2023-09-27 16:42:46 +13:00
|
|
|
<!--
|
|
|
|
This file was generated by Spark. Do not edit it by hand.
|
|
|
|
-->
|
2023-09-22 10:20:50 +12:00
|
|
|
# DSL: AshAuthentication.Strategy.Github
|
|
|
|
|
|
|
|
Strategy for authenticating using [GitHub](https://github.com)
|
|
|
|
|
|
|
|
This strategy builds on-top of `AshAuthentication.Strategy.OAuth2` and
|
|
|
|
[`assent`](https://hex.pm/packages/assent).
|
|
|
|
|
|
|
|
In order to use GitHub you need to provide the following minimum configuration:
|
|
|
|
|
|
|
|
- `client_id`
|
|
|
|
- `redirect_uri`
|
|
|
|
- `client_secret`
|
|
|
|
|
|
|
|
See the [GitHub quickstart guide](/documentation/tutorials/github-quickstart.html)
|
|
|
|
for more information.
|
|
|
|
|
|
|
|
## DSL Documentation
|
|
|
|
|
|
|
|
Provides a pre-configured authentication strategy for [GitHub](https://github.com/).
|
|
|
|
|
|
|
|
This strategy is built using the `:oauth2` strategy, and thus provides all the same
|
|
|
|
configuration options should you need them.
|
|
|
|
|
|
|
|
For more information see the [Github Quick Start Guide](/documentation/tutorials/github-quickstart.md)
|
|
|
|
in our documentation.
|
|
|
|
|
|
|
|
#### Strategy defaults:
|
|
|
|
|
|
|
|
The following defaults are applied:
|
|
|
|
|
|
|
|
* `:site` is set to `"https://api.github.com"`.
|
|
|
|
* `:authorize_url` is set to `"https://github.com/login/oauth/authorize"`.
|
|
|
|
* `:token_url` is set to `"https://github.com/login/oauth/access_token"`.
|
|
|
|
* `:user_url` is set to `"/user"`.
|
|
|
|
* `:user_emails_url` is set to `"/user/emails"`.
|
|
|
|
* `:authorization_params` is set to `[scope: "read:user,user:email"]`.
|
|
|
|
* `:auth_method` is set to `:client_secret_post`.
|
|
|
|
|
|
|
|
|
|
|
|
#### Schema:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* `:name` (`t:atom/0`) - Required. Uniquely identifies the strategy.
|
|
|
|
|
|
|
|
* `:client_id` - Required. The OAuth2 client ID.
|
|
|
|
Takes either a module which implements the `AshAuthentication.Secret`
|
|
|
|
behaviour, a 2 arity anonymous function or a string.
|
|
|
|
See the module documentation for `AshAuthentication.Secret` for more
|
|
|
|
information.
|
|
|
|
|
|
|
|
Example:
|
|
|
|
```elixir
|
|
|
|
client_id fn _, resource ->
|
|
|
|
:my_app
|
|
|
|
|> Application.get_env(resource, [])
|
|
|
|
|> Keyword.fetch(:oauth_client_id)
|
|
|
|
end
|
|
|
|
```
|
|
|
|
|
|
|
|
* `:site` - Required. The base URL of the OAuth2 server - including the leading protocol
|
|
|
|
(ie `https://`).
|
|
|
|
Takes either a module which implements the `AshAuthentication.Secret`
|
|
|
|
behaviour, a 2 arity anonymous function or a string.
|
|
|
|
See the module documentation for `AshAuthentication.Secret` for more
|
|
|
|
information.
