state_payload_decrypt_validate

Internal utility that decrypts the encrypted <code>state</code> payload using the
client's <code>state_key</code>, then validates freshness and client binding.

internal

Provides a simple, configurable, provider-agnostic 'OAuth 2.0' and
'OpenID Connect' (OIDC) authentication framework for 'shiny' applications
using 'S7' classes. Defines providers, clients, and tokens, as well
as various supporting functions and a 'shiny' module. Features include
cross-site request forgery (CSRF) protection, state encryption,
'Proof Key for Code Exchange' (PKCE) handling, validation of OIDC identity
tokens (nonces, signatures, claims), automatic user info retrieval, asynchronous
flows, and hooks for audit logging.

Luka Koning

shinyOAuth

Provider-Agnostic OAuth Authentication for 'shiny' Applications

state_payload_decrypt_validate function

<dl><dt>client</dt>
<dd>OAuthClient instance</dd>
<dt>encrypted_payload</dt>
<dd>Encrypted state payload string received via the
<code>state</code> query parameter.</dd>
<dt>shiny_session</dt>
<dd>Optional pre-captured Shiny session context (from
<code>capture_shiny_session_context()</code>) to include in audit events. Used when
calling from async workers that lack access to the reactive domain.</dd></dl>

Arguments

Decrypt and validate OAuth state payload — state_payload_decrypt_validate

<dl>

<dt>client</dt>
<dd>OAuthClient instance</dd>


<dt>encrypted_payload</dt>
<dd>Encrypted state payload string received via the
<code>state</code> query parameter.</dd>


<dt>shiny_session</dt>
<dd>Optional pre-captured Shiny session context (from
<code>capture_shiny_session_context()</code>) to include in audit events. Used when
calling from async workers that lack access to the reactive domain.</dd>

</dl>

state_payload_decrypt_validate: Decrypt and validate OAuth state payload

Description

Usage

Value

Arguments