* `:request_password_reset_action_name` (`t:atom/0`) - The name to use for the action which generates a password reset token.
If not present it will be generated by prepending the strategy name
with `request_password_reset_with_`.
* `:password_reset_action_name` (`t:atom/0`) - The name to use for the action which actually resets the user's
password.
If not present it will be generated by prepending the strategy name
with `password_reset_with_`.
* `:sender` - Required. How to send the password reset instructions to the user.
Allows you to glue sending of reset instructions to [swoosh](https://hex.pm/packages/swoosh), [ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification system is appropriate for your application.
Accepts a module, module and opts, or a function that takes a record, reset token and options.
See `AshAuthentication.Sender` for more information.
## authentication.strategies.password
```elixir
password name \ :password
```
Strategy for authenticating using local resources as the source of truth.
| `identity_field` | `atom` | `:username` | The name of the attribute which uniquely identifies the user. Usually something like `username` or `email_address`. |
| `hashed_password_field` | `atom` | `:hashed_password` | The name of the attribute within which to store the user's password once it has been hashed. |
| `hash_provider` | `module` | `AshAuthentication.BcryptProvider` | A module which implements the `AshAuthentication.HashProvider` behaviour. Used to provide cryptographic hashing of passwords. |
| `confirmation_required?` | `boolean` | `true` | Whether a password confirmation field is required when registering or changing passwords. |
| `register_action_accept` | `list(atom)` | `[]` | A list of additional fields to be accepted in the register action. |
| `password_field` | `atom` | `:password` | The name of the argument used to collect the user's password in plaintext when registering, checking or changing passwords. |
| `password_confirmation_field` | `atom` | `:password_confirmation` | The name of the argument used to confirm the user's password in plaintext when registering or changing passwords. |
| `register_action_name` | `atom` | | The name to use for the register action. If not present it will be generated by prepending the strategy name with `register_with_`. |
| `registration_enabled?` | `boolean` | `true` | If you do not want new users to be able to register using this strategy, set this to false. |
| `sign_in_action_name` | `atom` | | The name to use for the sign in action. If not present it will be generated by prepending the strategy name with `sign_in_with_`. |
| `sign_in_enabled?` | `boolean` | `true` | If you do not want new users to be able to sign in using this strategy, set this to false. |
| `sign_in_tokens_enabled?` | `boolean` | `false` | Whether or not to support generating short lived sign in tokens. Requires the resource to have tokens enabled. There is no drawback to supporting this, and in the future this default will change from `false` to `true`. Sign in tokens can be generated on request by setting the `:token_type` context to `:sign_in` when calling the sign in action. You might do this when you need to generate a short lived token to be exchanged for a real token using the `validate_sign_in_token` route. This is used, for example, by `ash_authentication_phoenix` (since 1.7) to support signing in in a liveview, and then redirecting with a valid token to a controller action, allowing the liveview to show invalid username/password errors. |
| `sign_in_token_lifetime` | `pos_integer \| {pos_integer, :days \| :hours \| :minutes \| :seconds}` | `{60, :seconds}` | A lifetime for which a generated sign in token will be valid, if `sign_in_tokens_enabled?`. If no unit is specified, defaults to `:seconds`. |
| `sender`* | `(any, any, any -> any) \| module` | | How to send the password reset instructions to the user. Allows you to glue sending of reset instructions to [swoosh](https://hex.pm/packages/swoosh), [ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification system is appropriate for your application. Accepts a module, module and opts, or a function that takes a record, reset token and options. See `AshAuthentication.Sender` for more information. |
| `token_lifetime` | `pos_integer \| {pos_integer, :days \| :hours \| :minutes \| :seconds}` | `{3, :days}` | How long should the reset token be valid. If no unit is provided `:hours` is assumed. Defaults to 3 days. |
| `request_password_reset_action_name` | `atom` | | The name to use for the action which generates a password reset token. If not present it will be generated by prepending the strategy name with `request_password_reset_with_`. |
| `password_reset_action_name` | `atom` | | The name to use for the action which actually resets the user's password. If not present it will be generated by prepending the strategy name with `password_reset_with_`. |