|
|
|
|
|
|
|
|
Example:
|
|
|
|
```elixir
|
|
|
|
site fn _, resource ->
|
|
|
|
:my_app
|
|
|
|
|> Application.get_env(resource, [])
|
|
|
|
|> Keyword.fetch(:oauth_site)
|
|
|
|
end
|
|
|
|
```
|
|
|
|
|
|
|
|
* `:auth_method` - The authentication strategy used, optional. If not set, no
|
|
|
|
authentication will be used during the access token request. The
|
|
|
|
value may be one of the following:
|
|
|
|
* `:client_secret_basic`
|
|
|
|
* `:client_secret_post`
|
|
|
|
* `:client_secret_jwt`
|
|
|
|
* `:private_key_jwt`
|
|
|
|
Valid values are nil, :client_secret_basic, :client_secret_post, :client_secret_jwt, :private_key_jwt The default value is `:client_secret_post`.
|
|
|
|
|
|
|
|
* `:client_secret` - The OAuth2 client secret.
|
|
|
|
Required if :auth_method is `:client_secret_basic`,
|
|
|
|
`:client_secret_post` or `:client_secret_jwt`.
|
|
|
|
Takes either a module which implements the `AshAuthentication.Secret`
|
|
|
|
behaviour, a 2 arity anonymous function or a string.
|
|
|
|
See the module documentation for `AshAuthentication.Secret` for more
|
|
|
|
information.
|
|
|
|
|
|
|
|
Example:
|
|
|
|
```elixir
|
|
|
|
site fn _, resource ->
|
|
|
|
:my_app
|
|
|
|
|> Application.get_env(resource, [])
|
|
|
|
|> Keyword.fetch(:oauth_site)
|
|
|
|
end
|
|
|
|
```
|
|
|
|
|
|
|
|
* `:authorize_url` - Required. The API url to the OAuth2 authorize endpoint.
|
|
|
|
Relative to the value of `site`.
|
|
|
|
Takes either a module which implements the `AshAuthentication.Secret`
|
|
|
|
behaviour, a 2 arity anonymous function or a string.
|
|
|
|
See the module documentation for `AshAuthentication.Secret` for more
|
|
|
|
information.
|
|
|
|
|
|
|
|
Example:
|
|
|
|
```elixir
|
|
|
|
authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end
|
|
|
|
```
|
|
|
|
|
|
|
|
* `:token_url` - Required. The API url to access the token endpoint.
|
|
|
|
Relative to the value of `site`.
|
|
|
|
Takes either a module which implements the `AshAuthentication.Secret`
|
|
|
|
behaviour, a 2 arity anonymous function or a string.
|
|
|
|
See the module documentation for `AshAuthentication.Secret` for more
|
|
|
|
information.
|
|
|
|
|
|
|
|
Example:
|
|
|
|
```elixir
|
|
|
|
token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end
|
|
|
|
```
|
|
|
|
|
|
|
|
* `:user_url` - Required. The API url to access the user endpoint.
|
|
|
|
Relative to the value of `site`.
|
|
|
|
Takes either a module which implements the `AshAuthentication.Secret`
|
|
|
|
behaviour, a 2 arity anonymous function or a string.
|
|
|
|
See the module documentation for `AshAuthentication.Secret` for more
|
|
|
|
information.
|
|
|
|
|
|
|
|
Example:
|
|
|
|
```elixir
|
|
|
|
user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end
|
|
|
|
```
|
|
|
|
|
|
|
|
* `:private_key` - The private key to use if `:auth_method` is `:private_key_jwt`
|
|
|
|
Takes either a module which implements the `AshAuthentication.Secret`
|
|
|
|
behaviour, a 2 arity anonymous function or a string.
|
|
|
|
See the module documentation for `AshAuthentication.Secret` for more
|
|
|
|
information.
|
|
|
|
|
|
|
|
* `:redirect_uri` - Required. The callback URI base.
|
|
|
|
Not the whole URI back to the callback endpoint, but the URI to your
|
|
|
|
`AuthPlug`. We can generate the rest.
|
|
|
|
Whilst not particularly secret, it seemed prudent to allow this to be
|
|
|
|
configured dynamically so that you can use different URIs for
|
|
|
|
different environments.
|
|
|
|
Takes either a module which implements the `AshAuthentication.Secret`
|
|
|
|
behaviour, a 2 arity anonymous function or a string.
