feat: Add Google strategy (#474)

* feat: Add Google strategy * fix: include Google strategy cheat sheet * fix: Add documentation grouping for Google strategy * chore: update formatter. --------- Co-authored-by: James Harton <james@harton.nz>
2024-09-20 05:13:10 +12:00 · 2023-10-26 01:44:56 +02:00 · 2023-10-26 01:44:56 +02:00 · a4f68eb9e0
commit a4f68eb9e0
parent 0ff23b9acc
6 changed files with 940 additions and 0 deletions
--- a/.formatter.exs
+++ b/.formatter.exs
@ -29,6 +29,9 @@ spark_locals_without_parens = [
  github: 0,
  github: 1,
  github: 2,
  google: 0,
  google: 1,
  google: 2,
  hash_provider: 1,
  hashed_password_field: 1,
  icon: 1,
--- a/documentation/dsls/DSL:-AshAuthentication.Strategy.Google.cheatmd
+++ b/documentation/dsls/DSL:-AshAuthentication.Strategy.Google.cheatmd
@ -0,0 +1,841 @@
 <!--
 This file was generated by Spark. Do not edit it by hand.
 -->
 # DSL: AshAuthentication.Strategy.Google
 Strategy for authenticating using [Google](https://google.com)
 This strategy builds on-top of `AshAuthentication.Strategy.OAuth2` and
 [`assent`](https://hex.pm/packages/assent).
 In order to use Google you need to provide the following minimum configuration:
  - `client_id`
  - `redirect_uri`
  - `client_secret`
  - `site`
 See the [Google OAuth 2.0 Overview](https://developers.google.com/identity/protocols/oauth2)
 for Google setup details.
 ## DSL Documentation
 Provides a pre-configured authentication strategy for [Google](https://google.com/).
 This strategy is built using the `:oauth2` strategy, and thus provides all the same
 configuration options should you need them.
 See the [Google OAuth 2.0 Overview](https://developers.google.com/identity/protocols/oauth2)
 for Google setup details.
 #### Strategy defaults:
 The following defaults are applied:
  * `:site` is set to `"https://www.googleapis.com"`.
  * `:authorize_url` is set to `"https://accounts.google.com/o/oauth2/v2/auth"`.
  * `:token_url` is set to `"/oauth2/v4/token"`.
  * `:user_url` is set to `"/oauth2/v3/userinfo"`.
  * `:authorization_params` is set to `[scope: "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"]`.
  * `:auth_method` is set to `:client_secret_post`.
 #### Schema:
 * `:name` (`t:atom/0`) - Required. Uniquely identifies the strategy.
 * `:client_id` - Required. The OAuth2 client ID.  
  Takes either a module which implements the `AshAuthentication.Secret`
  behaviour, a 2 arity anonymous function or a string.  
  See the module documentation for `AshAuthentication.Secret` for more
  information.  
  Example:  
  ```elixir
  client_id fn _, resource ->
    :my_app
    |> Application.get_env(resource, [])
    |> Keyword.fetch(:oauth_client_id)
  end
  ```
 * `:site` - Required. The base URL of the OAuth2 server - including the leading protocol
  (ie `https://`).  
  Takes either a module which implements the `AshAuthentication.Secret`
  behaviour, a 2 arity anonymous function or a string.  
  See the module documentation for `AshAuthentication.Secret` for more
  information.  
  Example:  
  ```elixir
  site fn _, resource ->
    :my_app
    |> Application.get_env(resource, [])
    |> Keyword.fetch(:oauth_site)
  end
  ```
 * `:auth_method` - The authentication strategy used, optional. If not set, no
  authentication will be used during the access token request. The
  value may be one of the following:  
  * `:client_secret_basic`
  * `:client_secret_post`
  * `:client_secret_jwt`
  * `:private_key_jwt`
   Valid values are nil, :client_secret_basic, :client_secret_post, :client_secret_jwt, :private_key_jwt The default value is `:client_secret_post`.
 * `:client_secret` - The OAuth2 client secret.  
  Required if :auth_method is `:client_secret_basic`,
  `:client_secret_post` or `:client_secret_jwt`.  
  Takes either a module which implements the `AshAuthentication.Secret`
  behaviour, a 2 arity anonymous function or a string.  
  See the module documentation for `AshAuthentication.Secret` for more
  information.  
  Example:  
  ```elixir
  site fn _, resource ->
    :my_app
    |> Application.get_env(resource, [])
    |> Keyword.fetch(:oauth_site)
  end
  ```
 * `:authorize_url` - Required. The API url to the OAuth2 authorize endpoint.  
  Relative to the value of `site`.  
  Takes either a module which implements the `AshAuthentication.Secret`
  behaviour, a 2 arity anonymous function or a string.  
  See the module documentation for `AshAuthentication.Secret` for more
  information.  
  Example:  
  ```elixir
  authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end
  ```
 * `:token_url` - Required. The API url to access the token endpoint.  
  Relative to the value of `site`.  
  Takes either a module which implements the `AshAuthentication.Secret`
  behaviour, a 2 arity anonymous function or a string.  
  See the module documentation for `AshAuthentication.Secret` for more
  information.  
  Example:  
  ```elixir
  token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end
  ```
 * `:user_url` - Required. The API url to access the user endpoint.  
  Relative to the value of `site`.  
  Takes either a module which implements the `AshAuthentication.Secret`
  behaviour, a 2 arity anonymous function or a string.  
  See the module documentation for `AshAuthentication.Secret` for more
  information.  
  Example:  
  ```elixir
  user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end
  ```
 * `:private_key` - The private key to use if `:auth_method` is `:private_key_jwt`  
  Takes either a module which implements the `AshAuthentication.Secret`
  behaviour, a 2 arity anonymous function or a string.  
  See the module documentation for `AshAuthentication.Secret` for more
  information.
 * `:redirect_uri` - Required. The callback URI base.  
  Not the whole URI back to the callback endpoint, but the URI to your
  `AuthPlug`.  We can generate the rest.  
  Whilst not particularly secret, it seemed prudent to allow this to be
  configured dynamically so that you can use different URIs for
  different environments.  
  Takes either a module which implements the `AshAuthentication.Secret`
  behaviour, a 2 arity anonymous function or a string.  
  See the module documentation for `AshAuthentication.Secret` for more
  information.
 * `:authorization_params` (`t:keyword/0`) - Any additional parameters to encode in the request phase.  
  eg: `authorization_params scope: "openid profile email"` The default value is `[]`.
 * `:registration_enabled?` (`t:boolean/0`) - Is registration enabled for this provider?  
  If this option is enabled, then new users will be able to register for
  your site when authenticating and not already present.  
  If not, then only existing users will be able to authenticate. The default value is `true`.
 * `:register_action_name` (`t:atom/0`) - The name of the action to use to register a user.  
  Only needed if `registration_enabled?` is `true`.  
  Because we we don't know the response format of the server, you must
  implement your own registration action of the same name.  
  See the "Registration and Sign-in" section of the module
  documentation for more information.  
  The default is computed from the strategy name eg:
  `register_with_#{name}`.
 * `:sign_in_action_name` (`t:atom/0`) - The name of the action to use to sign in an existing user.  
  Only needed if `registration_enabled?` is `false`.  
  Because we don't know the response format of the server, you must
  implement your own sign-in action of the same name.  
  See the "Registration and Sign-in" section of the module
  documentation for more information.  
  The default is computed from the strategy name, eg:
  `sign_in_with_#{name}`.
 * `:identity_resource` - The resource used to store user identities.  
  Given that a user can be signed into multiple different
  authentication providers at once we use the
  `AshAuthentication.UserIdentity` resource to build a mapping
  between users, providers and that provider's uid.  
  See the Identities section of the module documentation for more
  information.  
  Set to `false` to disable. The default value is `false`.
 * `:identity_relationship_name` (`t:atom/0`) - Name of the relationship to the provider identities resource The default value is `:identities`.
 * `:identity_relationship_user_id_attribute` (`t:atom/0`) - The name of the destination (user_id) attribute on your provider
  identity resource.  
  The only reason to change this would be if you changed the
  `user_id_attribute_name` option of the provider identity. The default value is `:user_id`.
 * `:icon` (`t:atom/0`) - The name of an icon to use in any potential UI.  
  This is a *hint* for UI generators to use, and not in any way canonical. The default value is `:oauth2`.
 ## authentication.strategies.google
 ```elixir
 google name \ :google
 ```
 Provides a pre-configured authentication strategy for [Google](https://google.com/).
 This strategy is built using the `:oauth2` strategy, and thus provides all the same
 configuration options should you need them.
 See the [Google OAuth 2.0 Overview](https://developers.google.com/identity/protocols/oauth2)
 for Google setup details.
 ###### Strategy defaults:
 The following defaults are applied:
 * `:site` is set to `"https://www.googleapis.com"`.
 * `:authorize_url` is set to `"https://accounts.google.com/o/oauth2/v2/auth"`.
 * `:token_url` is set to `"/oauth2/v4/token"`.
 * `:user_url` is set to `"/oauth2/v3/userinfo"`.
 * `:authorization_params` is set to `[scope: "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"]`.
 * `:auth_method` is set to `:client_secret_post`.
 ###### Schema:
 ### Arguments
 <table>
  <thead>
    <tr>
      <th>Name</th>
      <th>Type</th>
      <th>Default</th>
      <th colspan=2>Docs</th>
    </tr>
  </thead>
  <tbody>
    <tr>
  <td style="text-align: left">
    <a id="authentication-strategies-google-name" href="#authentication-strategies-google-name">
      <span style="font-family: Inconsolata, Menlo, Courier, monospace;">
        name
      </span>
    </a>
      <sup style="color: red">*</sup>
  </td>
  <td style="text-align: left">
    <code class="inline">atom</code>
  </td>
  <td style="text-align: left">
  </td>
  <td style="text-align: left" colspan=2>
    Uniquely identifies the strategy.
  </td>
 </tr>
  </tbody>
 </table>
 ### Options
 <table>
  <thead>
    <tr>
      <th>Name</th>
      <th>Type</th>
      <th>Default</th>
      <th colspan=2>Docs</th>
    </tr>
  </thead>
  <tbody>
    <tr>
  <td style="text-align: left">
    <a id="authentication-strategies-google-client_id" href="#authentication-strategies-google-client_id">
      <span style="font-family: Inconsolata, Menlo, Courier, monospace;">
        client_id
      </span>
    </a>
      <sup style="color: red">*</sup>
  </td>
  <td style="text-align: left">
    <code class="inline">(any, any -> any) | module | String.t</code>
  </td>
  <td style="text-align: left">
  </td>
  <td style="text-align: left" colspan=2>
    The OAuth2 client ID.
 Takes either a module which implements the `AshAuthentication.Secret`
 behaviour, a 2 arity anonymous function or a string.
 See the module documentation for `AshAuthentication.Secret` for more
 information.
 Example:
 ```elixir
 client_id fn _, resource ->
  :my_app
  |> Application.get_env(resource, [])
  |> Keyword.fetch(:oauth_client_id)
 end
 ```
  </td>
 </tr>
 <tr>
  <td style="text-align: left">
    <a id="authentication-strategies-google-site" href="#authentication-strategies-google-site">
      <span style="font-family: Inconsolata, Menlo, Courier, monospace;">
        site
      </span>
    </a>
      <sup style="color: red">*</sup>
  </td>
  <td style="text-align: left">
    <code class="inline">(any, any -> any) | module | String.t</code>
  </td>
  <td style="text-align: left">
  </td>
  <td style="text-align: left" colspan=2>
    The base URL of the OAuth2 server - including the leading protocol
 (ie `https://`).
 Takes either a module which implements the `AshAuthentication.Secret`
 behaviour, a 2 arity anonymous function or a string.
 See the module documentation for `AshAuthentication.Secret` for more
 information.
 Example:
 ```elixir
 site fn _, resource ->
  :my_app
  |> Application.get_env(resource, [])
  |> Keyword.fetch(:oauth_site)
 end
 ```
  </td>
 </tr>
 <tr>
  <td style="text-align: left">
    <a id="authentication-strategies-google-authorize_url" href="#authentication-strategies-google-authorize_url">
      <span style="font-family: Inconsolata, Menlo, Courier, monospace;">
        authorize_url
      </span>
    </a>
      <sup style="color: red">*</sup>
  </td>
  <td style="text-align: left">
    <code class="inline">(any, any -> any) | module | String.t</code>
  </td>
  <td style="text-align: left">
  </td>
  <td style="text-align: left" colspan=2>
    The API url to the OAuth2 authorize endpoint.
 Relative to the value of `site`.
 Takes either a module which implements the `AshAuthentication.Secret`
 behaviour, a 2 arity anonymous function or a string.
 See the module documentation for `AshAuthentication.Secret` for more
 information.
 Example:
 ```elixir
 authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end
 ```
  </td>
 </tr>
 <tr>
  <td style="text-align: left">
    <a id="authentication-strategies-google-token_url" href="#authentication-strategies-google-token_url">
      <span style="font-family: Inconsolata, Menlo, Courier, monospace;">
        token_url
      </span>
    </a>
      <sup style="color: red">*</sup>
  </td>
  <td style="text-align: left">
    <code class="inline">(any, any -> any) | module | String.t</code>
  </td>
  <td style="text-align: left">
  </td>
  <td style="text-align: left" colspan=2>
    The API url to access the token endpoint.
 Relative to the value of `site`.
 Takes either a module which implements the `AshAuthentication.Secret`
 behaviour, a 2 arity anonymous function or a string.
 See the module documentation for `AshAuthentication.Secret` for more
 information.
 Example:
 ```elixir
 token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end
 ```
  </td>
 </tr>
 <tr>
  <td style="text-align: left">
    <a id="authentication-strategies-google-user_url" href="#authentication-strategies-google-user_url">
      <span style="font-family: Inconsolata, Menlo, Courier, monospace;">
        user_url
      </span>
    </a>
      <sup style="color: red">*</sup>
  </td>
  <td style="text-align: left">
    <code class="inline">(any, any -> any) | module | String.t</code>
  </td>
  <td style="text-align: left">
  </td>
  <td style="text-align: left" colspan=2>
    The API url to access the user endpoint.
 Relative to the value of `site`.
 Takes either a module which implements the `AshAuthentication.Secret`
 behaviour, a 2 arity anonymous function or a string.
 See the module documentation for `AshAuthentication.Secret` for more
 information.
 Example:
 ```elixir
 user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end
 ```
  </td>
 </tr>
 <tr>
  <td style="text-align: left">
    <a id="authentication-strategies-google-redirect_uri" href="#authentication-strategies-google-redirect_uri">
      <span style="font-family: Inconsolata, Menlo, Courier, monospace;">
        redirect_uri
      </span>
    </a>
      <sup style="color: red">*</sup>
  </td>
  <td style="text-align: left">
    <code class="inline">(any, any -> any) | module | String.t</code>
  </td>
  <td style="text-align: left">
  </td>
  <td style="text-align: left" colspan=2>
    The callback URI base.
 Not the whole URI back to the callback endpoint, but the URI to your
 `AuthPlug`.  We can generate the rest.
 Whilst not particularly secret, it seemed prudent to allow this to be
 configured dynamically so that you can use different URIs for
 different environments.
 Takes either a module which implements the `AshAuthentication.Secret`
 behaviour, a 2 arity anonymous function or a string.
 See the module documentation for `AshAuthentication.Secret` for more
 information.
  </td>
 </tr>
 <tr>
  <td style="text-align: left">
    <a id="authentication-strategies-google-auth_method" href="#authentication-strategies-google-auth_method">
      <span style="font-family: Inconsolata, Menlo, Courier, monospace;">
        auth_method
      </span>
    </a>
  </td>
  <td style="text-align: left">
    <code class="inline">nil | :client_secret_basic | :client_secret_post | :client_secret_jwt | :private_key_jwt</code>
  </td>
  <td style="text-align: left">
    <code class="inline">:client_secret_post</code>
  </td>
  <td style="text-align: left" colspan=2>
    The authentication strategy used, optional. If not set, no
 authentication will be used during the access token request. The
 value may be one of the following:
 * `:client_secret_basic`
 * `:client_secret_post`
 * `:client_secret_jwt`
 * `:private_key_jwt`
  </td>
 </tr>
 <tr>
  <td style="text-align: left">
    <a id="authentication-strategies-google-client_secret" href="#authentication-strategies-google-client_secret">
      <span style="font-family: Inconsolata, Menlo, Courier, monospace;">
        client_secret
      </span>
    </a>
  </td>
  <td style="text-align: left">
    <code class="inline">(any, any -> any) | module | String.t</code>
  </td>
  <td style="text-align: left">
  </td>
  <td style="text-align: left" colspan=2>
    The OAuth2 client secret.
 Required if :auth_method is `:client_secret_basic`,
 `:client_secret_post` or `:client_secret_jwt`.
 Takes either a module which implements the `AshAuthentication.Secret`
 behaviour, a 2 arity anonymous function or a string.
 See the module documentation for `AshAuthentication.Secret` for more
 information.
 Example:
 ```elixir
 site fn _, resource ->
  :my_app
  |> Application.get_env(resource, [])
  |> Keyword.fetch(:oauth_site)
 end
 ```
  </td>
 </tr>
 <tr>
  <td style="text-align: left">
    <a id="authentication-strategies-google-private_key" href="#authentication-strategies-google-private_key">
      <span style="font-family: Inconsolata, Menlo, Courier, monospace;">
        private_key
      </span>
    </a>
  </td>
  <td style="text-align: left">
    <code class="inline">(any, any -> any) | module | String.t</code>
  </td>
  <td style="text-align: left">
  </td>
  <td style="text-align: left" colspan=2>
    The private key to use if `:auth_method` is `:private_key_jwt`
 Takes either a module which implements the `AshAuthentication.Secret`
 behaviour, a 2 arity anonymous function or a string.
 See the module documentation for `AshAuthentication.Secret` for more
 information.
  </td>
 </tr>
 <tr>
  <td style="text-align: left">
    <a id="authentication-strategies-google-authorization_params" href="#authentication-strategies-google-authorization_params">
      <span style="font-family: Inconsolata, Menlo, Courier, monospace;">
        authorization_params
      </span>
    </a>
  </td>
  <td style="text-align: left">
    <code class="inline">Keyword.t</code>
  </td>
  <td style="text-align: left">
    <code class="inline">[]</code>
  </td>
  <td style="text-align: left" colspan=2>
    Any additional parameters to encode in the request phase.
 eg: `authorization_params scope: "openid profile email"`
  </td>
 </tr>
 <tr>
  <td style="text-align: left">
    <a id="authentication-strategies-google-registration_enabled?" href="#authentication-strategies-google-registration_enabled?">
      <span style="font-family: Inconsolata, Menlo, Courier, monospace;">
        registration_enabled?
      </span>
    </a>
  </td>
  <td style="text-align: left">
    <code class="inline">boolean</code>
  </td>
  <td style="text-align: left">
    <code class="inline">true</code>
  </td>
  <td style="text-align: left" colspan=2>
    Is registration enabled for this provider?
 If this option is enabled, then new users will be able to register for
 your site when authenticating and not already present.
 If not, then only existing users will be able to authenticate.
  </td>
 </tr>
 <tr>
  <td style="text-align: left">
    <a id="authentication-strategies-google-register_action_name" href="#authentication-strategies-google-register_action_name">
      <span style="font-family: Inconsolata, Menlo, Courier, monospace;">
        register_action_name
      </span>
    </a>
  </td>
  <td style="text-align: left">
    <code class="inline">atom</code>
  </td>
  <td style="text-align: left">
  </td>
  <td style="text-align: left" colspan=2>
    The name of the action to use to register a user.
 Only needed if `registration_enabled?` is `true`.
 Because we we don't know the response format of the server, you must
 implement your own registration action of the same name.
 See the "Registration and Sign-in" section of the module
 documentation for more information.
 The default is computed from the strategy name eg:
 `register_with_#{name}`.
