cred_entry() = #{name => binary(), type => binary(), value => any()}
cred_result() = {ok, temp_cred()} | {error, #{result => error, user_msg => binary()}}
credential() = #{cred_id => CredId::binary(), ctime => CTime::binary(), interface => Interface::binary(), service_id => ServiceId::binary(), cred_state => CredState::binary(), entries => Entries::[cred_entry()]}
oidc_info() = #{id => Id::binary(), desc => Desc::binary(), priority => Priority::integer(), ready => Ready::boolean(), issuer => Issuer::binary()}
session_info() = #{session_pid => Session::pid(), session_type => watts_session:type()}
temp_cred() = #{result => ok, credential => credential()} | #{result => oidc_login, oidc_login => map()}
create_information_result/4* | create the resul for the user info call. |
credential_error_message/1* | convert the error to readable messages for log and user. |
credential_error_message/2* | convert the error to readable messages for log and user, with default. |
do_additional_login/4* | perform an additional login for a user. |
do_login/4* | perform a first login, fetching all the information needed. |
do_login_if_issuer_enabled/3* | start the login process but only if the issuer is enabled. |
do_rsp_additional_login/4* | perform an additional login via oidc for an RSP session adding additional login information to the session. |
does_credential_exist/2 | check if the credential with the given Id exists for the user. |
does_temp_cred_exist/2 | check if the temp credential with the given Id exists for the user. |
empty_session/0* | helper function initializing a session without user. |
extract_userinfo/1* | extract user information out of the response from the oidc provider. |
get_access_token_for/1 | return the access token from a session. |
get_credential_list_for/1 | get the list of credentials for the given session. |
get_display_name_for/1 | return the display name of a session. |
get_interface_description/1* | convert interface type in human readable string. |
get_iss_id_sub_for/1 | return the issuer, its id, and subject of a session. |
get_iss_sub_for/1 | return the issuer and subject of a session. |
get_openid_provider_info/1 | get the complete openid connect provider information. |
get_openid_provider_list/0 | get the list of all configured openid connect provider. |
get_service_list_for/1 | returns the list of services for the given Session. |
get_temp_cred/2 | get a temp credential by its id and for the user this also deletes the stored credential. |
get_user_msg/1* | extract the user message from the map. |
handle_credential_result/4* | handle the result of a translation. |
introspect_token_if_needed/4* | perfom token introspection if needed. |
is_provider_disabled/1* | return if a provider is disabled, returns true if not found. |
login_with_access_token/2 | login with an access token, which is use at the API. |
login_with_oidcc/2 | perform a login with the openid flow through the ui (not access token). |
logout/1 | close the given session. |
new_login/3* | start e new login, so setting up a session is needed. |
no_provider_used/1* | a helper function to get rid of the dialyzer error. |
request_credential_for/3 | start a translation request at the given Service for the given Session. |
retrieve_information/4* | retrieve user information at the oidc provider. |
return_credential_list/2* | get the list of credentials for the given session unless it is RSP. |
return_service_list/2* | returns the list of services for the given Session unless it is RSP. |
return_session_info/1* | generate a session description map from the given session pid. |
revoke_credential_for/2 | revoke the credential witht the given id for the user from the session. |
rsp_session_if_service_allowed/2* | return the rsp session, if the first parameter is true. |
rsp_session_or_error/6* | either setup the rsp session or return an error. |
session_for_rsp/1 | setup a session for an rsp, get called when performing rsp logins. |
session_with_error/1 | create a basic session that only contains the error message. |
start_debug/1 | start debugging with defaults (one hour, 10000 messages). |
start_debug/2 | start debugging, with options. |
stop_debug/0 | stop debugging. |
store_temp_cred/2 | store a credential temporary in a gen_server in RAM. |
trigger_rsp_additional_login/6* | check if the RSP is enabled and trigger the additional login. |
update_session/4* | update the session with issuer, subject and maybe more. |
update_session/5* | update the session with issuer, its id, subject and maybe more. |
update_session_type/2* | set the session type depending on the fact if the subject has been shown in the token, so if it has been an Id Token or an Access Token. |
create_information_result(X1::{ok, binary(), map()} | {error, atom()}, TokenResult::{ok, map()} | {error, atom()}, TokenMap::map() | binary(), IssuerId::binary()) -> {ok, binary(), binary(), map()} | {error, atom()}
create the resul for the user info call
credential_error_message(Reason::atom() | tuple() | any()) -> {binary(), string()}
convert the error to readable messages for log and user
credential_error_message(Reason::atom() | tuple(), DefaultMessage::string()) -> {binary(), string()}
convert the error to readable messages for log and user, with default
do_additional_login(Issuer::binary(), Subject0::binary(), Token0::map(), SessPid::pid()) -> {ok, session_info()} | {error, Reason::atom()}
perform an additional login for a user. This is e.g. needed for rsps to verify the identity of a user or for plugins that need additional logins/access token
do_login(Issuer::binary(), Subject::binary() | undefined, Token::map() | binary(), Session::pid()) -> {ok, session_info()} | {error, Reason::atom()}
perform a first login, fetching all the information needed.