|
|
|
|
See the module documentation for `AshAuthentication.Secret` for more
|
|
|
|
information.
|
|
|
|
|
|
|
|
* `:authorization_params` (`t:keyword/0`) - Any additional parameters to encode in the request phase.
|
|
|
|
eg: `authorization_params scope: "openid profile email"` The default value is `[]`.
|
|
|
|
|
|
|
|
* `:registration_enabled?` (`t:boolean/0`) - Is registration enabled for this provider?
|
|
|
|
If this option is enabled, then new users will be able to register for
|
|
|
|
your site when authenticating and not already present.
|
|
|
|
If not, then only existing users will be able to authenticate. The default value is `true`.
|
|
|
|
|
|
|
|
* `:register_action_name` (`t:atom/0`) - The name of the action to use to register a user.
|
|
|
|
Only needed if `registration_enabled?` is `true`.
|
|
|
|
Because we we don't know the response format of the server, you must
|
|
|
|
implement your own registration action of the same name.
|
|
|
|
See the "Registration and Sign-in" section of the module
|
|
|
|
documentation for more information.
|
|
|
|
The default is computed from the strategy name eg:
|
|
|
|
`register_with_#{name}`.
|
|
|
|
|
|
|
|
* `:sign_in_action_name` (`t:atom/0`) - The name of the action to use to sign in an existing user.
|
|
|
|
Only needed if `registration_enabled?` is `false`.
|
|
|
|
Because we don't know the response format of the server, you must
|
|
|
|
implement your own sign-in action of the same name.
|
|
|
|
See the "Registration and Sign-in" section of the module
|
|
|
|
documentation for more information.
|
|
|
|
The default is computed from the strategy name, eg:
|
|
|
|
`sign_in_with_#{name}`.
|
|
|
|
|
|
|
|
* `:identity_resource` - The resource used to store user identities.
|
|
|
|
Given that a user can be signed into multiple different
|
|
|
|
authentication providers at once we use the
|
|
|
|
`AshAuthentication.UserIdentity` resource to build a mapping
|
|
|
|
between users, providers and that provider's uid.
|
|
|
|
See the Identities section of the module documentation for more
|
|
|
|
information.
|
|
|
|
Set to `false` to disable. The default value is `false`.
|
|
|
|
|
|
|
|
* `:identity_relationship_name` (`t:atom/0`) - Name of the relationship to the provider identities resource The default value is `:identities`.
|
|
|
|
|
|
|
|
* `:identity_relationship_user_id_attribute` (`t:atom/0`) - The name of the destination (user_id) attribute on your provider
|
|
|
|
identity resource.
|
|
|
|
The only reason to change this would be if you changed the
|
|
|
|
`user_id_attribute_name` option of the provider identity. The default value is `:user_id`.
|
|
|
|
|
|
|
|
* `:icon` (`t:atom/0`) - The name of an icon to use in any potential UI.
|
|
|
|
This is a *hint* for UI generators to use, and not in any way canonical. The default value is `:oauth2`.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## authentication.strategies.github
|
|
|
|
```elixir
|
|
|
|
github name \ :github
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
Provides a pre-configured authentication strategy for [GitHub](https://github.com/).
|
|
|
|
|
|
|
|
This strategy is built using the `:oauth2` strategy, and thus provides all the same
|
|
|
|
configuration options should you need them.
|
|
|
|
|
|
|
|
For more information see the [Github Quick Start Guide](/documentation/tutorials/github-quickstart.md)
|
|
|
|
in our documentation.
|
|
|
|
|
|
|
|
###### Strategy defaults:
|
|
|
|
|
|
|
|
The following defaults are applied:
|
|
|
|
|
|
|
|
* `:site` is set to `"https://api.github.com"`.
|
|
|
|
* `:authorize_url` is set to `"https://github.com/login/oauth/authorize"`.
|
|
|
|
* `:token_url` is set to `"https://github.com/login/oauth/access_token"`.
|
|
|
|
* `:user_url` is set to `"/user"`.
