mirror of
https://github.com/team-alembic/ash_authentication.git
synced 2024-09-19 12:52:55 +12:00
feat: Add Google strategy (#474)
* feat: Add Google strategy * fix: include Google strategy cheat sheet * fix: Add documentation grouping for Google strategy * chore: update formatter. --------- Co-authored-by: James Harton <james@harton.nz>
This commit is contained in:
parent
0ff23b9acc
commit
a4f68eb9e0
6 changed files with 940 additions and 0 deletions
|
@ -29,6 +29,9 @@ spark_locals_without_parens = [
|
|||
github: 0,
|
||||
github: 1,
|
||||
github: 2,
|
||||
google: 0,
|
||||
google: 1,
|
||||
google: 2,
|
||||
hash_provider: 1,
|
||||
hashed_password_field: 1,
|
||||
icon: 1,
|
||||
|
|
|
@ -0,0 +1,841 @@
|
|||
<!--
|
||||
This file was generated by Spark. Do not edit it by hand.
|
||||
-->
|
||||
# DSL: AshAuthentication.Strategy.Google
|
||||
|
||||
Strategy for authenticating using [Google](https://google.com)
|
||||
|
||||
This strategy builds on-top of `AshAuthentication.Strategy.OAuth2` and
|
||||
[`assent`](https://hex.pm/packages/assent).
|
||||
|
||||
In order to use Google you need to provide the following minimum configuration:
|
||||
|
||||
- `client_id`
|
||||
- `redirect_uri`
|
||||
- `client_secret`
|
||||
- `site`
|
||||
|
||||
See the [Google OAuth 2.0 Overview](https://developers.google.com/identity/protocols/oauth2)
|
||||
for Google setup details.
|
||||
|
||||
## DSL Documentation
|
||||
|
||||
Provides a pre-configured authentication strategy for [Google](https://google.com/).
|
||||
|
||||
This strategy is built using the `:oauth2` strategy, and thus provides all the same
|
||||
configuration options should you need them.
|
||||
|
||||
See the [Google OAuth 2.0 Overview](https://developers.google.com/identity/protocols/oauth2)
|
||||
for Google setup details.
|
||||
|
||||
#### Strategy defaults:
|
||||
|
||||
The following defaults are applied:
|
||||
|
||||
* `:site` is set to `"https://www.googleapis.com"`.
|
||||
* `:authorize_url` is set to `"https://accounts.google.com/o/oauth2/v2/auth"`.
|
||||
* `:token_url` is set to `"/oauth2/v4/token"`.
|
||||
* `:user_url` is set to `"/oauth2/v3/userinfo"`.
|
||||
* `:authorization_params` is set to `[scope: "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"]`.
|
||||
* `:auth_method` is set to `:client_secret_post`.
|
||||
|
||||
|
||||
#### Schema:
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
* `:name` (`t:atom/0`) - Required. Uniquely identifies the strategy.
|
||||
|
||||
* `:client_id` - Required. The OAuth2 client ID.
|
||||
Takes either a module which implements the `AshAuthentication.Secret`
|
||||
behaviour, a 2 arity anonymous function or a string.
|
||||
See the module documentation for `AshAuthentication.Secret` for more
|
||||
information.
|
||||
|
||||
Example:
|
||||
```elixir
|
||||
client_id fn _, resource ->
|
||||
:my_app
|
||||
|> Application.get_env(resource, [])
|
||||
|> Keyword.fetch(:oauth_client_id)
|
||||
end
|
||||
```
|
||||
|
||||
* `:site` - Required. The base URL of the OAuth2 server - including the leading protocol
|
||||
(ie `https://`).
|
||||
Takes either a module which implements the `AshAuthentication.Secret`
|
||||
behaviour, a 2 arity anonymous function or a string.
|
||||
See the module documentation for `AshAuthentication.Secret` for more
|
||||
information.
