mirror of
https://github.com/team-alembic/ash_authentication.git
synced 2024-09-21 13:53:25 +12:00
docs: update ex_doc, overhaul underlying doc structure
docs: make all DSL docs one liners (now required by spark)
This commit is contained in:
parent
ae2fb8c42a
commit
ba44d56820
32 changed files with 325 additions and 1910 deletions
|
@ -88,68 +88,6 @@ to interact with the plugs directly, you can do so via the
|
||||||
...> user.confirmed_at >= one_second_ago()
|
...> user.confirmed_at >= one_second_ago()
|
||||||
true
|
true
|
||||||
|
|
||||||
## DSL Documentation
|
|
||||||
|
|
||||||
User confirmation flow
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
* `:name` (`t:atom/0`) - Required. Uniquely identifies the add-on.
|
|
||||||
|
|
||||||
* `:token_lifetime` - How long should the confirmation token be valid.
|
|
||||||
If no unit is provided, then hours is assumed.
|
|
||||||
Defaults to 3 days. The default value is `{3, :days}`.
|
|
||||||
|
|
||||||
* `:monitor_fields` (list of `t:atom/0`) - Required. A list of fields to monitor for changes (eg `[:email, :phone_number]`).
|
|
||||||
The confirmation will only be sent when one of these fields are changed.
|
|
||||||
|
|
||||||
* `:confirmed_at_field` (`t:atom/0`) - The name of a field to store the time that the last confirmation took
|
|
||||||
place.
|
|
||||||
This attribute will be dynamically added to the resource if not already
|
|
||||||
present. The default value is `:confirmed_at`.
|
|
||||||
|
|
||||||
* `:confirm_on_create?` (`t:boolean/0`) - Generate and send a confirmation token when a new resource is created?
|
|
||||||
Will only trigger when a create action is executed _and_ one of the
|
|
||||||
monitored fields is being set. The default value is `true`.
|
|
||||||
|
|
||||||
* `:confirm_on_update?` (`t:boolean/0`) - Generate and send a confirmation token when a resource is changed?
|
|
||||||
Will only trigger when an update action is executed _and_ one of the
|
|
||||||
monitored fields is being set. The default value is `true`.
|
|
||||||
|
|
||||||
* `:inhibit_updates?` (`t:boolean/0`) - Wait until confirmation is received before actually changing a monitored
|
|
||||||
field?
|
|
||||||
If a change to a monitored field is detected, then the change is stored
|
|
||||||
in the token resource and the changeset updated to not make the
|
|
||||||
requested change. When the token is confirmed, the change will be
|
|
||||||
applied.
|
|
||||||
This could be potentially weird for your users, but useful in the case
|
|
||||||
of a user changing their email address or phone number where you want
|
|
||||||
to verify that the new contact details are reachable. The default value is `true`.
|
|
||||||
|
|
||||||
* `:sender` - Required. How to send the confirmation instructions to the user.
|
|
||||||
Allows you to glue sending of confirmation instructions to
|
|
||||||
[swoosh](https://hex.pm/packages/swoosh),
|
|
||||||
[ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification
|
|
||||||
system is appropriate for your application.
|
|
||||||
Accepts a module, module and opts, or a function that takes a record,
|
|
||||||
reset token and options.
|
|
||||||
The options will be a keyword list containing the original
|
|
||||||
changeset, before any changes were inhibited. This allows you
|
|
||||||
to send an email to the user's new email address if it is being
|
|
||||||
changed for example.
|
|
||||||
See `AshAuthentication.Sender` for more information.
|
|
||||||
|
|
||||||
* `:confirm_action_name` (`t:atom/0`) - The name of the action to use when performing confirmation.
|
|
||||||
If this action is not already present on the resource, it will be
|
|
||||||
created for you. The default value is `:confirm`.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## authentication.add_ons.confirmation
|
## authentication.add_ons.confirmation
|
||||||
|
@ -173,14 +111,14 @@ User confirmation flow
|
||||||
|
|
||||||
| Name | Type | Default | Docs |
|
| Name | Type | Default | Docs |
|
||||||
|------|------|---------|------|
|
|------|------|---------|------|
|
||||||
| [`monitor_fields`](#authentication-add_ons-confirmation-monitor_fields){: #authentication-add_ons-confirmation-monitor_fields .spark-required} | `list(atom)` | | A list of fields to monitor for changes (eg `[:email, :phone_number]`). The confirmation will only be sent when one of these fields are changed. |
|
| [`monitor_fields`](#authentication-add_ons-confirmation-monitor_fields){: #authentication-add_ons-confirmation-monitor_fields .spark-required} | `list(atom)` | | A list of fields to monitor for changes. Confirmation will be sent when one of these fields are changed. |
|
||||||
| [`sender`](#authentication-add_ons-confirmation-sender){: #authentication-add_ons-confirmation-sender .spark-required} | `(any, any, any -> any) \| module` | | How to send the confirmation instructions to the user. Allows you to glue sending of confirmation instructions to [swoosh](https://hex.pm/packages/swoosh), [ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification system is appropriate for your application. Accepts a module, module and opts, or a function that takes a record, reset token and options. The options will be a keyword list containing the original changeset, before any changes were inhibited. This allows you to send an email to the user's new email address if it is being changed for example. See `AshAuthentication.Sender` for more information. |
|
| [`sender`](#authentication-add_ons-confirmation-sender){: #authentication-add_ons-confirmation-sender .spark-required} | `(any, any, any -> any) \| module` | | How to send the confirmation instructions to the user. |
|
||||||
| [`token_lifetime`](#authentication-add_ons-confirmation-token_lifetime){: #authentication-add_ons-confirmation-token_lifetime } | `pos_integer \| {pos_integer, :days \| :hours \| :minutes \| :seconds}` | `{3, :days}` | How long should the confirmation token be valid. If no unit is provided, then hours is assumed. Defaults to 3 days. |
|
| [`token_lifetime`](#authentication-add_ons-confirmation-token_lifetime){: #authentication-add_ons-confirmation-token_lifetime } | `pos_integer \| {pos_integer, :days \| :hours \| :minutes \| :seconds}` | `{3, :days}` | How long should the confirmation token be valid. If no unit is provided, then hours is assumed. |
|
||||||
| [`confirmed_at_field`](#authentication-add_ons-confirmation-confirmed_at_field){: #authentication-add_ons-confirmation-confirmed_at_field } | `atom` | `:confirmed_at` | The name of a field to store the time that the last confirmation took place. This attribute will be dynamically added to the resource if not already present. |
|
| [`confirmed_at_field`](#authentication-add_ons-confirmation-confirmed_at_field){: #authentication-add_ons-confirmation-confirmed_at_field } | `atom` | `:confirmed_at` | The name of the field to store the time that the last confirmation took place. Created if it does not exist. |
|
||||||
| [`confirm_on_create?`](#authentication-add_ons-confirmation-confirm_on_create?){: #authentication-add_ons-confirmation-confirm_on_create? } | `boolean` | `true` | Generate and send a confirmation token when a new resource is created? Will only trigger when a create action is executed _and_ one of the monitored fields is being set. |
|
| [`confirm_on_create?`](#authentication-add_ons-confirmation-confirm_on_create?){: #authentication-add_ons-confirmation-confirm_on_create? } | `boolean` | `true` | Generate and send a confirmation token when a new resource is created. Triggers when a create action is executed _and_ one of the monitored fields is being set. |
|
||||||
| [`confirm_on_update?`](#authentication-add_ons-confirmation-confirm_on_update?){: #authentication-add_ons-confirmation-confirm_on_update? } | `boolean` | `true` | Generate and send a confirmation token when a resource is changed? Will only trigger when an update action is executed _and_ one of the monitored fields is being set. |
|
| [`confirm_on_update?`](#authentication-add_ons-confirmation-confirm_on_update?){: #authentication-add_ons-confirmation-confirm_on_update? } | `boolean` | `true` | Generate and send a confirmation token when a resource is changed. Triggers when an update action is executed _and_ one of the monitored fields is being set. |
|
||||||
| [`inhibit_updates?`](#authentication-add_ons-confirmation-inhibit_updates?){: #authentication-add_ons-confirmation-inhibit_updates? } | `boolean` | `true` | Wait until confirmation is received before actually changing a monitored field? If a change to a monitored field is detected, then the change is stored in the token resource and the changeset updated to not make the requested change. When the token is confirmed, the change will be applied. This could be potentially weird for your users, but useful in the case of a user changing their email address or phone number where you want to verify that the new contact details are reachable. |
|
| [`inhibit_updates?`](#authentication-add_ons-confirmation-inhibit_updates?){: #authentication-add_ons-confirmation-inhibit_updates? } | `boolean` | `true` | Whether or not to wait until confirmation is received before actually changing a monitored field. See [the confirmation guide](/documentation/topics/confirmation.md) for more. |
|
||||||
| [`confirm_action_name`](#authentication-add_ons-confirmation-confirm_action_name){: #authentication-add_ons-confirmation-confirm_action_name } | `atom` | `:confirm` | The name of the action to use when performing confirmation. If this action is not already present on the resource, it will be created for you. |
|
| [`confirm_action_name`](#authentication-add_ons-confirmation-confirm_action_name){: #authentication-add_ons-confirmation-confirm_action_name } | `atom` | `:confirm` | The name of the action to use when performing confirmation. Will be created if it does not already exist. |
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -18,198 +18,6 @@ In order to use Auth0 you need to provide the following minimum configuration:
|
||||||
See the [Auth0 quickstart guide](/documentation/tutorials/auth0-quickstart.md)
|
See the [Auth0 quickstart guide](/documentation/tutorials/auth0-quickstart.md)
|
||||||
for more information.
|
for more information.
|
||||||
|
|
||||||
## DSL Documentation
|
|
||||||
|
|
||||||
Provides a pre-configured authentication strategy for [Auth0](https://auth0.com/).
|
|
||||||
|
|
||||||
This strategy is built using the `:oauth2` strategy, and thus provides all the same
|
|
||||||
configuration options should you need them.
|
|
||||||
|
|
||||||
For more information see the [Auth0 Quick Start Guide](/documentation/tutorials/auth0-quickstart.md)
|
|
||||||
in our documentation.
|
|
||||||
|
|
||||||
#### Strategy defaults:
|
|
||||||
|
|
||||||
The following defaults are applied:
|
|
||||||
|
|
||||||
* `:authorize_url` is set to `"/authorize"`.
|
|
||||||
* `:token_url` is set to `"/oauth/token"`.
|
|
||||||
* `:user_url` is set to `"/userinfo"`.
|
|
||||||
* `:authorization_params` is set to `[scope: "openid profile email"]`.
|
|
||||||
* `:auth_method` is set to `:client_secret_post`.
|
|
||||||
|
|
||||||
|
|
||||||
#### Schema:
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
* `:name` (`t:atom/0`) - Required. Uniquely identifies the strategy.
|
|
||||||
|
|
||||||
* `:client_id` - Required. The OAuth2 client ID.