do_login_if_issuer_enabled(Issuer::binary(), Subject::binary() | undefined, Token::map() | binary()) -> {ok, session_info()} | {error, Reason::atom()}
start the login process but only if the issuer is enabled.
do_rsp_additional_login(Issuer::binary(), Subject::binary(), TokenMap::map(), Session::pid()) -> {ok, session_info()} | {error, Reason::atom()}
perform an additional login via oidc for an RSP session adding additional login information to the session. Enforcing that the RSP is enabled.
does_credential_exist(Id::binary(), Session::pid()) -> boolean()
check if the credential with the given Id exists for the user
does_temp_cred_exist(Id::binary(), Session::pid()) -> boolean()
check if the temp credential with the given Id exists for the user
empty_session() -> {ok, Session::pid()}
helper function initializing a session without user.
extract_userinfo(Unknown::{ok, map()} | {error, any()}) -> {ok, binary(), map()} | {error, any()}
extract user information out of the response from the oidc provider
get_access_token_for(Session::pid()) -> {ok, binary()}
return the access token from a session
get_credential_list_for(Session::pid()) -> {ok, [credential()]}
get the list of credentials for the given session
get_display_name_for(Session::pid()) -> {ok, binary()}
return the display name of a session
get_interface_description(X1::{ok, atom() | tuple()}) -> binary()
convert interface type in human readable string.
get_iss_id_sub_for(Session::pid()) -> {ok, binary(), binary(), binary()}
return the issuer, its id, and subject of a session
get_iss_sub_for(Session::pid()) -> {ok, binary(), binary()}
return the issuer and subject of a session
get_openid_provider_info(ProviderId::binary()) -> {ok, map()}
get the complete openid connect provider information
get_openid_provider_list() -> {ok, [oidc_info()]}
get the list of all configured openid connect provider.
get_service_list_for(Session::pid()) -> {ok, [Service::map()]}
returns the list of services for the given Session
get_temp_cred(Id::binary(), Session::pid()) -> {ok, credential()} | {error, atom()}
get a temp credential by its id and for the user this also deletes the stored credential
get_user_msg(X1::map()) -> binary()
extract the user message from the map
handle_credential_result(X1::watts_plugin:result(), ServiceId::binary(), Session::pid(), Params::map()) -> cred_result()
handle the result of a translation.
this is the result part of the request_credential_for/3
call.
introspect_token_if_needed(X1::boolean(), Token::map(), Config::map(), Session::pid()) -> {ok, map()} | {error, atom()}
perfom token introspection if needed
is_provider_disabled(ProviderId::binary()) -> boolean()
return if a provider is disabled, returns true if not found.
login_with_access_token(AccessToken::binary() | atom(), Issuer::binary()) -> {ok, session_info()} | {error, Reason::atom()}
login with an access token, which is use at the API.
this function in turn calls do_login_if_issuer_enabled/3
.
login_with_oidcc(TokenMap::map(), X2::{SessType::watts_session:type(), Session::pid() | undefined}) -> {ok, session_info()} | {error, Reason::atom()}
perform a login with the openid flow through the ui (not access token). there are some possible valid cases, if the Token contains the minimal needed information:
do_login_if_issuer_enabled/3
do_additional_login/4
do_rsp_additional_login/4
It fails for sure if the Token does not contain the minimal needed information, which is at least subject and issuer in the IdToken.
