DEV Community: Jonatan Männchen

Navigating the EEF Stipend Process

Jonatan Männchen — Wed, 09 Oct 2024 09:08:52 +0000

Unlock the Power of OpenID Connect on the BEAM

In today's digital world, implementing secure and efficient authentication systems is more critical than ever. OpenID Connect has emerged as a powerful protocol, offering seamless and secure login experiences for applications. I recently delved deep into this topic during my talk at Code BEAM San Francisco, titled "Unlock the Power of OpenID Connect on the BEAM."

For those who couldn't attend, I'm excited to share the key insights and developments from that presentation through this series of blog posts. If you're interested in exploring further, you can watch the talk recording and download the slides.

Whether you're new to OpenID Connect or looking to enhance your application's security, these posts aim to provide valuable insights and practical guidance.

Part 3: Navigating the EEF Stipend Process

Background and Motivation

Balancing the redevelopment of oidcc with professional responsibilities was challenging. Recognizing the importance of this work, I approached the Erlang Ecosystem Foundation (EEF) through their Security Working Group, seeking a stipend to dedicate time to the project.

Initially, I faced some timing challenges, but when I transitioned to a role at Sustema, an insurtech startup, I found myself with a one-month gap before starting my new position. Seizing this opportunity, I reapplied for the stipend and was approved.

A Positive Experience with the EEF

Implementing a stipend with the EEF was a great experience. The process was straightforward, and the collaboration with the foundation was very good and uncomplicated. Their support allowed me to focus intensively on redeveloping the oidcc library.

The result was a robust, fully certified client library that met the requirements of the OpenID Connect Core specification and implemented many of its optional features, particularly those enhancing security. We incorporated advanced security measures, making it suitable for high-security environments where trust and compliance are paramount.

To share these developments with the broader community, I introduced the updated library alongside Lars on Beam Radio. As part of my commitment to the EEF and to promote secure authentication practices, I also presented a talk at Code BEAM San Francisco. The talk aimed to raise awareness about the importance of secure OpenID Connect implementations and showcase how the oidcc library can facilitate this on the BEAM platform.

The Stipend Process at the EEF

The Erlang Ecosystem Foundation offers stipends to support projects that benefit the BEAM community. The goal is to fund open-source development, trainings, workshops, and other initiatives that help increase and expand the BEAM community, especially among those new to Erlang, Elixir, and the ecosystem.

Key Aspects of the Stipend Program:

Focus on Community Growth: The foundation favors stipends targeted toward beneficiaries new to the BEAM ecosystem, aiming to broaden the community.
Preferred Initiatives: Supports online workshops, training materials, hands-on trainings, open-source development work, and diversity efforts.
Application Process: The process is straightforward. Proposals should be concise with clear objectives. Applicants are encouraged to seek additional sponsorship from corporations or local sponsors to foster sustainable, long-term relationships.

Learn more: https://erlef.org/stipends

Looking Ahead

As I continue to contribute to the BEAM ecosystem and develop tools like oidcc, I'm excited about new opportunities on the horizon. Starting in November, I'm open to taking on a new role within the community. If you're seeking someone with a passion for building secure, scalable applications and advancing the state of the art in Erlang and Elixir, I'd love to hear from you.

Implementing OpenID Connect on the BEAM

Jonatan Männchen — Wed, 09 Oct 2024 09:08:14 +0000

Unlock the Power of OpenID Connect on the BEAM

Whether you're new to OpenID Connect or looking to enhance your application's security, these posts aim to provide valuable insights and practical guidance.

Part 2: Implementing OpenID Connect on the BEAM

Background and Motivation

Despite OpenID Connect's critical role in modern authentication, I found myself increasingly frustrated with the existing client implementations available for the BEAM ecosystem. Many libraries lacked comprehensive support for the full OpenID Connect specification, especially concerning advanced security features and compliance requirements. This gap not only complicated our development process but also raised concerns about the security and reliability of the applications we were building for our clients.

Determined to address these shortcomings, I took over the maintenance of the oidcc library, originally developed by Indigo. The library already existed but did not fulfill the requirements I had set. I took over the project and implemented a completely new version to fully comply with the OpenID Connect Core specification and include optional security features crucial for high-stakes applications like banking and healthcare.