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
```elixir
|
|
||||||
client_id fn _, resource ->
|
|
||||||
:my_app
|
|
||||||
|> Application.get_env(resource, [])
|
|
||||||
|> Keyword.fetch(:oauth_client_id)
|
|
||||||
end
|
|
||||||
```
|
|
||||||
|
|
||||||
* `:base_url` - The base URL of the OAuth2 server - including the leading protocol
|
|
||||||
(ie `https://`).
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
```elixir
|
|
||||||
base_url fn _, resource ->
|
|
||||||
:my_app
|
|
||||||
|> Application.get_env(resource, [])
|
|
||||||
|> Keyword.fetch(:oauth_site)
|
|
||||||
end
|
|
||||||
```
|
|
||||||
|
|
||||||
* `:site` - Deprecated: Use `base_url` instead.
|
|
||||||
|
|
||||||
* `:auth_method` - The authentication strategy used, optional. If not set, no
|
|
||||||
authentication will be used during the access token request. The
|
|
||||||
value may be one of the following:
|
|
||||||
* `:client_secret_basic`
|
|
||||||
* `:client_secret_post`
|
|
||||||
* `:client_secret_jwt`
|
|
||||||
* `:private_key_jwt`
|
|
||||||
Valid values are nil, :client_secret_basic, :client_secret_post, :client_secret_jwt, :private_key_jwt The default value is `:client_secret_post`.
|
|
||||||
|
|
||||||
* `:client_secret` - The OAuth2 client secret.
|
|
||||||
Required if :auth_method is `:client_secret_basic`,
|
|
||||||
`:client_secret_post` or `:client_secret_jwt`.
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
```elixir
|
|
||||||
site fn _, resource ->
|
|
||||||
:my_app
|
|
||||||
|> Application.get_env(resource, [])
|
|
||||||
|> Keyword.fetch(:oauth_site)
|
|
||||||
end
|
|
||||||
```
|
|
||||||
|
|
||||||
* `:authorize_url` - Required. The API url to the OAuth2 authorize endpoint.
|
|
||||||
Relative to the value of `site`.
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
```elixir
|
|
||||||
authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end
|
|
||||||
```
|
|
||||||
|
|
||||||
* `:token_url` - Required. The API url to access the token endpoint.
|
|
||||||
Relative to the value of `site`.
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
```elixir
|
|
||||||
token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end
|
|
||||||
```
|
|
||||||
|
|
||||||
* `:user_url` - Required. The API url to access the user endpoint.
|
|
||||||
Relative to the value of `site`.
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
```elixir
|
|
||||||
user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end
|
|
||||||
```
|
|
||||||
|
|
||||||
* `:private_key` - The private key to use if `:auth_method` is `:private_key_jwt`
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
* `:redirect_uri` - Required. The callback URI base.
|
|
||||||
Not the whole URI back to the callback endpoint, but the URI to your
|
|
||||||
`AuthPlug`. We can generate the rest.
|
|
||||||
Whilst not particularly secret, it seemed prudent to allow this to be
|
|
||||||
configured dynamically so that you can use different URIs for
|
|
||||||
different environments.
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
* `:authorization_params` (`t:keyword/0`) - Any additional parameters to encode in the request phase.
|
|
||||||
eg: `authorization_params scope: "openid profile email"` The default value is `[]`.
|
|
||||||
|
|
||||||
* `:registration_enabled?` (`t:boolean/0`) - Is registration enabled for this provider?
|
|
||||||
If this option is enabled, then new users will be able to register for
|
|
||||||
your site when authenticating and not already present.
|
|
||||||
If not, then only existing users will be able to authenticate. The default value is `true`.
|
|
||||||
|
|
||||||
* `:register_action_name` (`t:atom/0`) - The name of the action to use to register a user.
|
|
||||||
Only needed if `registration_enabled?` is `true`.
|
|
||||||
Because we we don't know the response format of the server, you must
|
|
||||||
implement your own registration action of the same name.
|
|
||||||
See the "Registration and Sign-in" section of the module
|
|
||||||
documentation for more information.
|
|
||||||
The default is computed from the strategy name eg:
|
|
||||||
`register_with_#{name}`.
|
|
||||||
|
|
||||||
* `:sign_in_action_name` (`t:atom/0`) - The name of the action to use to sign in an existing user.
|
|
||||||
Only needed if `registration_enabled?` is `false`.
|
|
||||||
Because we don't know the response format of the server, you must
|
|
||||||
implement your own sign-in action of the same name.
|
|
||||||
See the "Registration and Sign-in" section of the module
|
|
||||||
documentation for more information.
|
|
||||||
The default is computed from the strategy name, eg:
|
|
||||||
`sign_in_with_#{name}`.
|
|
||||||
|
|
||||||
* `:identity_resource` - The resource used to store user identities.
|
|
||||||
Given that a user can be signed into multiple different
|
|
||||||
authentication providers at once we use the
|
|
||||||
`AshAuthentication.UserIdentity` resource to build a mapping
|
|
||||||
between users, providers and that provider's uid.
|
|
||||||
See the Identities section of the module documentation for more
|
|
||||||
information.
|
|
||||||
Set to `false` to disable. The default value is `false`.
|
|
||||||
|
|
||||||
* `:identity_relationship_name` (`t:atom/0`) - Name of the relationship to the provider identities resource The default value is `:identities`.
|
|
||||||
|
|
||||||
* `:identity_relationship_user_id_attribute` (`t:atom/0`) - The name of the destination (user_id) attribute on your provider
|
|
||||||
identity resource.
|
|
||||||
The only reason to change this would be if you changed the
|
|
||||||
`user_id_attribute_name` option of the provider identity. The default value is `:user_id`.
|
|
||||||
|
|
||||||
* `:icon` (`t:atom/0`) - The name of an icon to use in any potential UI.
|
|
||||||
This is a *hint* for UI generators to use, and not in any way canonical. The default value is `:oauth2`.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## authentication.strategies.auth0
|
## authentication.strategies.auth0
|
||||||
|
@ -237,8 +45,6 @@ The following defaults are applied:
|
||||||
* `:auth_method` is set to `:client_secret_post`.
|
* `:auth_method` is set to `:client_secret_post`.
|
||||||
|
|
||||||
|
|
||||||
###### Schema:
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -253,23 +59,23 @@ The following defaults are applied:
|
||||||
|
|
||||||
| Name | Type | Default | Docs |
|
| Name | Type | Default | Docs |
|
||||||
|------|------|---------|------|
|
|------|------|---------|------|
|
||||||
| [`client_id`](#authentication-strategies-auth0-client_id){: #authentication-strategies-auth0-client_id .spark-required} | `(any, any -> any) \| module \| String.t` | | The OAuth2 client ID. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir client_id fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_client_id) end ``` |
|
| [`client_id`](#authentication-strategies-auth0-client_id){: #authentication-strategies-auth0-client_id .spark-required} | `(any, any -> any) \| module \| String.t` | | The OAuth2 client ID. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`authorize_url`](#authentication-strategies-auth0-authorize_url){: #authentication-strategies-auth0-authorize_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to the OAuth2 authorize endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end ``` |
|
| [`authorize_url`](#authentication-strategies-auth0-authorize_url){: #authentication-strategies-auth0-authorize_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to the OAuth2 authorize endpoint, relative to `site`, e.g `authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`token_url`](#authentication-strategies-auth0-token_url){: #authentication-strategies-auth0-token_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the token endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end ``` |
|
| [`token_url`](#authentication-strategies-auth0-token_url){: #authentication-strategies-auth0-token_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the token endpoint, relative to `site`, e.g `token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`user_url`](#authentication-strategies-auth0-user_url){: #authentication-strategies-auth0-user_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the user endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end ``` |
|
| [`user_url`](#authentication-strategies-auth0-user_url){: #authentication-strategies-auth0-user_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the user endpoint, relative to `site`, e.g `user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`redirect_uri`](#authentication-strategies-auth0-redirect_uri){: #authentication-strategies-auth0-redirect_uri .spark-required} | `(any, any -> any) \| module \| String.t` | | The callback URI base. Not the whole URI back to the callback endpoint, but the URI to your `AuthPlug`. We can generate the rest. Whilst not particularly secret, it seemed prudent to allow this to be configured dynamically so that you can use different URIs for different environments. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. |
|
| [`redirect_uri`](#authentication-strategies-auth0-redirect_uri){: #authentication-strategies-auth0-redirect_uri .spark-required} | `(any, any -> any) \| module \| String.t` | | The callback URI *base*. Not the whole URI back to the callback endpoint, but the URI to your `AuthPlug`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`base_url`](#authentication-strategies-auth0-base_url){: #authentication-strategies-auth0-base_url } | `(any, any -> any) \| module \| String.t` | | The base URL of the OAuth2 server - including the leading protocol (ie `https://`). Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir base_url fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_site) end ``` |
|
| [`base_url`](#authentication-strategies-auth0-base_url){: #authentication-strategies-auth0-base_url } | `(any, any -> any) \| module \| String.t` | | The base URL of the OAuth2 server - including the leading protocol (ie `https://`). Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`site`](#authentication-strategies-auth0-site){: #authentication-strategies-auth0-site } | `(any, any -> any) \| module \| String.t` | | Deprecated: Use `base_url` instead. |
|
| [`site`](#authentication-strategies-auth0-site){: #authentication-strategies-auth0-site } | `(any, any -> any) \| module \| String.t` | | Deprecated: Use `base_url` instead. |
|
||||||
| [`auth_method`](#authentication-strategies-auth0-auth_method){: #authentication-strategies-auth0-auth_method } | `nil \| :client_secret_basic \| :client_secret_post \| :client_secret_jwt \| :private_key_jwt` | `:client_secret_post` | The authentication strategy used, optional. If not set, no authentication will be used during the access token request. The value may be one of the following: * `:client_secret_basic` * `:client_secret_post` * `:client_secret_jwt` * `:private_key_jwt` |
|
| [`auth_method`](#authentication-strategies-auth0-auth_method){: #authentication-strategies-auth0-auth_method } | `nil \| :client_secret_basic \| :client_secret_post \| :client_secret_jwt \| :private_key_jwt` | `:client_secret_post` | The authentication strategy used, optional. If not set, no authentication will be used during the access token request. |
|
||||||
| [`client_secret`](#authentication-strategies-auth0-client_secret){: #authentication-strategies-auth0-client_secret } | `(any, any -> any) \| module \| String.t` | | The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir site fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_site) end ``` |
|
| [`client_secret`](#authentication-strategies-auth0-client_secret){: #authentication-strategies-auth0-client_secret } | `(any, any -> any) \| module \| String.t` | | The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`private_key`](#authentication-strategies-auth0-private_key){: #authentication-strategies-auth0-private_key } | `(any, any -> any) \| module \| String.t` | | The private key to use if `:auth_method` is `:private_key_jwt` Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. |
|
| [`private_key`](#authentication-strategies-auth0-private_key){: #authentication-strategies-auth0-private_key } | `(any, any -> any) \| module \| String.t` | | The private key to use if `:auth_method` is `:private_key_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`authorization_params`](#authentication-strategies-auth0-authorization_params){: #authentication-strategies-auth0-authorization_params } | `Keyword.t` | `[]` | Any additional parameters to encode in the request phase. eg: `authorization_params scope: "openid profile email"` |
|
| [`authorization_params`](#authentication-strategies-auth0-authorization_params){: #authentication-strategies-auth0-authorization_params } | `keyword` | `[]` | Any additional parameters to encode in the request phase. eg: `authorization_params scope: "openid profile email"` |
|
||||||
| [`registration_enabled?`](#authentication-strategies-auth0-registration_enabled?){: #authentication-strategies-auth0-registration_enabled? } | `boolean` | `true` | Is registration enabled for this provider? If this option is enabled, then new users will be able to register for your site when authenticating and not already present. If not, then only existing users will be able to authenticate. |
|
| [`registration_enabled?`](#authentication-strategies-auth0-registration_enabled?){: #authentication-strategies-auth0-registration_enabled? } | `boolean` | `true` | If enabled, new users will be able to register for your site when authenticating and not already present. If not, only existing users will be able to authenticate. |
|
||||||
| [`register_action_name`](#authentication-strategies-auth0-register_action_name){: #authentication-strategies-auth0-register_action_name } | `atom` | | The name of the action to use to register a user. Only needed if `registration_enabled?` is `true`. Because we we don't know the response format of the server, you must implement your own registration action of the same name. See the "Registration and Sign-in" section of the module documentation for more information. The default is computed from the strategy name eg: `register_with_#{name}`. |
|
| [`register_action_name`](#authentication-strategies-auth0-register_action_name){: #authentication-strategies-auth0-register_action_name } | `atom` | | The name of the action to use to register a user, if `registration_enabled?` is `true`. Defaults to `register_with_<name>` See the "Registration and Sign-in" section of the strategy docs for more. |
|
||||||
| [`sign_in_action_name`](#authentication-strategies-auth0-sign_in_action_name){: #authentication-strategies-auth0-sign_in_action_name } | `atom` | | The name of the action to use to sign in an existing user. Only needed if `registration_enabled?` is `false`. Because we don't know the response format of the server, you must implement your own sign-in action of the same name. See the "Registration and Sign-in" section of the module documentation for more information. The default is computed from the strategy name, eg: `sign_in_with_#{name}`. |
|
| [`sign_in_action_name`](#authentication-strategies-auth0-sign_in_action_name){: #authentication-strategies-auth0-sign_in_action_name } | `atom` | | The name of the action to use to sign in an existing user, if `sign_in_enabled?` is `true`. Defaults to `sign_in_with_<strategy>`, which is generated for you by default. See the "Registration and Sign-in" section of the strategy docs for more information. |
|
||||||
| [`identity_resource`](#authentication-strategies-auth0-identity_resource){: #authentication-strategies-auth0-identity_resource } | `module \| false` | `false` | The resource used to store user identities. Given that a user can be signed into multiple different authentication providers at once we use the `AshAuthentication.UserIdentity` resource to build a mapping between users, providers and that provider's uid. See the Identities section of the module documentation for more information. Set to `false` to disable. |
|
| [`identity_resource`](#authentication-strategies-auth0-identity_resource){: #authentication-strategies-auth0-identity_resource } | `module \| false` | `false` | The resource used to store user identities, or `false` to disable. See the User Identities section of the strategy docs for more. |
|
||||||
| [`identity_relationship_name`](#authentication-strategies-auth0-identity_relationship_name){: #authentication-strategies-auth0-identity_relationship_name } | `atom` | `:identities` | Name of the relationship to the provider identities resource |
|
| [`identity_relationship_name`](#authentication-strategies-auth0-identity_relationship_name){: #authentication-strategies-auth0-identity_relationship_name } | `atom` | `:identities` | Name of the relationship to the provider identities resource |
|
||||||
| [`identity_relationship_user_id_attribute`](#authentication-strategies-auth0-identity_relationship_user_id_attribute){: #authentication-strategies-auth0-identity_relationship_user_id_attribute } | `atom` | `:user_id` | The name of the destination (user_id) attribute on your provider identity resource. The only reason to change this would be if you changed the `user_id_attribute_name` option of the provider identity. |
|
| [`identity_relationship_user_id_attribute`](#authentication-strategies-auth0-identity_relationship_user_id_attribute){: #authentication-strategies-auth0-identity_relationship_user_id_attribute } | `atom` | `:user_id` | The name of the destination (user_id) attribute on your provider identity resource. Only necessary if you've changed the `user_id_attribute_name` option of the provider identity. |
|
||||||
| [`icon`](#authentication-strategies-auth0-icon){: #authentication-strategies-auth0-icon } | `atom` | `:oauth2` | The name of an icon to use in any potential UI. This is a *hint* for UI generators to use, and not in any way canonical. |
|
| [`icon`](#authentication-strategies-auth0-icon){: #authentication-strategies-auth0-icon } | `atom` | `:oauth2` | The name of an icon to use in any potential UI. This is a *hint* for UI generators to use, and not in any way canonical. |
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -17,200 +17,6 @@ In order to use GitHub you need to provide the following minimum configuration:
|
||||||
See the [GitHub quickstart guide](/documentation/tutorials/github-quickstart.html)
|
See the [GitHub quickstart guide](/documentation/tutorials/github-quickstart.html)
|
||||||
for more information.
|
for more information.
|
||||||
|
|
||||||
## DSL Documentation
|
|
||||||
|
|
||||||
Provides a pre-configured authentication strategy for [GitHub](https://github.com/).
|
|
||||||
|
|
||||||
This strategy is built using the `:oauth2` strategy, and thus provides all the same
|
|
||||||
configuration options should you need them.
|
|
||||||
|
|
||||||
For more information see the [Github Quick Start Guide](/documentation/tutorials/github-quickstart.md)
|
|
||||||
in our documentation.
|
|
||||||
|
|
||||||
#### Strategy defaults:
|
|
||||||
|
|
||||||
The following defaults are applied:
|
|
||||||
|
|
||||||
* `:base_url` is set to `"https://api.github.com"`.
|
|
||||||
* `:authorize_url` is set to `"https://github.com/login/oauth/authorize"`.
|
|
||||||
* `:token_url` is set to `"https://github.com/login/oauth/access_token"`.
|
|
||||||
* `:user_url` is set to `"/user"`.
|
|
||||||
* `:user_emails_url` is set to `"/user/emails"`.
|
|
||||||
* `:authorization_params` is set to `[scope: "read:user,user:email"]`.
|
|
||||||
* `:auth_method` is set to `:client_secret_post`.
|
|
||||||
|
|
||||||
|
|
||||||
#### Schema:
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
* `:name` (`t:atom/0`) - Required. Uniquely identifies the strategy.
|
|
||||||
|
|
||||||
* `:client_id` - Required. The OAuth2 client ID.
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
```elixir
|
|
||||||
client_id fn _, resource ->
|
|
||||||
:my_app
|
|
||||||
|> Application.get_env(resource, [])
|
|
||||||
|> Keyword.fetch(:oauth_client_id)
|
|
||||||
end
|
|
||||||
```
|
|
||||||
|
|
||||||
* `:base_url` - The base URL of the OAuth2 server - including the leading protocol
|
|
||||||
(ie `https://`).
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
```elixir
|
|
||||||
base_url fn _, resource ->
|
|
||||||
:my_app
|
|
||||||
|> Application.get_env(resource, [])
|
|
||||||
|> Keyword.fetch(:oauth_site)
|
|
||||||
end
|
|
||||||
```
|
|
||||||
|
|
||||||
* `:site` - Deprecated: Use `base_url` instead.
|
|
||||||
|
|
||||||
* `:auth_method` - The authentication strategy used, optional. If not set, no
|
|
||||||
authentication will be used during the access token request. The
|
|
||||||
value may be one of the following:
|
|
||||||
* `:client_secret_basic`
|
|
||||||
* `:client_secret_post`
|
|
||||||
* `:client_secret_jwt`
|
|
||||||
* `:private_key_jwt`
|
|
||||||
Valid values are nil, :client_secret_basic, :client_secret_post, :client_secret_jwt, :private_key_jwt The default value is `:client_secret_post`.
|
|
||||||
|
|
||||||
* `:client_secret` - The OAuth2 client secret.
|
|
||||||
Required if :auth_method is `:client_secret_basic`,
|
|
||||||
`:client_secret_post` or `:client_secret_jwt`.
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
```elixir
|
|
||||||
site fn _, resource ->
|
|
||||||
:my_app
|
|
||||||
|> Application.get_env(resource, [])
|
|
||||||
|> Keyword.fetch(:oauth_site)
|
|
||||||
end
|
|
||||||
```
|
|
||||||
|
|
||||||
* `:authorize_url` - Required. The API url to the OAuth2 authorize endpoint.
|
|
||||||
Relative to the value of `site`.
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
```elixir
|
|
||||||
authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end
|
|
||||||
```
|
|
||||||
|
|
||||||
* `:token_url` - Required. The API url to access the token endpoint.
|
|
||||||
Relative to the value of `site`.
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
```elixir
|
|
||||||
token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end
|
|
||||||
```
|
|
||||||
|
|
||||||
* `:user_url` - Required. The API url to access the user endpoint.
|
|
||||||
Relative to the value of `site`.
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
```elixir
|
|
||||||
user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end
|
|
||||||
```
|
|
||||||
|
|
||||||
* `:private_key` - The private key to use if `:auth_method` is `:private_key_jwt`
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
* `:redirect_uri` - Required. The callback URI base.
|
|
||||||
Not the whole URI back to the callback endpoint, but the URI to your
|
|
||||||
`AuthPlug`. We can generate the rest.
|
|
||||||
Whilst not particularly secret, it seemed prudent to allow this to be
|
|
||||||
configured dynamically so that you can use different URIs for
|
|
||||||
different environments.
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
* `:authorization_params` (`t:keyword/0`) - Any additional parameters to encode in the request phase.
|
|
||||||
eg: `authorization_params scope: "openid profile email"` The default value is `[]`.
|
|
||||||
|
|
||||||
* `:registration_enabled?` (`t:boolean/0`) - Is registration enabled for this provider?
|
|
||||||
If this option is enabled, then new users will be able to register for
|
|
||||||
your site when authenticating and not already present.
|
|
||||||
If not, then only existing users will be able to authenticate. The default value is `true`.
|
|
||||||
|
|
||||||
* `:register_action_name` (`t:atom/0`) - The name of the action to use to register a user.
|
|
||||||
Only needed if `registration_enabled?` is `true`.
|
|
||||||
Because we we don't know the response format of the server, you must
|
|
||||||
implement your own registration action of the same name.
|
|
||||||
See the "Registration and Sign-in" section of the module
|
|
||||||
documentation for more information.
|
|
||||||
The default is computed from the strategy name eg:
|
|
||||||
`register_with_#{name}`.
|
|
||||||
|
|
||||||
* `:sign_in_action_name` (`t:atom/0`) - The name of the action to use to sign in an existing user.
|
|
||||||
Only needed if `registration_enabled?` is `false`.
|
|
||||||
Because we don't know the response format of the server, you must
|
|
||||||
implement your own sign-in action of the same name.
|
|
||||||
See the "Registration and Sign-in" section of the module
|
|
||||||
documentation for more information.
|
|
||||||
The default is computed from the strategy name, eg:
|
|
||||||
`sign_in_with_#{name}`.
|
|
||||||
|
|
||||||
* `:identity_resource` - The resource used to store user identities.
|
|
||||||
Given that a user can be signed into multiple different
|
|
||||||
authentication providers at once we use the
|
|
||||||
`AshAuthentication.UserIdentity` resource to build a mapping
|
|
||||||
between users, providers and that provider's uid.
|
|
||||||
See the Identities section of the module documentation for more
|
|
||||||
information.
|
|
||||||
Set to `false` to disable. The default value is `false`.
|
|
||||||
|
|
||||||
* `:identity_relationship_name` (`t:atom/0`) - Name of the relationship to the provider identities resource The default value is `:identities`.
|
|
||||||
|
|
||||||
* `:identity_relationship_user_id_attribute` (`t:atom/0`) - The name of the destination (user_id) attribute on your provider
|
|
||||||
identity resource.
|
|
||||||
The only reason to change this would be if you changed the
|
|
||||||
`user_id_attribute_name` option of the provider identity. The default value is `:user_id`.
|
|
||||||
|
|
||||||
* `:icon` (`t:atom/0`) - The name of an icon to use in any potential UI.
|
|
||||||
This is a *hint* for UI generators to use, and not in any way canonical. The default value is `:oauth2`.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## authentication.strategies.github
|
## authentication.strategies.github
|
||||||
|
@ -240,8 +46,6 @@ The following defaults are applied:
|
||||||
* `:auth_method` is set to `:client_secret_post`.
|
* `:auth_method` is set to `:client_secret_post`.
|
||||||
|
|
||||||
|
|
||||||
###### Schema:
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -256,23 +60,23 @@ The following defaults are applied:
|
||||||
|
|
||||||
| Name | Type | Default | Docs |
|
| Name | Type | Default | Docs |
|
||||||
|------|------|---------|------|
|
|------|------|---------|------|
|
||||||
| [`client_id`](#authentication-strategies-github-client_id){: #authentication-strategies-github-client_id .spark-required} | `(any, any -> any) \| module \| String.t` | | The OAuth2 client ID. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir client_id fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_client_id) end ``` |
|
| [`client_id`](#authentication-strategies-github-client_id){: #authentication-strategies-github-client_id .spark-required} | `(any, any -> any) \| module \| String.t` | | The OAuth2 client ID. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`authorize_url`](#authentication-strategies-github-authorize_url){: #authentication-strategies-github-authorize_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to the OAuth2 authorize endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end ``` |
|
| [`authorize_url`](#authentication-strategies-github-authorize_url){: #authentication-strategies-github-authorize_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to the OAuth2 authorize endpoint, relative to `site`, e.g `authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`token_url`](#authentication-strategies-github-token_url){: #authentication-strategies-github-token_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the token endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end ``` |
|
| [`token_url`](#authentication-strategies-github-token_url){: #authentication-strategies-github-token_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the token endpoint, relative to `site`, e.g `token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`user_url`](#authentication-strategies-github-user_url){: #authentication-strategies-github-user_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the user endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end ``` |
|
| [`user_url`](#authentication-strategies-github-user_url){: #authentication-strategies-github-user_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the user endpoint, relative to `site`, e.g `user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`redirect_uri`](#authentication-strategies-github-redirect_uri){: #authentication-strategies-github-redirect_uri .spark-required} | `(any, any -> any) \| module \| String.t` | | The callback URI base. Not the whole URI back to the callback endpoint, but the URI to your `AuthPlug`. We can generate the rest. Whilst not particularly secret, it seemed prudent to allow this to be configured dynamically so that you can use different URIs for different environments. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. |
|
| [`redirect_uri`](#authentication-strategies-github-redirect_uri){: #authentication-strategies-github-redirect_uri .spark-required} | `(any, any -> any) \| module \| String.t` | | The callback URI *base*. Not the whole URI back to the callback endpoint, but the URI to your `AuthPlug`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`base_url`](#authentication-strategies-github-base_url){: #authentication-strategies-github-base_url } | `(any, any -> any) \| module \| String.t` | | The base URL of the OAuth2 server - including the leading protocol (ie `https://`). Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir base_url fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_site) end ``` |
|
| [`base_url`](#authentication-strategies-github-base_url){: #authentication-strategies-github-base_url } | `(any, any -> any) \| module \| String.t` | | The base URL of the OAuth2 server - including the leading protocol (ie `https://`). Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`site`](#authentication-strategies-github-site){: #authentication-strategies-github-site } | `(any, any -> any) \| module \| String.t` | | Deprecated: Use `base_url` instead. |
|
| [`site`](#authentication-strategies-github-site){: #authentication-strategies-github-site } | `(any, any -> any) \| module \| String.t` | | Deprecated: Use `base_url` instead. |
|
||||||
| [`auth_method`](#authentication-strategies-github-auth_method){: #authentication-strategies-github-auth_method } | `nil \| :client_secret_basic \| :client_secret_post \| :client_secret_jwt \| :private_key_jwt` | `:client_secret_post` | The authentication strategy used, optional. If not set, no authentication will be used during the access token request. The value may be one of the following: * `:client_secret_basic` * `:client_secret_post` * `:client_secret_jwt` * `:private_key_jwt` |
|
| [`auth_method`](#authentication-strategies-github-auth_method){: #authentication-strategies-github-auth_method } | `nil \| :client_secret_basic \| :client_secret_post \| :client_secret_jwt \| :private_key_jwt` | `:client_secret_post` | The authentication strategy used, optional. If not set, no authentication will be used during the access token request. |
|
||||||
| [`client_secret`](#authentication-strategies-github-client_secret){: #authentication-strategies-github-client_secret } | `(any, any -> any) \| module \| String.t` | | The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir site fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_site) end ``` |
|
| [`client_secret`](#authentication-strategies-github-client_secret){: #authentication-strategies-github-client_secret } | `(any, any -> any) \| module \| String.t` | | The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`private_key`](#authentication-strategies-github-private_key){: #authentication-strategies-github-private_key } | `(any, any -> any) \| module \| String.t` | | The private key to use if `:auth_method` is `:private_key_jwt` Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. |
|
| [`private_key`](#authentication-strategies-github-private_key){: #authentication-strategies-github-private_key } | `(any, any -> any) \| module \| String.t` | | The private key to use if `:auth_method` is `:private_key_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`authorization_params`](#authentication-strategies-github-authorization_params){: #authentication-strategies-github-authorization_params } | `Keyword.t` | `[]` | Any additional parameters to encode in the request phase. eg: `authorization_params scope: "openid profile email"` |
|
| [`authorization_params`](#authentication-strategies-github-authorization_params){: #authentication-strategies-github-authorization_params } | `keyword` | `[]` | Any additional parameters to encode in the request phase. eg: `authorization_params scope: "openid profile email"` |
|
||||||
| [`registration_enabled?`](#authentication-strategies-github-registration_enabled?){: #authentication-strategies-github-registration_enabled? } | `boolean` | `true` | Is registration enabled for this provider? If this option is enabled, then new users will be able to register for your site when authenticating and not already present. If not, then only existing users will be able to authenticate. |
|
| [`registration_enabled?`](#authentication-strategies-github-registration_enabled?){: #authentication-strategies-github-registration_enabled? } | `boolean` | `true` | If enabled, new users will be able to register for your site when authenticating and not already present. If not, only existing users will be able to authenticate. |
|
||||||
| [`register_action_name`](#authentication-strategies-github-register_action_name){: #authentication-strategies-github-register_action_name } | `atom` | | The name of the action to use to register a user. Only needed if `registration_enabled?` is `true`. Because we we don't know the response format of the server, you must implement your own registration action of the same name. See the "Registration and Sign-in" section of the module documentation for more information. The default is computed from the strategy name eg: `register_with_#{name}`. |
|
| [`register_action_name`](#authentication-strategies-github-register_action_name){: #authentication-strategies-github-register_action_name } | `atom` | | The name of the action to use to register a user, if `registration_enabled?` is `true`. Defaults to `register_with_<name>` See the "Registration and Sign-in" section of the strategy docs for more. |
|
||||||
| [`sign_in_action_name`](#authentication-strategies-github-sign_in_action_name){: #authentication-strategies-github-sign_in_action_name } | `atom` | | The name of the action to use to sign in an existing user. Only needed if `registration_enabled?` is `false`. Because we don't know the response format of the server, you must implement your own sign-in action of the same name. See the "Registration and Sign-in" section of the module documentation for more information. The default is computed from the strategy name, eg: `sign_in_with_#{name}`. |
|
| [`sign_in_action_name`](#authentication-strategies-github-sign_in_action_name){: #authentication-strategies-github-sign_in_action_name } | `atom` | | The name of the action to use to sign in an existing user, if `sign_in_enabled?` is `true`. Defaults to `sign_in_with_<strategy>`, which is generated for you by default. See the "Registration and Sign-in" section of the strategy docs for more information. |
|
||||||
| [`identity_resource`](#authentication-strategies-github-identity_resource){: #authentication-strategies-github-identity_resource } | `module \| false` | `false` | The resource used to store user identities. Given that a user can be signed into multiple different authentication providers at once we use the `AshAuthentication.UserIdentity` resource to build a mapping between users, providers and that provider's uid. See the Identities section of the module documentation for more information. Set to `false` to disable. |
|
| [`identity_resource`](#authentication-strategies-github-identity_resource){: #authentication-strategies-github-identity_resource } | `module \| false` | `false` | The resource used to store user identities, or `false` to disable. See the User Identities section of the strategy docs for more. |
|
||||||
| [`identity_relationship_name`](#authentication-strategies-github-identity_relationship_name){: #authentication-strategies-github-identity_relationship_name } | `atom` | `:identities` | Name of the relationship to the provider identities resource |
|
| [`identity_relationship_name`](#authentication-strategies-github-identity_relationship_name){: #authentication-strategies-github-identity_relationship_name } | `atom` | `:identities` | Name of the relationship to the provider identities resource |
|
||||||
| [`identity_relationship_user_id_attribute`](#authentication-strategies-github-identity_relationship_user_id_attribute){: #authentication-strategies-github-identity_relationship_user_id_attribute } | `atom` | `:user_id` | The name of the destination (user_id) attribute on your provider identity resource. The only reason to change this would be if you changed the `user_id_attribute_name` option of the provider identity. |
|
| [`identity_relationship_user_id_attribute`](#authentication-strategies-github-identity_relationship_user_id_attribute){: #authentication-strategies-github-identity_relationship_user_id_attribute } | `atom` | `:user_id` | The name of the destination (user_id) attribute on your provider identity resource. Only necessary if you've changed the `user_id_attribute_name` option of the provider identity. |
|
||||||
| [`icon`](#authentication-strategies-github-icon){: #authentication-strategies-github-icon } | `atom` | `:oauth2` | The name of an icon to use in any potential UI. This is a *hint* for UI generators to use, and not in any way canonical. |
|
| [`icon`](#authentication-strategies-github-icon){: #authentication-strategies-github-icon } | `atom` | `:oauth2` | The name of an icon to use in any potential UI. This is a *hint* for UI generators to use, and not in any way canonical. |
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -18,199 +18,6 @@ In order to use Google you need to provide the following minimum configuration:
|
||||||
See the [Google OAuth 2.0 Overview](https://developers.google.com/identity/protocols/oauth2)
|
See the [Google OAuth 2.0 Overview](https://developers.google.com/identity/protocols/oauth2)
|
||||||
for Google setup details.
|
for Google setup details.
|
||||||
|
|
||||||
## DSL Documentation
|
|
||||||
|
|
||||||
Provides a pre-configured authentication strategy for [Google](https://google.com/).
|
|
||||||
|
|
||||||
This strategy is built using the `:oauth2` strategy, and thus provides all the same
|
|
||||||
configuration options should you need them.
|
|
||||||
|
|
||||||
See the [Google OAuth 2.0 Overview](https://developers.google.com/identity/protocols/oauth2)
|
|
||||||
for Google setup details.
|
|
||||||
|
|
||||||
#### Strategy defaults:
|
|
||||||
|
|
||||||
The following defaults are applied:
|
|
||||||
|
|
||||||
* `:base_url` is set to `"https://www.googleapis.com"`.
|
|
||||||
* `:authorize_url` is set to `"https://accounts.google.com/o/oauth2/v2/auth"`.
|
|
||||||
* `:token_url` is set to `"/oauth2/v4/token"`.
|
|
||||||
* `:user_url` is set to `"/oauth2/v3/userinfo"`.
|
|
||||||
* `:authorization_params` is set to `[scope: "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"]`.
|
|
||||||
* `:auth_method` is set to `:client_secret_post`.
|
|
||||||
|
|
||||||
|
|
||||||
#### Schema:
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
* `:name` (`t:atom/0`) - Required. Uniquely identifies the strategy.
|
|
||||||
|
|
||||||
* `:client_id` - Required. The OAuth2 client ID.
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
```elixir
|
|
||||||
client_id fn _, resource ->
|
|
||||||
:my_app
|
|
||||||
|> Application.get_env(resource, [])
|
|
||||||
|> Keyword.fetch(:oauth_client_id)
|
|
||||||
end
|
|
||||||
```
|
|
||||||
|
|
||||||
* `:base_url` - The base URL of the OAuth2 server - including the leading protocol
|
|
||||||
(ie `https://`).
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
```elixir
|
|
||||||
base_url fn _, resource ->
|
|
||||||
:my_app
|
|
||||||
|> Application.get_env(resource, [])
|
|
||||||
|> Keyword.fetch(:oauth_site)
|
|
||||||
end
|
|
||||||
```
|
|
||||||
|
|
||||||
* `:site` - Deprecated: Use `base_url` instead.
|
|
||||||
|
|
||||||
* `:auth_method` - The authentication strategy used, optional. If not set, no
|
|
||||||
authentication will be used during the access token request. The
|
|
||||||
value may be one of the following:
|
|
||||||
* `:client_secret_basic`
|
|
||||||
* `:client_secret_post`
|
|
||||||
* `:client_secret_jwt`
|
|
||||||
* `:private_key_jwt`
|
|
||||||
Valid values are nil, :client_secret_basic, :client_secret_post, :client_secret_jwt, :private_key_jwt The default value is `:client_secret_post`.
|
|
||||||
|
|
||||||
* `:client_secret` - The OAuth2 client secret.
|
|
||||||
Required if :auth_method is `:client_secret_basic`,
|
|
||||||
`:client_secret_post` or `:client_secret_jwt`.
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
```elixir
|
|
||||||
site fn _, resource ->
|
|
||||||
:my_app
|
|
||||||
|> Application.get_env(resource, [])
|
|
||||||
|> Keyword.fetch(:oauth_site)
|
|
||||||
end
|
|
||||||
```
|
|
||||||
|
|
||||||
* `:authorize_url` - Required. The API url to the OAuth2 authorize endpoint.
|
|
||||||
Relative to the value of `site`.
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
```elixir
|
|
||||||
authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end
|
|
||||||
```
|
|
||||||
|
|
||||||
* `:token_url` - Required. The API url to access the token endpoint.
|
|
||||||
Relative to the value of `site`.
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
```elixir
|
|
||||||
token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end
|
|
||||||
```
|
|
||||||
|
|
||||||
* `:user_url` - Required. The API url to access the user endpoint.
|
|
||||||
Relative to the value of `site`.
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
```elixir
|
|
||||||
user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end
|
|
||||||
```
|
|
||||||
|
|
||||||
* `:private_key` - The private key to use if `:auth_method` is `:private_key_jwt`
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
* `:redirect_uri` - Required. The callback URI base.
|
|
||||||
Not the whole URI back to the callback endpoint, but the URI to your
|
|
||||||
`AuthPlug`. We can generate the rest.
|
|
||||||
Whilst not particularly secret, it seemed prudent to allow this to be
|
|
||||||
configured dynamically so that you can use different URIs for
|
|
||||||
different environments.
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
* `:authorization_params` (`t:keyword/0`) - Any additional parameters to encode in the request phase.
|
|
||||||
eg: `authorization_params scope: "openid profile email"` The default value is `[]`.
|
|
||||||
|
|
||||||
* `:registration_enabled?` (`t:boolean/0`) - Is registration enabled for this provider?
|
|
||||||
If this option is enabled, then new users will be able to register for
|
|
||||||
your site when authenticating and not already present.
|
|
||||||
If not, then only existing users will be able to authenticate. The default value is `true`.
|
|
||||||
|
|
||||||
* `:register_action_name` (`t:atom/0`) - The name of the action to use to register a user.
|
|
||||||
Only needed if `registration_enabled?` is `true`.
|
|
||||||
Because we we don't know the response format of the server, you must
|
|
||||||
implement your own registration action of the same name.
|
|
||||||
See the "Registration and Sign-in" section of the module
|
|
||||||
documentation for more information.
|
|
||||||
The default is computed from the strategy name eg:
|
|
||||||
`register_with_#{name}`.
|
|
||||||
|
|
||||||
* `:sign_in_action_name` (`t:atom/0`) - The name of the action to use to sign in an existing user.
|
|
||||||
Only needed if `registration_enabled?` is `false`.
|
|
||||||
Because we don't know the response format of the server, you must
|
|
||||||
implement your own sign-in action of the same name.
|
|
||||||
See the "Registration and Sign-in" section of the module
|
|
||||||
documentation for more information.
|
|
||||||
The default is computed from the strategy name, eg:
|
|
||||||
`sign_in_with_#{name}`.
|
|
||||||
|
|
||||||
* `:identity_resource` - The resource used to store user identities.
|
|
||||||
Given that a user can be signed into multiple different
|
|
||||||
authentication providers at once we use the
|
|
||||||
`AshAuthentication.UserIdentity` resource to build a mapping
|
|
||||||
between users, providers and that provider's uid.
|
|
||||||
See the Identities section of the module documentation for more
|
|
||||||
information.
|
|
||||||
Set to `false` to disable. The default value is `false`.
|
|
||||||
|
|
||||||
* `:identity_relationship_name` (`t:atom/0`) - Name of the relationship to the provider identities resource The default value is `:identities`.
|
|
||||||
|
|
||||||
* `:identity_relationship_user_id_attribute` (`t:atom/0`) - The name of the destination (user_id) attribute on your provider
|
|
||||||
identity resource.
|
|
||||||
The only reason to change this would be if you changed the
|
|
||||||
`user_id_attribute_name` option of the provider identity. The default value is `:user_id`.
|
|
||||||
|
|
||||||
* `:icon` (`t:atom/0`) - The name of an icon to use in any potential UI.
|
|
||||||
This is a *hint* for UI generators to use, and not in any way canonical. The default value is `:oauth2`.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## authentication.strategies.google
|
## authentication.strategies.google
|
||||||
|
@ -239,8 +46,6 @@ The following defaults are applied:
|
||||||
* `:auth_method` is set to `:client_secret_post`.
|
* `:auth_method` is set to `:client_secret_post`.
|
||||||
|
|
||||||
|
|
||||||
###### Schema:
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -255,23 +60,23 @@ The following defaults are applied:
|
||||||
|
|
||||||
| Name | Type | Default | Docs |
|
| Name | Type | Default | Docs |
|
||||||
|------|------|---------|------|
|
|------|------|---------|------|
|
||||||
| [`client_id`](#authentication-strategies-google-client_id){: #authentication-strategies-google-client_id .spark-required} | `(any, any -> any) \| module \| String.t` | | The OAuth2 client ID. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir client_id fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_client_id) end ``` |
|
| [`client_id`](#authentication-strategies-google-client_id){: #authentication-strategies-google-client_id .spark-required} | `(any, any -> any) \| module \| String.t` | | The OAuth2 client ID. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`authorize_url`](#authentication-strategies-google-authorize_url){: #authentication-strategies-google-authorize_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to the OAuth2 authorize endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end ``` |
|
| [`authorize_url`](#authentication-strategies-google-authorize_url){: #authentication-strategies-google-authorize_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to the OAuth2 authorize endpoint, relative to `site`, e.g `authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`token_url`](#authentication-strategies-google-token_url){: #authentication-strategies-google-token_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the token endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end ``` |
|
| [`token_url`](#authentication-strategies-google-token_url){: #authentication-strategies-google-token_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the token endpoint, relative to `site`, e.g `token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`user_url`](#authentication-strategies-google-user_url){: #authentication-strategies-google-user_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the user endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end ``` |
|
| [`user_url`](#authentication-strategies-google-user_url){: #authentication-strategies-google-user_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the user endpoint, relative to `site`, e.g `user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`redirect_uri`](#authentication-strategies-google-redirect_uri){: #authentication-strategies-google-redirect_uri .spark-required} | `(any, any -> any) \| module \| String.t` | | The callback URI base. Not the whole URI back to the callback endpoint, but the URI to your `AuthPlug`. We can generate the rest. Whilst not particularly secret, it seemed prudent to allow this to be configured dynamically so that you can use different URIs for different environments. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. |
|
| [`redirect_uri`](#authentication-strategies-google-redirect_uri){: #authentication-strategies-google-redirect_uri .spark-required} | `(any, any -> any) \| module \| String.t` | | The callback URI *base*. Not the whole URI back to the callback endpoint, but the URI to your `AuthPlug`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`base_url`](#authentication-strategies-google-base_url){: #authentication-strategies-google-base_url } | `(any, any -> any) \| module \| String.t` | | The base URL of the OAuth2 server - including the leading protocol (ie `https://`). Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir base_url fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_site) end ``` |
|
| [`base_url`](#authentication-strategies-google-base_url){: #authentication-strategies-google-base_url } | `(any, any -> any) \| module \| String.t` | | The base URL of the OAuth2 server - including the leading protocol (ie `https://`). Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`site`](#authentication-strategies-google-site){: #authentication-strategies-google-site } | `(any, any -> any) \| module \| String.t` | | Deprecated: Use `base_url` instead. |
|
| [`site`](#authentication-strategies-google-site){: #authentication-strategies-google-site } | `(any, any -> any) \| module \| String.t` | | Deprecated: Use `base_url` instead. |
|
||||||
| [`auth_method`](#authentication-strategies-google-auth_method){: #authentication-strategies-google-auth_method } | `nil \| :client_secret_basic \| :client_secret_post \| :client_secret_jwt \| :private_key_jwt` | `:client_secret_post` | The authentication strategy used, optional. If not set, no authentication will be used during the access token request. The value may be one of the following: * `:client_secret_basic` * `:client_secret_post` * `:client_secret_jwt` * `:private_key_jwt` |
|
| [`auth_method`](#authentication-strategies-google-auth_method){: #authentication-strategies-google-auth_method } | `nil \| :client_secret_basic \| :client_secret_post \| :client_secret_jwt \| :private_key_jwt` | `:client_secret_post` | The authentication strategy used, optional. If not set, no authentication will be used during the access token request. |
|
||||||
| [`client_secret`](#authentication-strategies-google-client_secret){: #authentication-strategies-google-client_secret } | `(any, any -> any) \| module \| String.t` | | The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir site fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_site) end ``` |
|
| [`client_secret`](#authentication-strategies-google-client_secret){: #authentication-strategies-google-client_secret } | `(any, any -> any) \| module \| String.t` | | The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`private_key`](#authentication-strategies-google-private_key){: #authentication-strategies-google-private_key } | `(any, any -> any) \| module \| String.t` | | The private key to use if `:auth_method` is `:private_key_jwt` Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. |
|
| [`private_key`](#authentication-strategies-google-private_key){: #authentication-strategies-google-private_key } | `(any, any -> any) \| module \| String.t` | | The private key to use if `:auth_method` is `:private_key_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`authorization_params`](#authentication-strategies-google-authorization_params){: #authentication-strategies-google-authorization_params } | `Keyword.t` | `[]` | Any additional parameters to encode in the request phase. eg: `authorization_params scope: "openid profile email"` |
|
| [`authorization_params`](#authentication-strategies-google-authorization_params){: #authentication-strategies-google-authorization_params } | `keyword` | `[]` | Any additional parameters to encode in the request phase. eg: `authorization_params scope: "openid profile email"` |
|
||||||
| [`registration_enabled?`](#authentication-strategies-google-registration_enabled?){: #authentication-strategies-google-registration_enabled? } | `boolean` | `true` | Is registration enabled for this provider? If this option is enabled, then new users will be able to register for your site when authenticating and not already present. If not, then only existing users will be able to authenticate. |
|
| [`registration_enabled?`](#authentication-strategies-google-registration_enabled?){: #authentication-strategies-google-registration_enabled? } | `boolean` | `true` | If enabled, new users will be able to register for your site when authenticating and not already present. If not, only existing users will be able to authenticate. |
|
||||||
| [`register_action_name`](#authentication-strategies-google-register_action_name){: #authentication-strategies-google-register_action_name } | `atom` | | The name of the action to use to register a user. Only needed if `registration_enabled?` is `true`. Because we we don't know the response format of the server, you must implement your own registration action of the same name. See the "Registration and Sign-in" section of the module documentation for more information. The default is computed from the strategy name eg: `register_with_#{name}`. |
|
| [`register_action_name`](#authentication-strategies-google-register_action_name){: #authentication-strategies-google-register_action_name } | `atom` | | The name of the action to use to register a user, if `registration_enabled?` is `true`. Defaults to `register_with_<name>` See the "Registration and Sign-in" section of the strategy docs for more. |
|
||||||
| [`sign_in_action_name`](#authentication-strategies-google-sign_in_action_name){: #authentication-strategies-google-sign_in_action_name } | `atom` | | The name of the action to use to sign in an existing user. Only needed if `registration_enabled?` is `false`. Because we don't know the response format of the server, you must implement your own sign-in action of the same name. See the "Registration and Sign-in" section of the module documentation for more information. The default is computed from the strategy name, eg: `sign_in_with_#{name}`. |
|
| [`sign_in_action_name`](#authentication-strategies-google-sign_in_action_name){: #authentication-strategies-google-sign_in_action_name } | `atom` | | The name of the action to use to sign in an existing user, if `sign_in_enabled?` is `true`. Defaults to `sign_in_with_<strategy>`, which is generated for you by default. See the "Registration and Sign-in" section of the strategy docs for more information. |
|
||||||
| [`identity_resource`](#authentication-strategies-google-identity_resource){: #authentication-strategies-google-identity_resource } | `module \| false` | `false` | The resource used to store user identities. Given that a user can be signed into multiple different authentication providers at once we use the `AshAuthentication.UserIdentity` resource to build a mapping between users, providers and that provider's uid. See the Identities section of the module documentation for more information. Set to `false` to disable. |
|
| [`identity_resource`](#authentication-strategies-google-identity_resource){: #authentication-strategies-google-identity_resource } | `module \| false` | `false` | The resource used to store user identities, or `false` to disable. See the User Identities section of the strategy docs for more. |
|
||||||
| [`identity_relationship_name`](#authentication-strategies-google-identity_relationship_name){: #authentication-strategies-google-identity_relationship_name } | `atom` | `:identities` | Name of the relationship to the provider identities resource |
|
| [`identity_relationship_name`](#authentication-strategies-google-identity_relationship_name){: #authentication-strategies-google-identity_relationship_name } | `atom` | `:identities` | Name of the relationship to the provider identities resource |
|
||||||
| [`identity_relationship_user_id_attribute`](#authentication-strategies-google-identity_relationship_user_id_attribute){: #authentication-strategies-google-identity_relationship_user_id_attribute } | `atom` | `:user_id` | The name of the destination (user_id) attribute on your provider identity resource. The only reason to change this would be if you changed the `user_id_attribute_name` option of the provider identity. |
|
| [`identity_relationship_user_id_attribute`](#authentication-strategies-google-identity_relationship_user_id_attribute){: #authentication-strategies-google-identity_relationship_user_id_attribute } | `atom` | `:user_id` | The name of the destination (user_id) attribute on your provider identity resource. Only necessary if you've changed the `user_id_attribute_name` option of the provider identity. |
|
||||||
| [`icon`](#authentication-strategies-google-icon){: #authentication-strategies-google-icon } | `atom` | `:oauth2` | The name of an icon to use in any potential UI. This is a *hint* for UI generators to use, and not in any way canonical. |
|
| [`icon`](#authentication-strategies-google-icon){: #authentication-strategies-google-icon } | `atom` | `:oauth2` | The name of an icon to use in any potential UI. This is a *hint* for UI generators to use, and not in any way canonical. |
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -96,42 +96,6 @@ Dispatching to plugs directly:
|
||||||
...> signed_in_user.id == user.id
|
...> signed_in_user.id == user.id
|
||||||
true
|
true
|
||||||
|
|
||||||
## DSL Documentation
|
|
||||||
|
|
||||||
Strategy for authenticating using local users with a magic link
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
* `:identity_field` (`t:atom/0`) - The name of the attribute which uniquely identifies the user.
|
|
||||||
Usually something like `username` or `email_address`. The default value is `:username`.
|
|
||||||
|
|
||||||
* `:token_lifetime` - How long the sign in token is valid.
|
|
||||||
If no unit is provided, then `minutes` is assumed. The default value is `{10, :minutes}`.
|
|
||||||
|
|
||||||
* `:request_action_name` (`t:atom/0`) - The name to use for the request action.
|
|
||||||
If not present it will be generated by prepending the strategy name
|
|
||||||
with `request_`.
|
|
||||||
|
|
||||||
* `:single_use_token?` (`t:boolean/0`) - Automatically revoke the token once it's been used for sign in. The default value is `true`.
|
|
||||||
|
|
||||||
* `:sign_in_action_name` (`t:atom/0`) - The name to use for the sign in action.
|
|
||||||
If not present it will be generated by prepending the strategy name
|
|
||||||
with `sign_in_with_`.
|
|
||||||
|
|
||||||
* `:token_param_name` (`t:atom/0`) - The name of the token parameter in the incoming sign-in request. The default value is `:token`.
|
|
||||||
|
|
||||||
* `:sender` - Required. How to send the magic link to the user.
|
|
||||||
Allows you to glue sending of magic links to [swoosh](https://hex.pm/packages/swoosh), [ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification system is appropriate for your application.
|
|
||||||
Accepts a module, module and opts, or a function that takes a record, reset token and options.