|
|
|
|
* `:user_emails_url` is set to `"/user/emails"`.
|
|
|
|
* `:authorization_params` is set to `[scope: "read:user,user:email"]`.
|
|
|
|
* `:auth_method` is set to `:client_secret_post`.
|
|
|
|
|
|
|
|
|
|
|
|
###### Schema:
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2023-09-27 16:42:46 +13:00
|
|
|
|
2023-09-22 10:20:50 +12:00
|
|
|
### Options
|
2023-09-27 16:42:46 +13:00
|
|
|
|
|
|
|
<table>
|
|
|
|
<thead>
|
|
|
|
<tr>
|
|
|
|
<th>Name</th>
|
|
|
|
<th>Type</th>
|
|
|
|
<th>Default</th>
|
|
|
|
<th colspan=2>Docs</th>
|
|
|
|
</tr>
|
|
|
|
</thead>
|
|
|
|
<tbody>
|
|
|
|
<tr>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<a id="name-name" href="#name-name">
|
|
|
|
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
|
|
|
name
|
|
|
|
</span>
|
|
|
|
</a>
|
|
|
|
<sup style="color: red">*</sup>
|
|
|
|
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<code class="inline">atom</code>
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left" colspan=2>
|
|
|
|
Uniquely identifies the strategy.
|
|
|
|
|
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
|
|
|
|
<tr>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<a id="name-client_id" href="#name-client_id">
|
|
|
|
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
|
|
|
client_id
|
|
|
|
</span>
|
|
|
|
</a>
|
|
|
|
<sup style="color: red">*</sup>
|
|
|
|
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<code class="inline">(any, any -> any) | module | String.t</code>
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left" colspan=2>
|
|
|
|
The OAuth2 client ID.
|
|
|
|
|
|
|
|
Takes either a module which implements the `AshAuthentication.Secret`
|
|
|
|
behaviour, a 2 arity anonymous function or a string.
|
|
|
|
|
|
|
|
See the module documentation for `AshAuthentication.Secret` for more
|
|
|
|
information.
|
|
|
|
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```elixir
|
|
|
|
client_id fn _, resource ->
|
|
|
|
:my_app
|
|
|
|
|> Application.get_env(resource, [])
|
|
|
|
|> Keyword.fetch(:oauth_client_id)
|
|
|
|
end
|
|
|
|
```
|
|
|
|
|
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
|
|
|
|
<tr>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<a id="name-site" href="#name-site">
|
|
|
|
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
|
|
|
site
|
|
|
|
</span>
|
|
|
|
</a>
|
|
|
|
<sup style="color: red">*</sup>
|
|
|
|
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<code class="inline">(any, any -> any) | module | String.t</code>
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left" colspan=2>
|
|
|
|
The base URL of the OAuth2 server - including the leading protocol
|
|
|
|
(ie `https://`).
|
|
|
|
|
|
|
|
Takes either a module which implements the `AshAuthentication.Secret`
|
|
|
|
behaviour, a 2 arity anonymous function or a string.
|
|
|
|
|
|
|
|
See the module documentation for `AshAuthentication.Secret` for more
|
|
|
|
information.
|
|
|
|
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```elixir
|
|
|
|
site fn _, resource ->
|
|
|
|
:my_app
|
|
|
|
|> Application.get_env(resource, [])
|
|
|
|
|> Keyword.fetch(:oauth_site)
|
|
|
|
end
|
|
|
|
```
|
|
|
|
|
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
|
|
|
|
<tr>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<a id="name-authorize_url" href="#name-authorize_url">
|
|
|
|
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
|
|
|
authorize_url
|
|
|
|
</span>
|
|
|
|
</a>
|
|
|
|
<sup style="color: red">*</sup>
|
|
|
|
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<code class="inline">(any, any -> any) | module | String.t</code>
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left" colspan=2>
|
|
|
|
The API url to the OAuth2 authorize endpoint.
|
|
|
|
|
|
|
|
Relative to the value of `site`.