Implementing OpenID Connect on the BEAM

With the understanding of OpenID Connect's fundamentals and its security features, the next step is integrating it into applications built on the BEAM—the Erlang virtual machine that powers languages like Erlang and Elixir. Implementing OpenID Connect on the BEAM allows developers to leverage the concurrency and fault tolerance of the platform while providing secure authentication mechanisms in their applications.

Challenges with Existing Libraries:

Incomplete Implementations: Existing libraries often lacked full support for the OpenID Connect specification, implementing only basic features necessary for simple authentication flows.
Missing Security Features: Optional but crucial security features were frequently absent, which are essential for applications handling sensitive data.
Lack of Compliance and Certification: Without full compliance and certification, there was a lack of trust and assurance in the reliability and security of these libraries.

Introducing `oidcc`

To address the need for a comprehensive and secure solution, I developed a completely new version of oidcc, a fully compliant OpenID Connect client library designed specifically for Erlang and Elixir applications running on the BEAM.

What Is `oidcc`?

oidcc is an OpenID Connect client library that aims to provide:

Complete Support for OpenID Connect Core Specification: Implements all mandatory features and many optional ones outlined in the OpenID Connect standard, ensuring broad compatibility with identity providers.
Advanced Security Features: Includes support for optional security mechanisms such as PKCE, various client authentication methods, token validation, and more.
Compliance and Certification: Designed to meet the compliance requirements set by the OpenID Foundation, providing confidence in its reliability and security.
Ease of Use: Focuses on simplicity and developer-friendliness, making it straightforward to integrate into existing applications.
Erlang and Elixir Support: Compatible with both Erlang and Elixir, offering flexibility for developers working in either language.

Key Features of `oidcc`

Full OpenID Connect Core Implementation: Supports all standard authentication flows, including the Authorization Code Flow, Implicit Flow, Hybrid Flow, and more.
Security by Default: Enforces best security practices out of the box, reducing the risk of misconfiguration.
Dynamic Provider Configuration: Utilizes the OpenID Connect discovery mechanism to dynamically retrieve provider configurations.
Token Management: Provides robust token handling, including validation, refreshing, and revocation support.
Pluggable Architecture: Designed to be extensible, allowing developers to customize and extend functionality as needed.
Comprehensive Documentation and Examples: Accompanied by detailed documentation and practical examples.

Companion Libraries

To facilitate seamless integration with popular web frameworks and tools in the BEAM ecosystem, oidcc includes several companion libraries:

oidcc_cowboy: Integration with Cowboy, a small, fast, and modern HTTP server for Erlang/OTP.
oidcc_plug: Support for Plug, allowing easy integration with Phoenix.
phx_gen_oidcc: A Phoenix generator that helps set up OpenID Connect authentication.
ueberauth_oidcc: Integration with Überauth, enabling developers to add OpenID Connect strategies to their authentication pipeline.

Why Choose `oidcc`?

Security and Compliance: Adheres strictly to the OpenID Connect specifications and incorporates advanced security features.
Community and Support: Hosted under the Erlang Ecosystem Foundation's GitHub organization, benefiting from community contributions and oversight.
Flexibility: Offers the flexibility to meet requirements for both simple and complex applications.
Ease of Integration: Companion libraries and comprehensive documentation simplify integration.

Installation and Setup

Integrating oidcc into your BEAM applications is straightforward, whether you're using Elixir or Erlang.

Installing `oidcc`

Add oidcc and its companion libraries to your project's dependencies.

For Elixir Projects (`mix.exs`):

defmodule MyApp.MixProject do
  use Mix.Project

  # ...

  defp deps do
    [
      {:oidcc, "~> 3.1"},           # Core library
      {:oidcc_plug, "~> 0.1.1"},    # Plug/Phoenix integration
      {:ueberauth_oidcc, "~> 0.3.1"} # Überauth integration (optional)
    ]
  end
end

Run mix deps.get to fetch the dependencies.

For Erlang Projects (`rebar.config`):

{deps, [
    {oidcc, "~> 3.1"},             % Core library
    {oidcc_cowboy, "~> 3.0"}       % Cowboy integration
]}.

Run rebar3 get-deps to fetch the dependencies.

Configuring Provider Introspection

Start a provider configuration worker to communicate with your OpenID Connect provider.

Elixir Example:

{:ok, _pid} =
  Oidcc.ProviderConfiguration.Worker.start_link(%{
    issuer: "https://example.com",
    name: MyApp.OidcProvider
  })

Erlang Example:

{ok, _Pid} =
    oidcc_provider_configuration_worker:start_link(#{
        issuer => <<"https://example.com">>,
        name => {local, myapp_oidc_provider}
    }),

Implementing Authentication

Elixir Example:

# Define the callback URI
callback_uri = "https://example.com/auth/callback"

# Create the redirect URI
{:ok, redirect_uri} =
  Oidcc.create_redirect_url(
    MyApp.OidcProvider,
    client_id,
    client_secret,
    %{redirect_uri: callback_uri}
  )

# Redirect the user to `redirect_uri`

# After authentication, exchange the authorization code for tokens
{:ok, token} =
  Oidcc.retrieve_token(
    auth_code,
    MyApp.OidcProvider,
    client_id,
    client_secret,
    %{redirect_uri: callback_uri}
  )

Integrating with Web Frameworks

Using Cowboy (Erlang):

% Setup options
OidccCowboyOpts = #{
    provider => myapp_oidc_provider,
    client_id => <<"your_client_id">>,
    client_secret => <<"your_client_secret">>,
    redirect_uri => <<"http://example.com/auth/callback">>
},

% Success handler
OidccCowboyCallbackOpts =
    maps:merge(OidccCowboyOpts, #{
        handle_success => fun(Req, _Token, #{<<"sub">> := Subject}) ->
            cowboy_req:reply(
                200, #{}, [<<"Hello ">>, Subject, <<"!">>], Req
            )
        end
    }),

% Register routes
Dispatch = cowboy_router:compile([
    {'_', [
        {"/auth/init", oidcc_cowboy_authorize, OidccCowboyOpts},
        {"/auth/callback", oidcc_cowboy_callback, OidccCowboyCallbackOpts}
    ]}
]),

% Start the server
{ok, _} = cowboy:start_clear(http, [{port, 8080}], #{
    env => #{dispatch => Dispatch}
}),

Using Plug/Phoenix (Elixir):

defmodule MyAppWeb.OidcController do
  use MyAppWeb, :controller
  alias Oidcc.Plug.{Authorize, AuthorizationCallback}

  plug Authorize,
       [
         provider: MyApp.OidcProvider,
         client_id: "your_client_id",
         client_secret: "your_client_secret",
         redirect_uri: &__MODULE__.callback_uri/0
       ]
       when action in [:authorize]

  plug AuthorizationCallback,
       [
         provider: MyApp.OidcProvider,
         client_id: "your_client_id",
         client_secret: "your_client_secret",
         redirect_uri: &__MODULE__.callback_uri/0
       ]
       when action in [:callback]

  def callback_uri, do: url(~p"/oidc/callback")

  def authorize(conn, _params), do: conn

  def callback(
        %Plug.Conn{
          private: %{AuthorizationCallback => result}
        } = conn,
        _params
      ) do
    case result do
      {:ok, {_token, userinfo}} ->
        conn
        |> put_session("oidc_claims", userinfo)
        |> redirect(to: "/")

      {:error, reason} ->
        conn
        |> put_status(400)
        |> render(:error, reason: reason)
    end
  end
end

Retrieving User Information and Introspection

Elixir Example:

# Retrieve user information
{:ok, claims} =
  Oidcc.retrieve_userinfo(
    token,
    MyApp.OidcProvider,
    client_id,
    client_secret,
    %{}
  )

# Introspect the access token
{:ok, introspection} =
  Oidcc.introspect_token(
    token,
    MyApp.OidcProvider,
    client_id,
    client_secret
  )

Refreshing Tokens

Elixir Example:

# Refresh the access token
{:ok, refreshed_token} =
  Oidcc.refresh_token(
    token,
    MyApp.OidcProvider,
    client_id,
    client_secret
  )

API Token Validation

Ensuring the validity of API tokens is essential for securing your application's endpoints and protecting sensitive resources. The oidcc library simplifies this task by offering robust support for API token validation through multiple methods.

Library Support for API Token Validation

The oidcc library provides several ways to validate tokens received from clients:

JWT Verification: If your OpenID Connect provider issues access tokens as JWTs, you can perform local validation by verifying the token's signature using the provider's public keys and checking claims like issuer (iss), audience (aud), and expiration time (exp).
UserInfo Endpoint: Validate tokens by making a request to the UserInfo endpoint provided by the OpenID Connect issuer. A successful response confirms the token's validity and retrieves up-to-date user information.
Token Introspection: Use the introspection endpoint to check a token's active status and retrieve associated metadata, useful for opaque tokens that cannot be validated locally.