|
||||
|
||||
Example:
|
||||
```elixir
|
||||
site fn _, resource ->
|
||||
:my_app
|
||||
|> Application.get_env(resource, [])
|
||||
|> Keyword.fetch(:oauth_site)
|
||||
end
|
||||
```
|
||||
|
||||
* `:auth_method` - The authentication strategy used, optional. If not set, no
|
||||
authentication will be used during the access token request. The
|
||||
value may be one of the following:
|
||||
* `:client_secret_basic`
|
||||
* `:client_secret_post`
|
||||
* `:client_secret_jwt`
|
||||
* `:private_key_jwt`
|
||||
Valid values are nil, :client_secret_basic, :client_secret_post, :client_secret_jwt, :private_key_jwt The default value is `:client_secret_post`.
|
||||
|
||||
* `:client_secret` - The OAuth2 client secret.
|
||||
Required if :auth_method is `:client_secret_basic`,
|
||||
`:client_secret_post` or `:client_secret_jwt`.
|
||||
Takes either a module which implements the `AshAuthentication.Secret`
|
||||
behaviour, a 2 arity anonymous function or a string.
|
||||
See the module documentation for `AshAuthentication.Secret` for more
|
||||
information.
|
||||
|
||||
Example:
|
||||
```elixir
|
||||
site fn _, resource ->
|
||||
:my_app
|
||||
|> Application.get_env(resource, [])
|
||||
|> Keyword.fetch(:oauth_site)
|
||||
end
|
||||
```
|
||||
|
||||
* `:authorize_url` - Required. The API url to the OAuth2 authorize endpoint.
|
||||
Relative to the value of `site`.
|
||||
Takes either a module which implements the `AshAuthentication.Secret`
|
||||
behaviour, a 2 arity anonymous function or a string.
|
||||
See the module documentation for `AshAuthentication.Secret` for more
|
||||
information.
|
||||
|
||||
Example:
|
||||
```elixir
|
||||
authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end
|
||||
```
|
||||
|
||||
* `:token_url` - Required. The API url to access the token endpoint.
|
||||
Relative to the value of `site`.
|
||||
Takes either a module which implements the `AshAuthentication.Secret`
|
||||
behaviour, a 2 arity anonymous function or a string.
|
||||
See the module documentation for `AshAuthentication.Secret` for more
|
||||
information.
|
||||
|
||||
Example:
|
||||
```elixir
|
||||
token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end
|
||||
```
|
||||
|
||||
* `:user_url` - Required. The API url to access the user endpoint.
|
||||
Relative to the value of `site`.
|
||||
Takes either a module which implements the `AshAuthentication.Secret`
|
||||
behaviour, a 2 arity anonymous function or a string.
|
||||
See the module documentation for `AshAuthentication.Secret` for more
|
||||
information.
|
||||
|
||||
Example:
|
||||
```elixir
|
||||
user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end
|
||||
```
|
||||
|
||||
* `:private_key` - The private key to use if `:auth_method` is `:private_key_jwt`
|
||||
Takes either a module which implements the `AshAuthentication.Secret`
|
||||
behaviour, a 2 arity anonymous function or a string.
|
||||
See the module documentation for `AshAuthentication.Secret` for more
|
||||
information.
|
||||
|
||||
* `:redirect_uri` - Required. The callback URI base.
|
||||
Not the whole URI back to the callback endpoint, but the URI to your
|
||||
`AuthPlug`. We can generate the rest.
|
||||
Whilst not particularly secret, it seemed prudent to allow this to be
|
||||
configured dynamically so that you can use different URIs for
|
||||
different environments.
|
||||
Takes either a module which implements the `AshAuthentication.Secret`
|
||||
behaviour, a 2 arity anonymous function or a string.
|
||||
See the module documentation for `AshAuthentication.Secret` for more
|
||||
information.
|
||||
|
||||
* `:authorization_params` (`t:keyword/0`) - Any additional parameters to encode in the request phase.
|
||||
eg: `authorization_params scope: "openid profile email"` The default value is `[]`.
|
||||
|
||||
* `:registration_enabled?` (`t:boolean/0`) - Is registration enabled for this provider?
|
||||
If this option is enabled, then new users will be able to register for
|
||||
your site when authenticating and not already present.
