Question 1

How to integrate oidcc with a Phoenix application?

Accepted Answer

Use the oidcc_plug companion library, which provides Plug and Phoenix integrations, simplifying authentication flows in Elixir web apps. The README lists this under companion libraries with links to hex.pm packages.

Question 2

Is oidcc suitable for FAPI 2.0 compliant banking apps?

Accepted Answer

Yes, oidcc supports FAPI 2.0 Security Profile and Message Signing, making it ideal for financial-grade authentication. This is explicitly listed in the Supported Features section of the README.

Question 3

oidcc vs ueberauth_oidcc: which one should I use?

Accepted Answer

oidcc is the core OpenID Connect library providing low-level control, while ueberauth_oidcc integrates it with the Überauth framework for a higher-level abstraction. Choose based on whether you need Überauth's strategy pattern or direct oidcc functionality.

Question 4

How does oidcc handle token refresh automatically?

Accepted Answer

oidcc provides a refresh_token function for manual refresh, but automatic handling requires custom implementation or companion libraries. The usage examples show how to call refresh_token with provider configuration.

Question 5

Can oidcc be used for server-to-server authentication?

Accepted Answer

Yes, it supports the client_credentials grant type for server-to-server authentication without user interaction. This is included in the token grant types listed in the Supported Features.

Question 6

What are common pitfalls when setting up oidcc?

Accepted Answer

Ensure correct issuer configuration, manage client secrets securely, and handle token validation errors. The README emphasizes starting provider configuration workers properly, and the security audit report offers additional guidance.

oidcc

What is oidcc?

Overview

Use Cases

Best For

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions