I have also been investigating the possibilities for using OpenID Connect in a Phoenix project. The best Elixir library I have found so far is Shield, as @Greater_Good also mentioned above. Unfortunately, that library does not seem to be actively maintained, and it has some critical open issues.
Luckily, there exists a Certified OpenID Connect Implementation for Erlang, called oidcc. This library seems to be more robust and actively maintained. OpenID Connect itself is also extensively documented on their website, where they also provide two implementer’s guides.
Since Elixir can leverage Erlang libraries, I’m considering to use oidcc directly, perhaps creating some abstractions of my own as necessary, using the official OpenID documentation as a guide.
Update: Yeah… I did some more testing and reading today, and managed to get a rudimentary Phoenix app up and running with the aforementioned Erlang oidcc library. Now I know how much I don’t know. It doesn’t seem like oidcc does what I thought it does. As far as I understand, it’s a server-side library, not a client library, and so it doesn’t perform the desired “OAuth Dance” (Authorization Code strategy needed for Azure AD) with token verification, etc. So, I’ll probably be using oauth2 instead, possibly guardian or ueberauth. But first, I’ve got some more reading to do…