|
||||
If not, then only existing users will be able to authenticate. The default value is `true`.
|
||||
|
||||
* `:register_action_name` (`t:atom/0`) - The name of the action to use to register a user.
|
||||
Only needed if `registration_enabled?` is `true`.
|
||||
Because we we don't know the response format of the server, you must
|
||||
implement your own registration action of the same name.
|
||||
See the "Registration and Sign-in" section of the module
|
||||
documentation for more information.
|
||||
The default is computed from the strategy name eg:
|
||||
`register_with_#{name}`.
|
||||
|
||||
* `:sign_in_action_name` (`t:atom/0`) - The name of the action to use to sign in an existing user.
|
||||
Only needed if `registration_enabled?` is `false`.
|
||||
Because we don't know the response format of the server, you must
|
||||
implement your own sign-in action of the same name.
|
||||
See the "Registration and Sign-in" section of the module
|
||||
documentation for more information.
|
||||
The default is computed from the strategy name, eg:
|
||||
`sign_in_with_#{name}`.
|
||||
|
||||
* `:identity_resource` - The resource used to store user identities.
|
||||
Given that a user can be signed into multiple different
|
||||
authentication providers at once we use the
|
||||
`AshAuthentication.UserIdentity` resource to build a mapping
|
||||
between users, providers and that provider's uid.
|
||||
See the Identities section of the module documentation for more
|
||||
information.
|
||||
Set to `false` to disable. The default value is `false`.
|
||||
|
||||
* `:identity_relationship_name` (`t:atom/0`) - Name of the relationship to the provider identities resource The default value is `:identities`.
|
||||
|
||||
* `:identity_relationship_user_id_attribute` (`t:atom/0`) - The name of the destination (user_id) attribute on your provider
|
||||
identity resource.
|
||||
The only reason to change this would be if you changed the
|
||||
`user_id_attribute_name` option of the provider identity. The default value is `:user_id`.
|
||||
|
||||
* `:icon` (`t:atom/0`) - The name of an icon to use in any potential UI.
|
||||
This is a *hint* for UI generators to use, and not in any way canonical. The default value is `:oauth2`.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## authentication.strategies.google
|
||||
```elixir
|
||||
google name \ :google
|
||||
```
|
||||
|
||||
|
||||
Provides a pre-configured authentication strategy for [Google](https://google.com/).
|
||||
|
||||
This strategy is built using the `:oauth2` strategy, and thus provides all the same
|
||||
configuration options should you need them.
|
||||
|
||||
See the [Google OAuth 2.0 Overview](https://developers.google.com/identity/protocols/oauth2)
|
||||
for Google setup details.
|
||||
|
||||
###### Strategy defaults:
|
||||
|
||||
The following defaults are applied:
|
||||
|
||||
* `:site` is set to `"https://www.googleapis.com"`.
|
||||
* `:authorize_url` is set to `"https://accounts.google.com/o/oauth2/v2/auth"`.
|
||||
* `:token_url` is set to `"/oauth2/v4/token"`.
|
||||
* `:user_url` is set to `"/oauth2/v3/userinfo"`.
|
||||
* `:authorization_params` is set to `[scope: "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"]`.
|
||||
* `:auth_method` is set to `:client_secret_post`.
|
||||
|
||||
|
||||
###### Schema:
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Arguments
|
||||
|
||||
<table>
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Name</th>
|
||||
<th>Type</th>
|
||||
<th>Default</th>
|
||||
<th colspan=2>Docs</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="text-align: left">
|
||||
<a id="authentication-strategies-google-name" href="#authentication-strategies-google-name">
|
||||
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
||||
name
|
||||
</span>
|
||||
</a>
|
||||
<sup style="color: red">*</sup>
|
||||
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
<code class="inline">atom</code>
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
|
||||
</td>
|
||||
<td style="text-align: left" colspan=2>
|
||||
Uniquely identifies the strategy.