|
|
|
|
|
|
|
|
Takes either a module which implements the `AshAuthentication.Secret`
|
|
|
|
behaviour, a 2 arity anonymous function or a string.
|
|
|
|
|
|
|
|
See the module documentation for `AshAuthentication.Secret` for more
|
|
|
|
information.
|
|
|
|
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```elixir
|
|
|
|
authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end
|
|
|
|
```
|
|
|
|
|
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
|
|
|
|
<tr>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<a id="name-token_url" href="#name-token_url">
|
|
|
|
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
|
|
|
token_url
|
|
|
|
</span>
|
|
|
|
</a>
|
|
|
|
<sup style="color: red">*</sup>
|
|
|
|
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<code class="inline">(any, any -> any) | module | String.t</code>
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left" colspan=2>
|
|
|
|
The API url to access the token endpoint.
|
|
|
|
|
|
|
|
Relative to the value of `site`.
|
|
|
|
|
|
|
|
Takes either a module which implements the `AshAuthentication.Secret`
|
|
|
|
behaviour, a 2 arity anonymous function or a string.
|
|
|
|
|
|
|
|
See the module documentation for `AshAuthentication.Secret` for more
|
|
|
|
information.
|
|
|
|
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```elixir
|
|
|
|
token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end
|
|
|
|
```
|
|
|
|
|
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
|
|
|
|
<tr>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<a id="name-user_url" href="#name-user_url">
|
|
|
|
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
|
|
|
user_url
|
|
|
|
</span>
|
|
|
|
</a>
|
|
|
|
<sup style="color: red">*</sup>
|
|
|
|
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<code class="inline">(any, any -> any) | module | String.t</code>
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left" colspan=2>
|
|
|
|
The API url to access the user endpoint.
|
|
|
|
|
|
|
|
Relative to the value of `site`.
|
|
|
|
|
|
|
|
Takes either a module which implements the `AshAuthentication.Secret`
|
|
|
|
behaviour, a 2 arity anonymous function or a string.
|
|
|
|
|
|
|
|
See the module documentation for `AshAuthentication.Secret` for more
|
|
|
|
information.
|
|
|
|
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```elixir
|
|
|
|
user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end
|
|
|
|
```
|
|
|
|
|
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
|
|
|
|
<tr>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<a id="name-redirect_uri" href="#name-redirect_uri">
|
|
|
|
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
|
|
|
redirect_uri
|
|
|
|
</span>
|
|
|
|
</a>
|
|
|
|
<sup style="color: red">*</sup>
|
|
|
|
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<code class="inline">(any, any -> any) | module | String.t</code>
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left" colspan=2>
|
|
|
|
The callback URI base.
|
|
|
|
|
|
|
|
Not the whole URI back to the callback endpoint, but the URI to your
|
|
|
|
`AuthPlug`. We can generate the rest.
|
|
|
|
|
|
|
|
Whilst not particularly secret, it seemed prudent to allow this to be
|
|
|
|
configured dynamically so that you can use different URIs for
|
|
|
|
different environments.
|
|
|
|
|
|
|
|
Takes either a module which implements the `AshAuthentication.Secret`
|
|
|
|
behaviour, a 2 arity anonymous function or a string.
|
|
|
|
|
|
|
|
See the module documentation for `AshAuthentication.Secret` for more
|
|
|
|
information.
|
|
|
|
|
|
|
|
|
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
|
|
|
|
<tr>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<a id="name-auth_method" href="#name-auth_method">
|
|
|
|
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
|
|
|
auth_method
|
|
|
|
</span>
|
|
|
|
</a>
|
|
|
|
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<code class="inline">nil | :client_secret_basic | :client_secret_post | :client_secret_jwt | :private_key_jwt</code>
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<code class="inline">:client_secret_post</code>
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left" colspan=2>
|
|
|
|
The authentication strategy used, optional. If not set, no
|
|
|
|
authentication will be used during the access token request. The
|
|
|
|
value may be one of the following:
|
|
|
|
|
|
|
|
* `:client_secret_basic`
|
|
|
|
* `:client_secret_post`
|
|
|
|
* `:client_secret_jwt`
|
|
|
|
* `:private_key_jwt`
|
|
|
|
|
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
|
|
|
|
<tr>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<a id="name-client_secret" href="#name-client_secret">
|
|
|
|
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
|
|
|
client_secret
|
|
|
|
</span>
|
|
|
|
</a>
|
|
|
|
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<code class="inline">(any, any -> any) | module | String.t</code>
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left" colspan=2>
|
|
|
|
The OAuth2 client secret.
