ietf-oauth-client-id-metadata-document-01, IETF OAuth WG).

AttestoPhoenix.Schema.ConsentGrant

Ecto schema for a single-use, request-bound consent grant (RFC 6749 §4.1.1).

AttestoPhoenix.Schema.DPoPNonce

Ecto schema for a single server-issued DPoP nonce (RFC 9449 §8).

AttestoPhoenix.Schema.DPoPReplay

Ecto schema for one recorded DPoP proof jti (JWT ID).

AttestoPhoenix.Schema.DeviceCode

Ecto schema + record bridge for the RFC 8628 device-code store (AttestoPhoenix.Store.EctoDeviceCodeStore).

AttestoPhoenix.Schema.LogoutSession

Ecto schema + record bridge for the Back-Channel Logout session store (AttestoPhoenix.Store.EctoLogoutSessionStore).

AttestoPhoenix.Schema.PushedAuthorizationRequest

Ecto schema for a single Pushed Authorization Request (RFC 9126).

AttestoPhoenix.Schema.RefreshToken

Ecto schema for the refresh-token records that back an Ecto-backed Attesto.RefreshStore.

AttestoPhoenix.ScopePolicy

The host-owned scope-authorization contract (RFC 6749 §3.3).

AttestoPhoenix.Store.EctoCodeStore

Ecto implementation of the Attesto.CodeStore behaviour.

AttestoPhoenix.Store.EctoConsentGrantStore

Postgres-backed AttestoPhoenix.ConsentGrantStore (RFC 6749 §4.1.1).

AttestoPhoenix.Store.EctoDeviceCodeStore

Ecto/Postgres implementation of Attesto.DeviceCodeStore.

AttestoPhoenix.Store.EctoLogoutSessionStore

Ecto/Postgres implementation of Attesto.LogoutSessionStore.

AttestoPhoenix.Store.EctoNonceStore

Postgres-backed Attesto.DPoP.NonceStore for clustered deployments (RFC 9449 §8).

AttestoPhoenix.Store.EctoPARStore

Postgres-backed AttestoPhoenix.PARStore for clustered deployments (RFC 9126).

AttestoPhoenix.Store.EctoRefreshStore

Ecto implementation of the Attesto.RefreshStore behaviour.

AttestoPhoenix.Store.EctoReplayCheck

Ecto-backed, shared-store jti replay check for DPoP proofs (RFC 9449 §11.1).

AttestoPhoenix.Store.NonceStore

Dispatch to the configured Attesto.DPoP.NonceStore, threading the live request %AttestoPhoenix.Config{} to stores that need it (RFC 9449 §8).

AttestoPhoenix.Store.PAR.ETS

Single-node ETS Pushed Authorization Request store.

AttestoPhoenix.Store.Sweeper

Optional periodic housekeeping GenServer that deletes expired rows from the Ecto-backed authorization-code, refresh-token, DPoP-nonce, DPoP-replay, pushed-authorization-request, client-id-metadata-cache, and consent-grant tables.

Mix Tasks

mix attesto_phoenix.gen.migration

Generates an Ecto migration that creates the persistence backing the Ecto-based stores ship with attesto_phoenix.

mix attesto_phoenix.install

Installs the attesto_phoenix authorization-server layer into a Phoenix app