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
</tbody>
|
||||
</table>
|
||||
### Options
|
||||
|
||||
<table>
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Name</th>
|
||||
<th>Type</th>
|
||||
<th>Default</th>
|
||||
<th colspan=2>Docs</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
<tr>
|
||||
<td style="text-align: left">
|
||||
<a id="authentication-strategies-google-client_id" href="#authentication-strategies-google-client_id">
|
||||
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
||||
client_id
|
||||
</span>
|
||||
</a>
|
||||
<sup style="color: red">*</sup>
|
||||
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
<code class="inline">(any, any -> any) | module | String.t</code>
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
|
||||
</td>
|
||||
<td style="text-align: left" colspan=2>
|
||||
The OAuth2 client ID.
|
||||
|
||||
Takes either a module which implements the `AshAuthentication.Secret`
|
||||
behaviour, a 2 arity anonymous function or a string.
|
||||
|
||||
See the module documentation for `AshAuthentication.Secret` for more
|
||||
information.
|
||||
|
||||
|
||||
Example:
|
||||
|
||||
```elixir
|
||||
client_id fn _, resource ->
|
||||
:my_app
|
||||
|> Application.get_env(resource, [])
|
||||
|> Keyword.fetch(:oauth_client_id)
|
||||
end
|
||||
```
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style="text-align: left">
|
||||
<a id="authentication-strategies-google-site" href="#authentication-strategies-google-site">
|
||||
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
||||
site
|
||||
</span>
|
||||
</a>
|
||||
<sup style="color: red">*</sup>
|
||||
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
<code class="inline">(any, any -> any) | module | String.t</code>
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
|
||||
</td>
|
||||
<td style="text-align: left" colspan=2>
|
||||
The base URL of the OAuth2 server - including the leading protocol
|
||||
(ie `https://`).
|
||||
|
||||
Takes either a module which implements the `AshAuthentication.Secret`
|
||||
behaviour, a 2 arity anonymous function or a string.
|
||||
|
||||
See the module documentation for `AshAuthentication.Secret` for more
|
||||
information.
|
||||
|
||||
|
||||
Example:
|
||||
|
||||
```elixir
|
||||
site fn _, resource ->
|
||||
:my_app
|
||||
|> Application.get_env(resource, [])
|
||||
|> Keyword.fetch(:oauth_site)
|
||||
end
|
||||
```
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style="text-align: left">
|
||||
<a id="authentication-strategies-google-authorize_url" href="#authentication-strategies-google-authorize_url">
|
||||
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
||||
authorize_url
|
||||
</span>
|
||||
</a>
|
||||
<sup style="color: red">*</sup>
|
||||
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
<code class="inline">(any, any -> any) | module | String.t</code>
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
|
||||
</td>
|
||||
<td style="text-align: left" colspan=2>
|
||||
The API url to the OAuth2 authorize endpoint.
|
||||
|
||||
Relative to the value of `site`.
|
||||
|
||||
Takes either a module which implements the `AshAuthentication.Secret`
|
||||
behaviour, a 2 arity anonymous function or a string.
|
||||
|
||||
See the module documentation for `AshAuthentication.Secret` for more
|
||||
information.
|
||||
|
||||
|
||||
Example:
|
||||
|
||||
```elixir
|
||||
authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end
|
||||
```
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style="text-align: left">
|
||||
<a id="authentication-strategies-google-token_url" href="#authentication-strategies-google-token_url">
|
||||
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
||||
token_url
|
||||
</span>
|
||||
</a>
|
||||
<sup style="color: red">*</sup>
|
||||
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
<code class="inline">(any, any -> any) | module | String.t</code>
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
|
||||
</td>
|
||||
<td style="text-align: left" colspan=2>
|
||||
The API url to access the token endpoint.
|
||||
|
||||
Relative to the value of `site`.
|
||||
|
||||
Takes either a module which implements the `AshAuthentication.Secret`
|
||||
behaviour, a 2 arity anonymous function or a string.
|
||||
|
||||
See the module documentation for `AshAuthentication.Secret` for more
|
||||
information.