|
|
|
|
|
|
|
|
Required if :auth_method is `:client_secret_basic`,
|
|
|
|
`:client_secret_post` or `:client_secret_jwt`.
|
|
|
|
|
|
|
|
Takes either a module which implements the `AshAuthentication.Secret`
|
|
|
|
behaviour, a 2 arity anonymous function or a string.
|
|
|
|
|
|
|
|
See the module documentation for `AshAuthentication.Secret` for more
|
|
|
|
information.
|
|
|
|
|
|
|
|
|
|
|
|
Example:
|
|
|
|
|
|
|
|
```elixir
|
|
|
|
site fn _, resource ->
|
|
|
|
:my_app
|
|
|
|
|> Application.get_env(resource, [])
|
|
|
|
|> Keyword.fetch(:oauth_site)
|
|
|
|
end
|
|
|
|
```
|
|
|
|
|
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
|
|
|
|
<tr>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<a id="name-private_key" href="#name-private_key">
|
|
|
|
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
|
|
|
private_key
|
|
|
|
</span>
|
|
|
|
</a>
|
|
|
|
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<code class="inline">(any, any -> any) | module | String.t</code>
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left" colspan=2>
|
|
|
|
The private key to use if `:auth_method` is `:private_key_jwt`
|
|
|
|
|
|
|
|
Takes either a module which implements the `AshAuthentication.Secret`
|
|
|
|
behaviour, a 2 arity anonymous function or a string.
|
|
|
|
|
|
|
|
See the module documentation for `AshAuthentication.Secret` for more
|
|
|
|
information.
|
|
|
|
|
|
|
|
|
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
|
|
|
|
<tr>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<a id="name-authorization_params" href="#name-authorization_params">
|
|
|
|
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
|
|
|
authorization_params
|
|
|
|
</span>
|
|
|
|
</a>
|
|
|
|
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<code class="inline">Keyword.t</code>
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<code class="inline">[]</code>
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left" colspan=2>
|
|
|
|
Any additional parameters to encode in the request phase.
|
|
|
|
|
|
|
|
eg: `authorization_params scope: "openid profile email"`
|
|
|
|
|
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
|
|
|
|
<tr>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<a id="name-registration_enabled?" href="#name-registration_enabled?">
|
|
|
|
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
|
|
|
registration_enabled?
|
|
|
|
</span>
|
|
|
|
</a>
|
|
|
|
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<code class="inline">boolean</code>
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<code class="inline">true</code>
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left" colspan=2>
|
|
|
|
Is registration enabled for this provider?
|
|
|
|
|
|
|
|
If this option is enabled, then new users will be able to register for
|
|
|
|
your site when authenticating and not already present.
|
|
|
|
|
|
|
|
If not, then only existing users will be able to authenticate.
|
|
|
|
|
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
|
|
|
|
<tr>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<a id="name-register_action_name" href="#name-register_action_name">
|
|
|
|
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
|
|
|
register_action_name
|
|
|
|
</span>
|
|
|
|
</a>
|
|
|
|
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<code class="inline">atom</code>
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left" colspan=2>
|
|
|
|
The name of the action to use to register a user.
|
|
|
|
|
|
|
|
Only needed if `registration_enabled?` is `true`.
|
|
|
|
|
|
|
|
Because we we don't know the response format of the server, you must
|
|
|
|
implement your own registration action of the same name.