The login at the api level with access token is performed using {link login_with_access_token/2}.See also: watts_session.
logout(Session::pid()) -> ok
close the given session
new_login(Issuer::binary(), Subject::binary() | undefined, Token::map() | binary()) -> {error, Reason::atom()} | {ok, session_info()}
start e new login, so setting up a session is needed. it is not needed for e.g. additional logins.
no_provider_used(X1::undefined | binary()) -> boolean()
a helper function to get rid of the dialyzer error
request_credential_for(ServiceId::binary(), Session::pid(), Params::map()) -> cred_result()
start a translation request at the given Service for the given Session. This is using the params passed. A plugin will be triggered to run with all the needed parameter. After running the plugin the result will get parsed and send to the user.
See also: watts_plugin, watts_plugin_runner, watts_plugin:request/4.
retrieve_information(Issuer::binary(), Subject::binary(), Token::map(), Session::pid()) -> {ok, binary(), binary(), map()} | {error, atom()}
retrieve user information at the oidc provider
return_credential_list(Session::pid(), Type::atom() | tuple()) -> {ok, [credential()]}
get the list of credentials for the given session unless it is RSP
return_service_list(Session::pid(), Type::atom() | {rsp, term(), term()}) -> {ok, [Service::map()]}
returns the list of services for the given Session unless it is RSP
return_session_info(Session::pid()) -> {ok, session_info()}
generate a session description map from the given session pid.
revoke_credential_for(CredId::binary(), Session::pid()) -> ok | {error, Reason::binary()}
revoke the credential witht the given id for the user from the session.
rsp_session_if_service_allowed(ServiceAllowed::boolean(), Session::pid()) -> {ok, Session::pid()} | {error, Reason::atom()}
return the rsp session, if the first parameter is true. The first parameter is the boolean value if the service is allowed.
rsp_session_or_error(ValidProvider::boolean(), ServiceId::binary() | undefined, Params::map() | undefined, Provider::binary() | undefined, Rsp::watts_rsp:rsp(), SessType::watts_session:type()) -> {ok, Session::pid()} | {error, Reason::atom()}
either setup the rsp session or return an error.
session_for_rsp(Rsp::watts_rsp:rsp()) -> {ok, Session::pid()} | {error, Reason::atom()}
setup a session for an rsp, get called when performing rsp logins. RSP sessions always have a primary login that is coming from the RSP. If a user needs to authenticate against some OpenID Connect provider this always is an additional login for an RSP session.
See also: watts_http_rsp:handle/2, watts_rsp:validate_jwt_get_rsp/2.
session_with_error(Msg::binary()) -> {ok, Session::pid()}
create a basic session that only contains the error message.
start_debug(ListOfModules::[string()]) -> {ok, any()}
start debugging with defaults (one hour, 10000 messages)
start_debug(ListOfModules::[string()], Options::[any()]) -> {ok, any()}
start debugging, with options
stop_debug() -> stopped | not_started
stop debugging
store_temp_cred(Credential::temp_cred(), Session::pid()) -> {ok, binary()}
store a credential temporary in a gen_server in RAM
trigger_rsp_additional_login(X1, Provider, X3, Subject, TokenMap, Pid) -> any()
check if the RSP is enabled and trigger the additional login.
update_session(Issuer::binary(), Subject::binary(), Token::binary() | map(), SessionPid::pid()) -> {ok, session_info()}
update the session with issuer, subject and maybe more
update_session(Issuer::binary(), IssId::binary(), Subject::binary(), Token::binary() | map(), SessionPid::pid()) -> {ok, session_info()}
update the session with issuer, its id, subject and maybe more
update_session_type(X1::undefined | binary(), SessPid::pid()) -> ok
set the session type depending on the fact if the subject has been shown in the token, so if it has been an Id Token or an Access Token
Generated by EDoc