|
||||
|
||||
|
||||
Example:
|
||||
|
||||
```elixir
|
||||
token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end
|
||||
```
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style="text-align: left">
|
||||
<a id="authentication-strategies-google-user_url" href="#authentication-strategies-google-user_url">
|
||||
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
||||
user_url
|
||||
</span>
|
||||
</a>
|
||||
<sup style="color: red">*</sup>
|
||||
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
<code class="inline">(any, any -> any) | module | String.t</code>
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
|
||||
</td>
|
||||
<td style="text-align: left" colspan=2>
|
||||
The API url to access the user endpoint.
|
||||
|
||||
Relative to the value of `site`.
|
||||
|
||||
Takes either a module which implements the `AshAuthentication.Secret`
|
||||
behaviour, a 2 arity anonymous function or a string.
|
||||
|
||||
See the module documentation for `AshAuthentication.Secret` for more
|
||||
information.
|
||||
|
||||
|
||||
Example:
|
||||
|
||||
```elixir
|
||||
user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end
|
||||
```
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style="text-align: left">
|
||||
<a id="authentication-strategies-google-redirect_uri" href="#authentication-strategies-google-redirect_uri">
|
||||
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
||||
redirect_uri
|
||||
</span>
|
||||
</a>
|
||||
<sup style="color: red">*</sup>
|
||||
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
<code class="inline">(any, any -> any) | module | String.t</code>
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
|
||||
</td>
|
||||
<td style="text-align: left" colspan=2>
|
||||
The callback URI base.
|
||||
|
||||
Not the whole URI back to the callback endpoint, but the URI to your
|
||||
`AuthPlug`. We can generate the rest.
|
||||
|
||||
Whilst not particularly secret, it seemed prudent to allow this to be
|
||||
configured dynamically so that you can use different URIs for
|
||||
different environments.
|
||||
|
||||
Takes either a module which implements the `AshAuthentication.Secret`
|
||||
behaviour, a 2 arity anonymous function or a string.
|
||||
|
||||
See the module documentation for `AshAuthentication.Secret` for more
|
||||
information.
|
||||
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style="text-align: left">
|
||||
<a id="authentication-strategies-google-auth_method" href="#authentication-strategies-google-auth_method">
|
||||
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
||||
auth_method
|
||||
</span>
|
||||
</a>
|
||||
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
<code class="inline">nil | :client_secret_basic | :client_secret_post | :client_secret_jwt | :private_key_jwt</code>
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
<code class="inline">:client_secret_post</code>
|
||||
</td>
|
||||
<td style="text-align: left" colspan=2>
|
||||
The authentication strategy used, optional. If not set, no
|
||||
authentication will be used during the access token request. The
|
||||
value may be one of the following:
|
||||
|
||||
* `:client_secret_basic`
|
||||
* `:client_secret_post`
|
||||
* `:client_secret_jwt`
|
||||
* `:private_key_jwt`
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style="text-align: left">
|
||||
<a id="authentication-strategies-google-client_secret" href="#authentication-strategies-google-client_secret">
|
||||
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
||||
client_secret
|
||||
</span>
|
||||
</a>
|
||||
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
<code class="inline">(any, any -> any) | module | String.t</code>
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
|
||||
</td>
|
||||
<td style="text-align: left" colspan=2>
|
||||
The OAuth2 client secret.
|
||||
|
||||
Required if :auth_method is `:client_secret_basic`,
|
||||
`:client_secret_post` or `:client_secret_jwt`.
|
||||
|
||||
Takes either a module which implements the `AshAuthentication.Secret`
|
||||
behaviour, a 2 arity anonymous function or a string.
|
||||
|
||||
See the module documentation for `AshAuthentication.Secret` for more
|
||||
information.
