Fetches a new token using the authorization code provided by the OAuth provider.

Parameters

• client: The client configuration containing client_id, client_secret, and token_endpoint.
• code: The authorization code received from the OAuth provider.

Returns

• {:ok, token_data} on success
• {:error, %{status: integer(), error: term(), details: map()}} on failure

Fetches user information from the OAuth provider using a valid access token.

Parameters

• client: The client configuration containing userinfo_endpoint.
• token: The token configuration containing access_token.

Returns

• {:ok, user_info} on success
• {:error, %{status: integer(), error: term(), details: map()}} on failure

Generates an authorization URL with specified parameters.

Parameters

• client: The client configuration containing client_id, and authorization_endpoint.
• params: Additional parameters to include in the authorization URL.

Returns

• The fully formed authorization URL as a string.

Refreshes an existing token using the refresh token.

Parameters

• client: The client configuration containing client_id, client_secret, and token_endpoint.
• token: The token configuration containing refresh_token

Returns

• {:ok, refreshed_token_data} on success with preserved refresh_token
• {:error, %{status: integer(), error: term(), details: map()}} on failure

Revokes an OAuth token.

Attempts to revoke both access_token and refresh_token for comprehensive cleanup. Per RFC 7009, providers should invalidate related tokens when one is revoked.

Parameters

• client: The client configuration containing client_id, client_secret, and revocation_endpoint.
• token: The token data containing access_token and refresh_token.

Returns

• :ok on success (any token successfully revoked)
• {:error, %{status: integer(), error: term(), details: map()}} on failure