oauth/oidc

lib/sso_bsn_web/resource_owners.ex

@@ -0,0 +1,39 @@
+defmodule SsoBsnWeb.ResourceOwners do
+	@behaviour Boruta.Oauth.ResourceOwners
+
+	alias Boruta.Oauth.ResourceOwner
+	alias SsoBsn.Accounts.User
+	alias SsoBsn.Accounts
+	alias SsoBsn.Repo
+
+	@impl Boruta.Oauth.ResourceOwners
+	def get_by(username: username) do
+	  with %User{ id: id, username: username, last_login_at: last_login_at } <- Accounts.get_user_by_username(username) do
+	    {:ok, %ResourceOwner{sub: to_string(id), username: username, last_login_at: last_login_at}}
+	  else
+	    _ -> {:error, "User not found."}
+	  end
+	end
+
+	def get_by(sub: sub) do
+	  with %User{id: id, username: username, last_login_at: last_login_at} <- Accounts.get_user(sub) do
+	    {:ok, %ResourceOwner{sub: to_string(id), username: username, last_login_at: last_login_at}}
+	  else
+	    _ -> {:error, "User not found."}
+	  end
+	end
+
+	@impl Boruta.Oauth.ResourceOwners
+	def check_password(_resource_owner, _password) do
+		raise """
+			Password auth is not supported
+		"""
+	end
+
+	@impl Boruta.Oauth.ResourceOwners
+	def authorized_scopes(%ResourceOwner{}), do: ["openid", "email", "profile"] |> Enum.map(&%{name: &1, id: &1})
+
+
+	@impl Boruta.Oauth.ResourceOwners
+	def claims(_resource_owner, _scope), do: %{}
+end