|
||||
|
||||
|
||||
Example:
|
||||
|
||||
```elixir
|
||||
site fn _, resource ->
|
||||
:my_app
|
||||
|> Application.get_env(resource, [])
|
||||
|> Keyword.fetch(:oauth_site)
|
||||
end
|
||||
```
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style="text-align: left">
|
||||
<a id="authentication-strategies-google-private_key" href="#authentication-strategies-google-private_key">
|
||||
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
||||
private_key
|
||||
</span>
|
||||
</a>
|
||||
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
<code class="inline">(any, any -> any) | module | String.t</code>
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
|
||||
</td>
|
||||
<td style="text-align: left" colspan=2>
|
||||
The private key to use if `:auth_method` is `:private_key_jwt`
|
||||
|
||||
Takes either a module which implements the `AshAuthentication.Secret`
|
||||
behaviour, a 2 arity anonymous function or a string.
|
||||
|
||||
See the module documentation for `AshAuthentication.Secret` for more
|
||||
information.
|
||||
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style="text-align: left">
|
||||
<a id="authentication-strategies-google-authorization_params" href="#authentication-strategies-google-authorization_params">
|
||||
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
||||
authorization_params
|
||||
</span>
|
||||
</a>
|
||||
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
<code class="inline">Keyword.t</code>
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
<code class="inline">[]</code>
|
||||
</td>
|
||||
<td style="text-align: left" colspan=2>
|
||||
Any additional parameters to encode in the request phase.
|
||||
|
||||
eg: `authorization_params scope: "openid profile email"`
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style="text-align: left">
|
||||
<a id="authentication-strategies-google-registration_enabled?" href="#authentication-strategies-google-registration_enabled?">
|
||||
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
||||
registration_enabled?
|
||||
</span>
|
||||
</a>
|
||||
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
<code class="inline">boolean</code>
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
<code class="inline">true</code>
|
||||
</td>
|
||||
<td style="text-align: left" colspan=2>
|
||||
Is registration enabled for this provider?
|
||||
|
||||
If this option is enabled, then new users will be able to register for
|
||||
your site when authenticating and not already present.
|
||||
|
||||
If not, then only existing users will be able to authenticate.
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style="text-align: left">
|
||||
<a id="authentication-strategies-google-register_action_name" href="#authentication-strategies-google-register_action_name">
|
||||
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
||||
register_action_name
|
||||
</span>
|
||||
</a>
|
||||
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
<code class="inline">atom</code>
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
|
||||
</td>
|
||||
<td style="text-align: left" colspan=2>
|
||||
The name of the action to use to register a user.
|
||||
|
||||
Only needed if `registration_enabled?` is `true`.
|
||||
|
||||
Because we we don't know the response format of the server, you must
|
||||
implement your own registration action of the same name.
|
||||
|
||||
See the "Registration and Sign-in" section of the module
|
||||
documentation for more information.
|
||||
|
||||
The default is computed from the strategy name eg:
|
||||
`register_with_#{name}`.
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style="text-align: left">
|
||||
<a id="authentication-strategies-google-sign_in_action_name" href="#authentication-strategies-google-sign_in_action_name">
|
||||
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
||||
sign_in_action_name
|
||||
</span>
|
||||
</a>
|
||||
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
<code class="inline">atom</code>
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
|
||||
</td>
|
||||
<td style="text-align: left" colspan=2>
|
||||
The name of the action to use to sign in an existing user.
|
||||
|
||||
Only needed if `registration_enabled?` is `false`.
|
||||
|
||||
Because we don't know the response format of the server, you must
|
||||
implement your own sign-in action of the same name.
|
||||
|
||||
See the "Registration and Sign-in" section of the module
|
||||
documentation for more information.
|
||||
|
||||
The default is computed from the strategy name, eg:
|
||||
`sign_in_with_#{name}`.
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style="text-align: left">
|
||||
<a id="authentication-strategies-google-identity_resource" href="#authentication-strategies-google-identity_resource">
|
||||
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
||||
identity_resource
|
||||
</span>
|
||||
</a>
|
||||
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
<code class="inline">module | false</code>
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
<code class="inline">false</code>
|
||||
</td>
|
||||
<td style="text-align: left" colspan=2>
|
||||
The resource used to store user identities.
|
||||
|
||||
Given that a user can be signed into multiple different
|
||||
authentication providers at once we use the
|
||||
`AshAuthentication.UserIdentity` resource to build a mapping
|
||||
between users, providers and that provider's uid.
|
||||
|
||||
See the Identities section of the module documentation for more
|
||||
information.
|
||||
|
||||
Set to `false` to disable.
