A simplified example of storing an authorization request for an openeid connect valid code flow request

authorization_request.ex

defmodule App.AuthorizationRequest do
  use Ecto.Schema

  schema "authorization_requests" do
    field(:client_id, :string)
    field(:code, :string)
    field(:nonce, :string)
    field(:access_token, :string)
    field(:refresh_token, :string)
    field(:scope, :string)
    field(:claimed_at, :naive_datetime)

    belongs_to(:account, Account)

    timestamps()
  end

  @expires_from_now [days: 2]
  @required_attributes [:client_id, :code, :scope, :access_token, :refresh_token]

  def changeset(params, account: account) do
    %__MODULE__{}
    |> cast(params, @required_attributes ++ [:nonce])
    |> validate_required(@required_attributes)
    |> put_assoc(:account, account)
  end

  def claim_changeset(request) do
    change(request, %{claimed_at: Timex.now()})
  end

  def id_token(req, from_now \\ @expires_from_now) do
    %IDToken{
      iss: "#{AppWeb.Endpoint.url()}/",
      sub: req.account_id,
      aud: req.client_id,
      exp: req.inserted_at |> Timex.shift(from_now) |> Timex.to_unix(),
      iat: req.inserted_at |> Timex.to_unix(),
      auth_time: req.inserted_at |> Timex.to_unix(),
      nonce: req.nonce
    }
  end

  def signed_id_token(req, from_now \\ @expires_from_now) do
    {:ok,
     req
     |> id_token(from_now)
     |> IDToken.sign!()}
  end
end