|
|
|
|
|
|
|
|
See the "Registration and Sign-in" section of the module
|
|
|
|
documentation for more information.
|
|
|
|
|
|
|
|
The default is computed from the strategy name eg:
|
|
|
|
`register_with_#{name}`.
|
|
|
|
|
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
|
|
|
|
<tr>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<a id="name-sign_in_action_name" href="#name-sign_in_action_name">
|
|
|
|
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
|
|
|
sign_in_action_name
|
|
|
|
</span>
|
|
|
|
</a>
|
|
|
|
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<code class="inline">atom</code>
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left" colspan=2>
|
|
|
|
The name of the action to use to sign in an existing user.
|
|
|
|
|
|
|
|
Only needed if `registration_enabled?` is `false`.
|
|
|
|
|
|
|
|
Because we don't know the response format of the server, you must
|
|
|
|
implement your own sign-in action of the same name.
|
|
|
|
|
|
|
|
See the "Registration and Sign-in" section of the module
|
|
|
|
documentation for more information.
|
|
|
|
|
|
|
|
The default is computed from the strategy name, eg:
|
|
|
|
`sign_in_with_#{name}`.
|
|
|
|
|
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
|
|
|
|
<tr>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<a id="name-identity_resource" href="#name-identity_resource">
|
|
|
|
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
|
|
|
identity_resource
|
|
|
|
</span>
|
|
|
|
</a>
|
|
|
|
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<code class="inline">module | false</code>
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<code class="inline">false</code>
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left" colspan=2>
|
|
|
|
The resource used to store user identities.
|
|
|
|
|
|
|
|
Given that a user can be signed into multiple different
|
|
|
|
authentication providers at once we use the
|
|
|
|
`AshAuthentication.UserIdentity` resource to build a mapping
|
|
|
|
between users, providers and that provider's uid.
|
|
|
|
|
|
|
|
See the Identities section of the module documentation for more
|
|
|
|
information.
|
|
|
|
|
|
|
|
Set to `false` to disable.
|
|
|
|
|
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
|
|
|
|
<tr>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<a id="name-identity_relationship_name" href="#name-identity_relationship_name">
|
|
|
|
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
|
|
|
identity_relationship_name
|
|
|
|
</span>
|
|
|
|
</a>
|
|
|
|
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<code class="inline">atom</code>
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<code class="inline">:identities</code>
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left" colspan=2>
|
|
|
|
Name of the relationship to the provider identities resource
|
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
|
|
|
|
<tr>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<a id="name-identity_relationship_user_id_attribute" href="#name-identity_relationship_user_id_attribute">
|
|
|
|
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
|
|
|
identity_relationship_user_id_attribute
|
|
|
|
</span>
|
|
|
|
</a>
|
|
|
|
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<code class="inline">atom</code>
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<code class="inline">:user_id</code>
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left" colspan=2>
|
|
|
|
The name of the destination (user_id) attribute on your provider
|
|
|
|
identity resource.
|
|
|
|
|
|
|
|
The only reason to change this would be if you changed the
|
|
|
|
`user_id_attribute_name` option of the provider identity.
|
|
|
|
|
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
|
|
|
|
<tr>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<a id="name-icon" href="#name-icon">
|
|
|
|
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
|
|
|
icon
|
|
|
|
</span>
|
|
|
|
</a>
|
|
|
|
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<code class="inline">atom</code>
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left">
|
|
|
|
<code class="inline">:oauth2</code>
|
|
|
|
</td>
|
|
|
|
<td style="text-align: left" colspan=2>
|
|
|
|
The name of an icon to use in any potential UI.
|
|
|
|
|
|
|
|
This is a *hint* for UI generators to use, and not in any way canonical.
|
|
|
|
|
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
|
|
|
|
</tbody>
|
|
|
|
</table>
|
2023-09-22 10:20:50 +12:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
### Introspection
|
|
|
|
|
|
|
|
Target: `AshAuthentication.Strategy.OAuth2`
|
|
|
|
|
|
|
|
|