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style="text-align: left">
|
||||
<a id="authentication-strategies-google-identity_relationship_name" href="#authentication-strategies-google-identity_relationship_name">
|
||||
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
||||
identity_relationship_name
|
||||
</span>
|
||||
</a>
|
||||
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
<code class="inline">atom</code>
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
<code class="inline">:identities</code>
|
||||
</td>
|
||||
<td style="text-align: left" colspan=2>
|
||||
Name of the relationship to the provider identities resource
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style="text-align: left">
|
||||
<a id="authentication-strategies-google-identity_relationship_user_id_attribute" href="#authentication-strategies-google-identity_relationship_user_id_attribute">
|
||||
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
||||
identity_relationship_user_id_attribute
|
||||
</span>
|
||||
</a>
|
||||
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
<code class="inline">atom</code>
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
<code class="inline">:user_id</code>
|
||||
</td>
|
||||
<td style="text-align: left" colspan=2>
|
||||
The name of the destination (user_id) attribute on your provider
|
||||
identity resource.
|
||||
|
||||
The only reason to change this would be if you changed the
|
||||
`user_id_attribute_name` option of the provider identity.
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
<tr>
|
||||
<td style="text-align: left">
|
||||
<a id="authentication-strategies-google-icon" href="#authentication-strategies-google-icon">
|
||||
<span style="font-family: Inconsolata, Menlo, Courier, monospace;">
|
||||
icon
|
||||
</span>
|
||||
</a>
|
||||
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
<code class="inline">atom</code>
|
||||
</td>
|
||||
<td style="text-align: left">
|
||||
<code class="inline">:oauth2</code>
|
||||
</td>
|
||||
<td style="text-align: left" colspan=2>
|
||||
The name of an icon to use in any potential UI.
|
||||
|
||||
This is a *hint* for UI generators to use, and not in any way canonical.
|
||||
|
||||
</td>
|
||||
</tr>
|
||||
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
### Introspection
|
||||
|
||||
Target: `AshAuthentication.Strategy.OAuth2`
|
||||
|
||||
|
|
@ -97,6 +97,7 @@ defmodule AshAuthentication do
|
|||
AshAuthentication.AddOn.Confirmation,
|
||||
AshAuthentication.Strategy.Auth0,
|
||||
AshAuthentication.Strategy.Github,
|
||||
AshAuthentication.Strategy.Google,
|
||||
AshAuthentication.Strategy.MagicLink,
|
||||
AshAuthentication.Strategy.OAuth2,
|
||||
AshAuthentication.Strategy.Oidc,
|
||||
|
|
31
lib/ash_authentication/strategies/google.ex
Normal file
31
lib/ash_authentication/strategies/google.ex
Normal file
|
@ -0,0 +1,31 @@
|
|||
defmodule AshAuthentication.Strategy.Google do
|
||||
alias __MODULE__.Dsl
|
||||
|
||||
@moduledoc """
|
||||
Strategy for authenticating using [Google](https://google.com)
|
||||
|
||||
This strategy builds on-top of `AshAuthentication.Strategy.OAuth2` and
|
||||
[`assent`](https://hex.pm/packages/assent).
|
||||
|
||||
In order to use Google you need to provide the following minimum configuration:
|
||||
|
||||
- `client_id`
|
||||
- `redirect_uri`
|
||||
- `client_secret`
|
||||
- `site`
|
||||
|
||||
See the [Google OAuth 2.0 Overview](https://developers.google.com/identity/protocols/oauth2)
|
||||
for Google setup details.