  </td>
 </tr>
 <tr>
  <td style="text-align: left">
    <a id="authentication-strategies-google-sign_in_action_name" href="#authentication-strategies-google-sign_in_action_name">
      <span style="font-family: Inconsolata, Menlo, Courier, monospace;">
        sign_in_action_name
      </span>
    </a>
  </td>
  <td style="text-align: left">
    <code class="inline">atom</code>
  </td>
  <td style="text-align: left">
  </td>
  <td style="text-align: left" colspan=2>
    The name of the action to use to sign in an existing user.
 Only needed if `registration_enabled?` is `false`.
 Because we don't know the response format of the server, you must
 implement your own sign-in action of the same name.
 See the "Registration and Sign-in" section of the module
 documentation for more information.
 The default is computed from the strategy name, eg:
 `sign_in_with_#{name}`.
  </td>
 </tr>
 <tr>
  <td style="text-align: left">
    <a id="authentication-strategies-google-identity_resource" href="#authentication-strategies-google-identity_resource">
      <span style="font-family: Inconsolata, Menlo, Courier, monospace;">
        identity_resource
      </span>
    </a>
  </td>
  <td style="text-align: left">
    <code class="inline">module | false</code>
  </td>
  <td style="text-align: left">
    <code class="inline">false</code>
  </td>
  <td style="text-align: left" colspan=2>
    The resource used to store user identities.
 Given that a user can be signed into multiple different
 authentication providers at once we use the
 `AshAuthentication.UserIdentity` resource to build a mapping
 between users, providers and that provider's uid.
 See the Identities section of the module documentation for more
 information.
 Set to `false` to disable.
  </td>
 </tr>
 <tr>
  <td style="text-align: left">
    <a id="authentication-strategies-google-identity_relationship_name" href="#authentication-strategies-google-identity_relationship_name">
      <span style="font-family: Inconsolata, Menlo, Courier, monospace;">
        identity_relationship_name
      </span>
    </a>
  </td>
  <td style="text-align: left">
    <code class="inline">atom</code>
  </td>
  <td style="text-align: left">
    <code class="inline">:identities</code>
  </td>
  <td style="text-align: left" colspan=2>
    Name of the relationship to the provider identities resource
  </td>
 </tr>
 <tr>
  <td style="text-align: left">
    <a id="authentication-strategies-google-identity_relationship_user_id_attribute" href="#authentication-strategies-google-identity_relationship_user_id_attribute">
      <span style="font-family: Inconsolata, Menlo, Courier, monospace;">
        identity_relationship_user_id_attribute
      </span>
    </a>
  </td>
  <td style="text-align: left">
    <code class="inline">atom</code>
  </td>
  <td style="text-align: left">
    <code class="inline">:user_id</code>
  </td>
  <td style="text-align: left" colspan=2>
    The name of the destination (user_id) attribute on your provider
 identity resource.
 The only reason to change this would be if you changed the
 `user_id_attribute_name` option of the provider identity.
  </td>
 </tr>
 <tr>
  <td style="text-align: left">
    <a id="authentication-strategies-google-icon" href="#authentication-strategies-google-icon">
      <span style="font-family: Inconsolata, Menlo, Courier, monospace;">
        icon
      </span>
    </a>
  </td>
  <td style="text-align: left">
    <code class="inline">atom</code>
  </td>
  <td style="text-align: left">
    <code class="inline">:oauth2</code>
  </td>
  <td style="text-align: left" colspan=2>
    The name of an icon to use in any potential UI.
 This is a *hint* for UI generators to use, and not in any way canonical.
  </td>
 </tr>
  </tbody>
 </table>
 ### Introspection
 Target: `AshAuthentication.Strategy.OAuth2`
--- a/lib/ash_authentication.ex
+++ b/lib/ash_authentication.ex
@ -97,6 +97,7 @@ defmodule AshAuthentication do
    AshAuthentication.AddOn.Confirmation,
    AshAuthentication.Strategy.Auth0,
    AshAuthentication.Strategy.Github,
    AshAuthentication.Strategy.Google,
    AshAuthentication.Strategy.MagicLink,
    AshAuthentication.Strategy.OAuth2,
    AshAuthentication.Strategy.Oidc,
--- a/lib/ash_authentication/strategies/google.ex
+++ b/lib/ash_authentication/strategies/google.ex
@ -0,0 +1,31 @@
 defmodule AshAuthentication.Strategy.Google do
  alias __MODULE__.Dsl
  @moduledoc """
  Strategy for authenticating using [Google](https://google.com)
  This strategy builds on-top of `AshAuthentication.Strategy.OAuth2` and
  [`assent`](https://hex.pm/packages/assent).