|
|
||||||
See `AshAuthentication.Sender` for more information.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## authentication.strategies.magic_link
|
## authentication.strategies.magic_link
|
||||||
|
@ -151,12 +115,12 @@ Strategy for authenticating using local users with a magic link
|
||||||
|
|
||||||
| Name | Type | Default | Docs |
|
| Name | Type | Default | Docs |
|
||||||
|------|------|---------|------|
|
|------|------|---------|------|
|
||||||
| [`sender`](#authentication-strategies-magic_link-sender){: #authentication-strategies-magic_link-sender .spark-required} | `(any, any, any -> any) \| module` | | How to send the magic link to the user. Allows you to glue sending of magic links to [swoosh](https://hex.pm/packages/swoosh), [ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification system is appropriate for your application. Accepts a module, module and opts, or a function that takes a record, reset token and options. See `AshAuthentication.Sender` for more information. |
|
| [`sender`](#authentication-strategies-magic_link-sender){: #authentication-strategies-magic_link-sender .spark-required} | `(any, any, any -> any) \| module` | | How to send the magic link to the user. |
|
||||||
| [`identity_field`](#authentication-strategies-magic_link-identity_field){: #authentication-strategies-magic_link-identity_field } | `atom` | `:username` | The name of the attribute which uniquely identifies the user. Usually something like `username` or `email_address`. |
|
| [`identity_field`](#authentication-strategies-magic_link-identity_field){: #authentication-strategies-magic_link-identity_field } | `atom` | `:username` | The name of the attribute which uniquely identifies the user, usually something like `username` or `email_address`. |
|
||||||
| [`token_lifetime`](#authentication-strategies-magic_link-token_lifetime){: #authentication-strategies-magic_link-token_lifetime } | `pos_integer \| {pos_integer, :days \| :hours \| :minutes \| :seconds}` | `{10, :minutes}` | How long the sign in token is valid. If no unit is provided, then `minutes` is assumed. |
|
| [`token_lifetime`](#authentication-strategies-magic_link-token_lifetime){: #authentication-strategies-magic_link-token_lifetime } | `pos_integer \| {pos_integer, :days \| :hours \| :minutes \| :seconds}` | `{10, :minutes}` | How long the sign in token is valid. If no unit is provided, then `minutes` is assumed. |
|
||||||
| [`request_action_name`](#authentication-strategies-magic_link-request_action_name){: #authentication-strategies-magic_link-request_action_name } | `atom` | | The name to use for the request action. If not present it will be generated by prepending the strategy name with `request_`. |
|
| [`request_action_name`](#authentication-strategies-magic_link-request_action_name){: #authentication-strategies-magic_link-request_action_name } | `atom` | | The name to use for the request action. Defaults to `request_<strategy_name>` |
|
||||||
| [`single_use_token?`](#authentication-strategies-magic_link-single_use_token?){: #authentication-strategies-magic_link-single_use_token? } | `boolean` | `true` | Automatically revoke the token once it's been used for sign in. |
|
| [`single_use_token?`](#authentication-strategies-magic_link-single_use_token?){: #authentication-strategies-magic_link-single_use_token? } | `boolean` | `true` | Automatically revoke the token once it's been used for sign in. |
|
||||||
| [`sign_in_action_name`](#authentication-strategies-magic_link-sign_in_action_name){: #authentication-strategies-magic_link-sign_in_action_name } | `atom` | | The name to use for the sign in action. If not present it will be generated by prepending the strategy name with `sign_in_with_`. |
|
| [`sign_in_action_name`](#authentication-strategies-magic_link-sign_in_action_name){: #authentication-strategies-magic_link-sign_in_action_name } | `atom` | | The name to use for the sign in action. Defaults to `sign_in_with_<strategy_name>` |
|
||||||
| [`token_param_name`](#authentication-strategies-magic_link-token_param_name){: #authentication-strategies-magic_link-token_param_name } | `atom` | `:token` | The name of the token parameter in the incoming sign-in request. |
|
| [`token_param_name`](#authentication-strategies-magic_link-token_param_name){: #authentication-strategies-magic_link-token_param_name } | `atom` | `:token` | The name of the token parameter in the incoming sign-in request. |
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -218,179 +218,6 @@ authentication with OAuth 2.0:
|
||||||
to create a local database record, session, etc.
|
to create a local database record, session, etc.
|
||||||
|
|
||||||
|
|
||||||
## DSL Documentation
|
|
||||||
|
|
||||||
OAuth2 authentication
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
* `:name` (`t:atom/0`) - Required. Uniquely identifies the strategy.
|
|
||||||
|
|
||||||
* `:client_id` - Required. The OAuth2 client ID.
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
```elixir
|
|
||||||
client_id fn _, resource ->
|
|
||||||
:my_app
|
|
||||||
|> Application.get_env(resource, [])
|
|
||||||
|> Keyword.fetch(:oauth_client_id)
|
|
||||||
end
|
|
||||||
```
|
|
||||||
|
|
||||||
* `:base_url` - The base URL of the OAuth2 server - including the leading protocol
|
|
||||||
(ie `https://`).
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
```elixir
|
|
||||||
base_url fn _, resource ->
|
|
||||||
:my_app
|
|
||||||
|> Application.get_env(resource, [])
|
|
||||||
|> Keyword.fetch(:oauth_site)
|
|
||||||
end
|
|
||||||
```
|
|
||||||
|
|
||||||
* `:site` - Deprecated: Use `base_url` instead.
|
|
||||||
|
|
||||||
* `:auth_method` - The authentication strategy used, optional. If not set, no
|
|
||||||
authentication will be used during the access token request. The
|
|
||||||
value may be one of the following:
|
|
||||||
* `:client_secret_basic`
|
|
||||||
* `:client_secret_post`
|
|
||||||
* `:client_secret_jwt`
|
|
||||||
* `:private_key_jwt`
|
|
||||||
Valid values are nil, :client_secret_basic, :client_secret_post, :client_secret_jwt, :private_key_jwt The default value is `:client_secret_post`.
|
|
||||||
|
|
||||||
* `:client_secret` - The OAuth2 client secret.
|
|
||||||
Required if :auth_method is `:client_secret_basic`,
|
|
||||||
`:client_secret_post` or `:client_secret_jwt`.
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
```elixir
|
|
||||||
site fn _, resource ->
|
|
||||||
:my_app
|
|
||||||
|> Application.get_env(resource, [])
|
|
||||||
|> Keyword.fetch(:oauth_site)
|
|
||||||
end
|
|
||||||
```
|
|
||||||
|
|
||||||
* `:authorize_url` - Required. The API url to the OAuth2 authorize endpoint.
|
|
||||||
Relative to the value of `site`.
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
```elixir
|
|
||||||
authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end
|
|
||||||
```
|
|
||||||
|
|
||||||
* `:token_url` - Required. The API url to access the token endpoint.
|
|
||||||
Relative to the value of `site`.
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
```elixir
|
|
||||||
token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end
|
|
||||||
```
|
|
||||||
|
|
||||||
* `:user_url` - Required. The API url to access the user endpoint.
|
|
||||||
Relative to the value of `site`.
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
```elixir
|
|
||||||
user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end
|
|
||||||
```
|
|
||||||
|
|
||||||
* `:private_key` - The private key to use if `:auth_method` is `:private_key_jwt`
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
* `:redirect_uri` - Required. The callback URI base.
|
|
||||||
Not the whole URI back to the callback endpoint, but the URI to your
|
|
||||||
`AuthPlug`. We can generate the rest.
|
|
||||||
Whilst not particularly secret, it seemed prudent to allow this to be
|
|
||||||
configured dynamically so that you can use different URIs for
|
|
||||||
different environments.
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
* `:authorization_params` (`t:keyword/0`) - Any additional parameters to encode in the request phase.
|
|
||||||
eg: `authorization_params scope: "openid profile email"` The default value is `[]`.
|
|
||||||
|
|
||||||
* `:registration_enabled?` (`t:boolean/0`) - Is registration enabled for this provider?
|
|
||||||
If this option is enabled, then new users will be able to register for
|
|
||||||
your site when authenticating and not already present.
|
|
||||||
If not, then only existing users will be able to authenticate. The default value is `true`.
|
|
||||||
|
|
||||||
* `:register_action_name` (`t:atom/0`) - The name of the action to use to register a user.
|
|
||||||
Only needed if `registration_enabled?` is `true`.
|
|
||||||
Because we we don't know the response format of the server, you must
|
|
||||||
implement your own registration action of the same name.
|
|
||||||
See the "Registration and Sign-in" section of the module
|
|
||||||
documentation for more information.
|
|
||||||
The default is computed from the strategy name eg:
|
|
||||||
`register_with_#{name}`.
|
|
||||||
|
|
||||||
* `:sign_in_action_name` (`t:atom/0`) - The name of the action to use to sign in an existing user.
|
|
||||||
Only needed if `registration_enabled?` is `false`.
|
|
||||||
Because we don't know the response format of the server, you must
|
|
||||||
implement your own sign-in action of the same name.
|
|
||||||
See the "Registration and Sign-in" section of the module
|
|
||||||
documentation for more information.
|
|
||||||
The default is computed from the strategy name, eg:
|
|
||||||
`sign_in_with_#{name}`.
|
|
||||||
|
|
||||||
* `:identity_resource` - The resource used to store user identities.
|
|
||||||
Given that a user can be signed into multiple different
|
|
||||||
authentication providers at once we use the
|
|
||||||
`AshAuthentication.UserIdentity` resource to build a mapping
|
|
||||||
between users, providers and that provider's uid.
|
|
||||||
See the Identities section of the module documentation for more
|
|
||||||
information.
|
|
||||||
Set to `false` to disable. The default value is `false`.
|
|
||||||
|
|
||||||
* `:identity_relationship_name` (`t:atom/0`) - Name of the relationship to the provider identities resource The default value is `:identities`.
|
|
||||||
|
|
||||||
* `:identity_relationship_user_id_attribute` (`t:atom/0`) - The name of the destination (user_id) attribute on your provider
|
|
||||||
identity resource.
|
|
||||||
The only reason to change this would be if you changed the
|
|
||||||
`user_id_attribute_name` option of the provider identity. The default value is `:user_id`.
|
|
||||||
|
|
||||||
* `:icon` (`t:atom/0`) - The name of an icon to use in any potential UI.