Middleware Integration

To streamline token validation, oidcc includes middleware components:

Plug Middleware: In Elixir applications, integrate the provided Plug middleware into your pipeline to handle token extraction and validation for incoming requests.
Cowboy Middleware: For Erlang applications using Cowboy, the library offers middleware that integrates token validation into your request handling.

By leveraging these validation methods and middleware components, you can enhance your application's security posture.

What's Next for `oidcc`

The development of oidcc is an ongoing effort aimed at providing a comprehensive and secure OpenID Connect client library for the BEAM ecosystem. Looking ahead, several exciting developments and enhancements are planned to further improve the library and its utility in various applications.

Upcoming Features

Completion of FAPI 2.0 Certification: Work is underway to achieve full certification for the Financial-grade API (FAPI) 2.0 standards. This certification ensures that oidcc meets the stringent security and interoperability requirements necessary for applications in the financial sector and other high-security environments. Special thanks to Paul Swartz for his significant contributions to this effort.
Update: FAPI 2.0 is implemented, pending certification.
Independent Security Review: An independent security audit is being conducted to thoroughly assess oidcc for potential vulnerabilities and to validate its security features. This review is made possible thanks to a collaboration with Erlang Solutions, who are providing their expertise to ensure the library's robustness.
Update: The review has been performed by SAFE and all findings have been remediated.
Additional Companion Libraries: Plans are in place to develop companion libraries for other frameworks and tools within the BEAM ecosystem, such as integrating with the Ash Framework.
Support for Additional OpenID Protocols: Enhancements are being made to support more OpenID Connect protocols, such as Single Logout (SLO) and Self-Sovereign Identity (SSI). Implementing SLO will allow users to log out of multiple applications simultaneously, improving security and user experience.
Enhanced Documentation and Examples: Ongoing efforts to improve the documentation, provide more comprehensive examples, and create tutorials will make it easier for developers to adopt and implement oidcc in their projects.

How You Can Help

The continued success of oidcc relies on the support and involvement of the community. Here are several ways you can contribute:

Vote for New Features

GitHub Discussions: We've posted a list of potential extensions and new standards to implement on our GitHub Discussions page. If there's a feature you'd like to see, please give it an upvote. If it's not listed, feel free to create a new discussion thread. Your input helps us prioritize developments based on community interest.

Integrate `oidcc` into Your Projects

Library Developers: If you're developing an authentication library that could benefit from oidcc, we'd be delighted to support its integration. We're happy to offer assistance to ensure a smooth implementation.

Try `oidcc` and Provide Feedback

OpenID Connect Users: If you're using OpenID Connect in your applications, try out oidcc and let us know what you think. Your feedback is invaluable and helps us improve the library to better meet the community's needs.

Get Involved with the EEF

Join an EEF Working Group: If you're involved in the BEAM ecosystem, consider joining a working group within the Erlang Ecosystem Foundation (EEF). Your participation can make a significant impact on the community's growth and direction.

Support the EEF as a Company

Corporate Sponsorship: If your company benefits from the BEAM ecosystem, consider sponsoring the EEF. Your support enables initiatives like oidcc and helps foster the development of the entire ecosystem, including community growth, educational resources, and collaborative projects that benefit everyone.

OpenID Connect—An Introduction

Jonatan Männchen — Wed, 09 Oct 2024 09:07:43 +0000

Unlock the Power of OpenID Connect on the BEAM

Whether you're new to OpenID Connect or looking to enhance your application's security, these posts aim to provide valuable insights and practical guidance.

Part 1: OpenID Connect—An Introduction

Background and Motivation

My journey with OpenID Connect began during my time as the Tech Lead at JOSHMARTIN, a small software consultancy based in Switzerland. Our team tackled a variety of projects that demanded robust and secure authentication systems. From developing customer and employee-facing applications for a local bank to creating a COVID-19 tracing app used by three Swiss cantons (regions similar to states), I gained firsthand experience with the challenges of implementing OpenID Connect in complex, real-world scenarios.

These experiences highlighted the importance of a secure and standardized authentication protocol that could handle the complexities of modern applications while ensuring user data protection.

What Is OpenID Connect?