|
||||
|
||||
## DSL Documentation
|
||||
|
||||
#{Spark.Dsl.Extension.doc_entity(Dsl.dsl())}
|
||||
"""
|
||||
|
||||
alias AshAuthentication.Strategy.{Custom, OAuth2}
|
||||
|
||||
use Custom, entity: Dsl.dsl()
|
||||
|
||||
defdelegate transform(strategy, dsl_state), to: OAuth2
|
||||
defdelegate verify(strategy, dsl_state), to: OAuth2
|
||||
end
|
56
lib/ash_authentication/strategies/google/dsl.ex
Normal file
56
lib/ash_authentication/strategies/google/dsl.ex
Normal file
|
@ -0,0 +1,56 @@
|
|||
defmodule AshAuthentication.Strategy.Google.Dsl do
|
||||
@moduledoc false
|
||||
|
||||
alias AshAuthentication.Strategy.{Custom, OAuth2}
|
||||
|
||||
@doc false
|
||||
@spec dsl :: Custom.entity()
|
||||
def dsl do
|
||||
OAuth2.dsl()
|
||||
|> Map.merge(%{
|
||||
name: :google,
|
||||
args: [{:optional, :name, :google}],
|
||||
describe: """
|
||||
Provides a pre-configured authentication strategy for [Google](https://google.com/).
|
||||
|
||||
This strategy is built using the `:oauth2` strategy, and thus provides all the same
|
||||
configuration options should you need them.
|
||||
|
||||
See the [Google OAuth 2.0 Overview](https://developers.google.com/identity/protocols/oauth2)
|
||||
for Google setup details.
|
||||
|
||||
#### Strategy defaults:
|
||||
|
||||
#{strategy_override_docs(Assent.Strategy.Google)}
|
||||
|
||||
#### Schema:
|
||||
""",
|
||||
auto_set_fields: strategy_fields(Assent.Strategy.Google, icon: :google)
|
||||
})
|
||||
end
|
||||
|
||||
defp strategy_fields(strategy, params) do
|
||||
[]
|
||||
|> strategy.default_config()
|
||||
|> Keyword.put(:assent_strategy, strategy)
|
||||
|> Keyword.merge(params)
|
||||
end
|
||||
|
||||
defp strategy_override_docs(strategy) do
|
||||
defaults =
|
||||
[]
|
||||
|> strategy.default_config()
|
||||
|> Enum.map_join(
|
||||
".\n",
|
||||
fn {key, value} ->
|
||||
" * `#{inspect(key)}` is set to `#{inspect(value)}`"
|
||||
end
|
||||
)
|
||||
|
||||
"""
|
||||
The following defaults are applied:
|
||||
|
||||
#{defaults}.
|
||||
"""
|
||||
end
|
||||
end
|
8
mix.exs
8
mix.exs
|
@ -90,6 +90,12 @@ defmodule AshAuthentication.MixProject do
|
|||
target: "Ash.Resource",
|
||||
type: "Authentication Strategy"
|
||||
},
|
||||
%{
|
||||
module: AshAuthentication.Strategy.Google,
|
||||
name: "Google",
|
||||
target: "Ash.Resource",
|
||||
type: "Authentication Strategy"
|
||||
},
|
||||
%{
|
||||
module: AshAuthentication.Strategy.OAuth2,
|
||||
name: "OAuth2",
|
||||
|
@ -114,6 +120,7 @@ defmodule AshAuthentication.MixProject do
|
|||
AshAuthentication.Strategy,
|
||||
AshAuthentication.Strategy.Auth0,
|
||||
AshAuthentication.Strategy.Github,
|
||||
AshAuthentication.Strategy.Google,
|
||||
AshAuthentication.Strategy.MagicLink,
|
||||
AshAuthentication.Strategy.OAuth2,
|
||||
AshAuthentication.Strategy.Password
|
||||
|
@ -242,6 +249,7 @@ defmodule AshAuthentication.MixProject do
|
|||
"AshAuthentication.AddOn.Confirmation",
|
||||
"AshAuthentication.Strategy.Auth0",
|
||||
"AshAuthentication.Strategy.Github",
|
||||
"AshAuthentication.Strategy.Google",
|
||||
"AshAuthentication.Strategy.MagicLink",
|
||||
"AshAuthentication.Strategy.OAuth2",
|
||||
"AshAuthentication.Strategy.Oidc",
|
||||
|
|
Loading…
Reference in a new issue