  In order to use Google you need to provide the following minimum configuration:
    - `client_id`
    - `redirect_uri`
    - `client_secret`
    - `site`
  See the [Google OAuth 2.0 Overview](https://developers.google.com/identity/protocols/oauth2)
  for Google setup details.
  ## DSL Documentation
  #{Spark.Dsl.Extension.doc_entity(Dsl.dsl())}
  """
  alias AshAuthentication.Strategy.{Custom, OAuth2}
  use Custom, entity: Dsl.dsl()
  defdelegate transform(strategy, dsl_state), to: OAuth2
  defdelegate verify(strategy, dsl_state), to: OAuth2
 end
--- a/lib/ash_authentication/strategies/google/dsl.ex
+++ b/lib/ash_authentication/strategies/google/dsl.ex
@ -0,0 +1,56 @@
 defmodule AshAuthentication.Strategy.Google.Dsl do
  @moduledoc false
  alias AshAuthentication.Strategy.{Custom, OAuth2}
  @doc false
  @spec dsl :: Custom.entity()
  def dsl do
    OAuth2.dsl()
    |> Map.merge(%{
      name: :google,
      args: [{:optional, :name, :google}],
      describe: """
      Provides a pre-configured authentication strategy for [Google](https://google.com/).
      This strategy is built using the `:oauth2` strategy, and thus provides all the same
      configuration options should you need them.
      See the [Google OAuth 2.0 Overview](https://developers.google.com/identity/protocols/oauth2)
      for Google setup details.
      #### Strategy defaults:
      #{strategy_override_docs(Assent.Strategy.Google)}
      #### Schema:
      """,
      auto_set_fields: strategy_fields(Assent.Strategy.Google, icon: :google)
    })
  end
  defp strategy_fields(strategy, params) do
    []
    |> strategy.default_config()
    |> Keyword.put(:assent_strategy, strategy)
    |> Keyword.merge(params)
  end
  defp strategy_override_docs(strategy) do
    defaults =
      []
      |> strategy.default_config()
      |> Enum.map_join(
        ".\n",
        fn {key, value} ->
          "  * `#{inspect(key)}` is set to `#{inspect(value)}`"
        end
      )
    """
    The following defaults are applied:
    #{defaults}.
    """
  end
 end
--- a/mix.exs
+++ b/mix.exs
@ -90,6 +90,12 @@ defmodule AshAuthentication.MixProject do
              target: "Ash.Resource",
              type: "Authentication Strategy"
            },
            %{
              module: AshAuthentication.Strategy.Google,
              name: "Google",
              target: "Ash.Resource",
              type: "Authentication Strategy"
            },
            %{
              module: AshAuthentication.Strategy.OAuth2,
              name: "OAuth2",
@ -114,6 +120,7 @@ defmodule AshAuthentication.MixProject do
            AshAuthentication.Strategy,
            AshAuthentication.Strategy.Auth0,
            AshAuthentication.Strategy.Github,
            AshAuthentication.Strategy.Google,
            AshAuthentication.Strategy.MagicLink,
            AshAuthentication.Strategy.OAuth2,
            AshAuthentication.Strategy.Password
@ -242,6 +249,7 @@ defmodule AshAuthentication.MixProject do
      "AshAuthentication.AddOn.Confirmation",
      "AshAuthentication.Strategy.Auth0",
      "AshAuthentication.Strategy.Github",
      "AshAuthentication.Strategy.Google",
      "AshAuthentication.Strategy.MagicLink",
      "AshAuthentication.Strategy.OAuth2",
      "AshAuthentication.Strategy.Oidc",