OpenID Connect is an open authentication protocol that provides a simple, secure, and standardized way to handle user authentication and authorization across multiple applications. Built on top of the OAuth 2.0 framework, it extends OAuth's capabilities by adding an identity layer, enabling applications not only to authorize access but also to authenticate the user's identity.

Key Enhancements Over OAuth 2.0:

Authentication Layer: Introduces an ID token (a JSON Web Token or JWT) to securely convey the user's identity information, allowing applications to verify who the user is and obtain basic profile information.
Standardization and Interoperability: Provides a well-defined set of specifications and endpoints, ensuring interoperability between identity providers and client applications.
User-Centric Approach: Emphasizes user consent and control, allowing users to grant or deny access to their information and understand what data the application is requesting.
Simplicity and Usability: Utilizes RESTful APIs and JSON, familiar to most developers, facilitating quicker and more secure implementation.

Why Use OpenID Connect?

Implementing OpenID Connect in your applications offers numerous advantages that enhance security, improve user experience, and streamline development. Here are some compelling reasons to adopt OpenID Connect:

1. Single Sign-On (SSO)

OpenID Connect enables Single Sign-On, allowing users to authenticate once and gain access to multiple applications seamlessly. This eliminates the need for users to remember multiple sets of credentials and reduces the friction associated with logging into different services.

2. Enhanced Security

OpenID Connect enhances security by leveraging trusted identity providers who implement advanced security measures. It uses digitally signed and encrypted tokens to ensure data integrity and protection against tampering. By outsourcing authentication, you minimize vulnerabilities due to misconfigurations or outdated security practices.

3. Standardization and Interoperability

The protocol offers standardization and interoperability, simplifying the integration process across different platforms and programming languages. It allows you to interact with various identity providers without needing custom implementations for each one, making transitions smoother and less costly due to its standardized nature.

4. User Consent and Control

OpenID Connect emphasizes user consent and control by informing users about what information the application is requesting. It allows users to consent to or deny specific scopes or permissions, helping you comply with data protection laws by ensuring explicit user consent.

5. Token-Based Authentication

By utilizing token-based authentication, OpenID Connect reduces the need for server-side session storage, improving scalability. It enables decoupled services by authorizing API calls to different services, supporting microservices architectures. Tokens can be easily revoked and have expiration times set for better access control.

6. Identity Federation

OpenID Connect supports identity federation, allowing users to authenticate using different identity providers. This simplifies integration by accepting authenticated users from various trusted sources without multiple authentication mechanisms and enhances user experience by letting users choose their preferred identity provider.

7. Integration with External APIs

The protocol provides a unified authorization flow to obtain necessary tokens for accessing OpenID Connect-compliant APIs. It ensures a consistent user experience, as users authorize your application through a familiar and secure flow.

8. Reduced Development and Maintenance Effort

Adopting OpenID Connect allows developers to focus on core functionality, concentrating on building application features. The availability of community support and libraries accelerates development time, and identity providers handle updates and security patches, reducing maintenance efforts.

9. Compliance and Trust

Using OpenID Connect helps meet industry standards and regulatory requirements for security and data protection. It enhances your application's credibility by associating with trusted identity providers, thereby building brand reputation.

10. Future-Proofing Your Application

OpenID Connect supports adaptability by embracing emerging authentication methods and security enhancements. Relying on an actively maintained standard ensures your authentication system remains relevant, providing longevity for your application.

How Does OpenID Connect Work?

OpenID Connect operates by layering an identity verification process on top of the OAuth 2.0 authorization framework. It introduces mechanisms to authenticate users and obtain basic profile information in a standardized way.

Key Enhancements Over OAuth 2.0

Authentication Layer: Adds an identity layer to OAuth 2.0, enabling applications to verify the user's identity using ID tokens.
Introspection and Discovery: Introduces introspection mechanisms that allow client applications to dynamically discover the capabilities of the identity provider.

Authentication Flows (Grant Types)

OpenID Connect defines several authentication flows to accommodate different types of applications and use cases:

Authorization Code Flow: Standard and most secure flow for web applications with a backend server.
Implicit Flow: For client-side applications; being phased out due to security concerns.
Hybrid Flow: Combines elements of Authorization Code and Implicit flows for flexibility.
Client Credentials Flow: For server-to-server interactions without user involvement.
Resource Owner Password Credentials Flow: Generally discouraged due to security concerns.
Device Authorization Grant: For devices with limited input capabilities.

The Standard Flow: Authorization Code Flow

The Authorization Code Flow is the primary method for authenticating users in OpenID Connect. It ensures that tokens are transmitted securely and that both the client application and the user are authenticated appropriately.

Flow Steps:

User Redirected to Identity Provider: The user initiates authentication by attempting to access a protected resource, and the application redirects them to the identity provider.
User Authenticates: The identity provider presents a login interface, and the user provides their credentials.
Authorization Code Issued: Upon successful authentication, the identity provider redirects the user back to the application with an authorization code.
Token Exchange: The application exchanges the authorization code for tokens by making a secure server-to-server request to the identity provider's token endpoint.
Token Validation: The application validates the received tokens, ensuring they are authentic and have not expired.
User Session Established: The user gains access to the protected resources within the application.

This flow minimizes the exposure of tokens and sensitive data, enhancing security.

Security in OpenID Connect

Security is at the heart of OpenID Connect, making it a trusted protocol for handling user authentication and authorization.

Key Security Features:

Digitally Signed and Encrypted Tokens: Ensure data integrity and protect against tampering.
State and Nonce Parameters: Protect against cross-site request forgery (CSRF) and replay attacks.
Client Authentication Methods: Support for client secrets, private keys, and mutual TLS (mTLS).
Proof Key for Code Exchange (PKCE): Enhances security for public clients by adding a verification step when exchanging authorization codes.
JWT Secured Authorization Request (JAR) and Response Mode (JARM): Encapsulate authorization requests and responses within signed JWTs.
Demonstration of Proof-of-Possession (DPoP): Binds tokens to a specific client instance, reducing the risk of token theft and replay attacks.
Secure HTTPS Connections: Encrypts data during transmission to protect against eavesdropping or tampering.

These security measures work together to provide a comprehensive and flexible security framework, allowing developers to tailor security to their specific needs while maintaining high standards of protection.

DEV Community: Jonatan Männchen

Navigating the EEF Stipend Process

Unlock the Power of OpenID Connect on the BEAM

Part 3: Navigating the EEF Stipend Process

Background and Motivation

A Positive Experience with the EEF

The Stipend Process at the EEF

Looking Ahead

Implementing OpenID Connect on the BEAM

Unlock the Power of OpenID Connect on the BEAM

Part 2: Implementing OpenID Connect on the BEAM

Background and Motivation

Implementing OpenID Connect on the BEAM

Challenges with Existing Libraries:

Introducing oidcc

What Is oidcc?

Key Features of oidcc

Companion Libraries

Why Choose oidcc?

Installation and Setup

Installing oidcc

For Elixir Projects (mix.exs):

For Erlang Projects (rebar.config):

Configuring Provider Introspection

Elixir Example:

Erlang Example:

Implementing Authentication

Elixir Example:

Integrating with Web Frameworks

Using Cowboy (Erlang):

Using Plug/Phoenix (Elixir):

Retrieving User Information and Introspection

Elixir Example:

Refreshing Tokens

Elixir Example:

API Token Validation

Library Support for API Token Validation

Middleware Integration

What's Next for oidcc

Upcoming Features

How You Can Help

Vote for New Features

Integrate oidcc into Your Projects

Try oidcc and Provide Feedback

Get Involved with the EEF

Support the EEF as a Company

OpenID Connect—An Introduction

Unlock the Power of OpenID Connect on the BEAM

Part 1: OpenID Connect—An Introduction

Background and Motivation

What Is OpenID Connect?

Key Enhancements Over OAuth 2.0:

Why Use OpenID Connect?

1. Single Sign-On (SSO)

2. Enhanced Security

3. Standardization and Interoperability

4. User Consent and Control

5. Token-Based Authentication

6. Identity Federation

7. Integration with External APIs

8. Reduced Development and Maintenance Effort

9. Compliance and Trust

10. Future-Proofing Your Application

How Does OpenID Connect Work?

Key Enhancements Over OAuth 2.0

Authentication Flows (Grant Types)

The Standard Flow: Authorization Code Flow

Security in OpenID Connect

Key Security Features:

Introducing `oidcc`

What Is `oidcc`?

Key Features of `oidcc`

Why Choose `oidcc`?

Installing `oidcc`

For Elixir Projects (`mix.exs`):

For Erlang Projects (`rebar.config`):

What's Next for `oidcc`

Integrate `oidcc` into Your Projects

Try `oidcc` and Provide Feedback