|
|
||||||
This is a *hint* for UI generators to use, and not in any way canonical. The default value is `:oauth2`.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## authentication.strategies.oauth2
|
## authentication.strategies.oauth2
|
||||||
```elixir
|
```elixir
|
||||||
|
@ -413,23 +240,23 @@ OAuth2 authentication
|
||||||
|
|
||||||
| Name | Type | Default | Docs |
|
| Name | Type | Default | Docs |
|
||||||
|------|------|---------|------|
|
|------|------|---------|------|
|
||||||
| [`client_id`](#authentication-strategies-oauth2-client_id){: #authentication-strategies-oauth2-client_id .spark-required} | `(any, any -> any) \| module \| String.t` | | The OAuth2 client ID. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir client_id fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_client_id) end ``` |
|
| [`client_id`](#authentication-strategies-oauth2-client_id){: #authentication-strategies-oauth2-client_id .spark-required} | `(any, any -> any) \| module \| String.t` | | The OAuth2 client ID. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`authorize_url`](#authentication-strategies-oauth2-authorize_url){: #authentication-strategies-oauth2-authorize_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to the OAuth2 authorize endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end ``` |
|
| [`authorize_url`](#authentication-strategies-oauth2-authorize_url){: #authentication-strategies-oauth2-authorize_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to the OAuth2 authorize endpoint, relative to `site`, e.g `authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`token_url`](#authentication-strategies-oauth2-token_url){: #authentication-strategies-oauth2-token_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the token endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end ``` |
|
| [`token_url`](#authentication-strategies-oauth2-token_url){: #authentication-strategies-oauth2-token_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the token endpoint, relative to `site`, e.g `token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`user_url`](#authentication-strategies-oauth2-user_url){: #authentication-strategies-oauth2-user_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the user endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end ``` |
|
| [`user_url`](#authentication-strategies-oauth2-user_url){: #authentication-strategies-oauth2-user_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the user endpoint, relative to `site`, e.g `user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`redirect_uri`](#authentication-strategies-oauth2-redirect_uri){: #authentication-strategies-oauth2-redirect_uri .spark-required} | `(any, any -> any) \| module \| String.t` | | The callback URI base. Not the whole URI back to the callback endpoint, but the URI to your `AuthPlug`. We can generate the rest. Whilst not particularly secret, it seemed prudent to allow this to be configured dynamically so that you can use different URIs for different environments. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. |
|
| [`redirect_uri`](#authentication-strategies-oauth2-redirect_uri){: #authentication-strategies-oauth2-redirect_uri .spark-required} | `(any, any -> any) \| module \| String.t` | | The callback URI *base*. Not the whole URI back to the callback endpoint, but the URI to your `AuthPlug`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`base_url`](#authentication-strategies-oauth2-base_url){: #authentication-strategies-oauth2-base_url } | `(any, any -> any) \| module \| String.t` | | The base URL of the OAuth2 server - including the leading protocol (ie `https://`). Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir base_url fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_site) end ``` |
|
| [`base_url`](#authentication-strategies-oauth2-base_url){: #authentication-strategies-oauth2-base_url } | `(any, any -> any) \| module \| String.t` | | The base URL of the OAuth2 server - including the leading protocol (ie `https://`). Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`site`](#authentication-strategies-oauth2-site){: #authentication-strategies-oauth2-site } | `(any, any -> any) \| module \| String.t` | | Deprecated: Use `base_url` instead. |
|
| [`site`](#authentication-strategies-oauth2-site){: #authentication-strategies-oauth2-site } | `(any, any -> any) \| module \| String.t` | | Deprecated: Use `base_url` instead. |
|
||||||
| [`auth_method`](#authentication-strategies-oauth2-auth_method){: #authentication-strategies-oauth2-auth_method } | `nil \| :client_secret_basic \| :client_secret_post \| :client_secret_jwt \| :private_key_jwt` | `:client_secret_post` | The authentication strategy used, optional. If not set, no authentication will be used during the access token request. The value may be one of the following: * `:client_secret_basic` * `:client_secret_post` * `:client_secret_jwt` * `:private_key_jwt` |
|
| [`auth_method`](#authentication-strategies-oauth2-auth_method){: #authentication-strategies-oauth2-auth_method } | `nil \| :client_secret_basic \| :client_secret_post \| :client_secret_jwt \| :private_key_jwt` | `:client_secret_post` | The authentication strategy used, optional. If not set, no authentication will be used during the access token request. |
|
||||||
| [`client_secret`](#authentication-strategies-oauth2-client_secret){: #authentication-strategies-oauth2-client_secret } | `(any, any -> any) \| module \| String.t` | | The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir site fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_site) end ``` |
|
| [`client_secret`](#authentication-strategies-oauth2-client_secret){: #authentication-strategies-oauth2-client_secret } | `(any, any -> any) \| module \| String.t` | | The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`private_key`](#authentication-strategies-oauth2-private_key){: #authentication-strategies-oauth2-private_key } | `(any, any -> any) \| module \| String.t` | | The private key to use if `:auth_method` is `:private_key_jwt` Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. |
|
| [`private_key`](#authentication-strategies-oauth2-private_key){: #authentication-strategies-oauth2-private_key } | `(any, any -> any) \| module \| String.t` | | The private key to use if `:auth_method` is `:private_key_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`authorization_params`](#authentication-strategies-oauth2-authorization_params){: #authentication-strategies-oauth2-authorization_params } | `Keyword.t` | `[]` | Any additional parameters to encode in the request phase. eg: `authorization_params scope: "openid profile email"` |
|
| [`authorization_params`](#authentication-strategies-oauth2-authorization_params){: #authentication-strategies-oauth2-authorization_params } | `keyword` | `[]` | Any additional parameters to encode in the request phase. eg: `authorization_params scope: "openid profile email"` |
|
||||||
| [`registration_enabled?`](#authentication-strategies-oauth2-registration_enabled?){: #authentication-strategies-oauth2-registration_enabled? } | `boolean` | `true` | Is registration enabled for this provider? If this option is enabled, then new users will be able to register for your site when authenticating and not already present. If not, then only existing users will be able to authenticate. |
|
| [`registration_enabled?`](#authentication-strategies-oauth2-registration_enabled?){: #authentication-strategies-oauth2-registration_enabled? } | `boolean` | `true` | If enabled, new users will be able to register for your site when authenticating and not already present. If not, only existing users will be able to authenticate. |
|
||||||
| [`register_action_name`](#authentication-strategies-oauth2-register_action_name){: #authentication-strategies-oauth2-register_action_name } | `atom` | | The name of the action to use to register a user. Only needed if `registration_enabled?` is `true`. Because we we don't know the response format of the server, you must implement your own registration action of the same name. See the "Registration and Sign-in" section of the module documentation for more information. The default is computed from the strategy name eg: `register_with_#{name}`. |
|
| [`register_action_name`](#authentication-strategies-oauth2-register_action_name){: #authentication-strategies-oauth2-register_action_name } | `atom` | | The name of the action to use to register a user, if `registration_enabled?` is `true`. Defaults to `register_with_<name>` See the "Registration and Sign-in" section of the strategy docs for more. |
|
||||||
| [`sign_in_action_name`](#authentication-strategies-oauth2-sign_in_action_name){: #authentication-strategies-oauth2-sign_in_action_name } | `atom` | | The name of the action to use to sign in an existing user. Only needed if `registration_enabled?` is `false`. Because we don't know the response format of the server, you must implement your own sign-in action of the same name. See the "Registration and Sign-in" section of the module documentation for more information. The default is computed from the strategy name, eg: `sign_in_with_#{name}`. |
|
| [`sign_in_action_name`](#authentication-strategies-oauth2-sign_in_action_name){: #authentication-strategies-oauth2-sign_in_action_name } | `atom` | | The name of the action to use to sign in an existing user, if `sign_in_enabled?` is `true`. Defaults to `sign_in_with_<strategy>`, which is generated for you by default. See the "Registration and Sign-in" section of the strategy docs for more information. |
|
||||||
| [`identity_resource`](#authentication-strategies-oauth2-identity_resource){: #authentication-strategies-oauth2-identity_resource } | `module \| false` | `false` | The resource used to store user identities. Given that a user can be signed into multiple different authentication providers at once we use the `AshAuthentication.UserIdentity` resource to build a mapping between users, providers and that provider's uid. See the Identities section of the module documentation for more information. Set to `false` to disable. |
|
| [`identity_resource`](#authentication-strategies-oauth2-identity_resource){: #authentication-strategies-oauth2-identity_resource } | `module \| false` | `false` | The resource used to store user identities, or `false` to disable. See the User Identities section of the strategy docs for more. |
|
||||||
| [`identity_relationship_name`](#authentication-strategies-oauth2-identity_relationship_name){: #authentication-strategies-oauth2-identity_relationship_name } | `atom` | `:identities` | Name of the relationship to the provider identities resource |
|
| [`identity_relationship_name`](#authentication-strategies-oauth2-identity_relationship_name){: #authentication-strategies-oauth2-identity_relationship_name } | `atom` | `:identities` | Name of the relationship to the provider identities resource |
|
||||||
| [`identity_relationship_user_id_attribute`](#authentication-strategies-oauth2-identity_relationship_user_id_attribute){: #authentication-strategies-oauth2-identity_relationship_user_id_attribute } | `atom` | `:user_id` | The name of the destination (user_id) attribute on your provider identity resource. The only reason to change this would be if you changed the `user_id_attribute_name` option of the provider identity. |
|
| [`identity_relationship_user_id_attribute`](#authentication-strategies-oauth2-identity_relationship_user_id_attribute){: #authentication-strategies-oauth2-identity_relationship_user_id_attribute } | `atom` | `:user_id` | The name of the destination (user_id) attribute on your provider identity resource. Only necessary if you've changed the `user_id_attribute_name` option of the provider identity. |
|
||||||
| [`icon`](#authentication-strategies-oauth2-icon){: #authentication-strategies-oauth2-icon } | `atom` | `:oauth2` | The name of an icon to use in any potential UI. This is a *hint* for UI generators to use, and not in any way canonical. |
|
| [`icon`](#authentication-strategies-oauth2-icon){: #authentication-strategies-oauth2-icon } | `atom` | `:oauth2` | The name of an icon to use in any potential UI. This is a *hint* for UI generators to use, and not in any way canonical. |
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -48,206 +48,6 @@ A random value generator can look like this:
|
||||||
AshAuthentication will dynamically generate one for the session if `nonce` is
|
AshAuthentication will dynamically generate one for the session if `nonce` is
|
||||||
set to `true`.
|
set to `true`.
|
||||||
|
|
||||||
## DSL Documentation
|
|
||||||
|
|
||||||
Provides an OpenID Connect authentication strategy.
|
|
||||||
|
|
||||||
This strategy is built using the `:oauth2` strategy, and thus provides
|
|
||||||
all the same configuration options should you need them.
|
|
||||||
|
|
||||||
#### Schema:
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
* `:name` (`t:atom/0`) - Required. Uniquely identifies the strategy.
|
|
||||||
|
|
||||||
* `:client_id` - Required. The OAuth2 client ID.
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
```elixir
|
|
||||||
client_id fn _, resource ->
|
|
||||||
:my_app
|
|
||||||
|> Application.get_env(resource, [])
|
|
||||||
|> Keyword.fetch(:oauth_client_id)
|
|
||||||
end
|
|
||||||
```
|
|
||||||
|
|
||||||
* `:base_url` - The base URL of the OAuth2 server - including the leading protocol
|
|
||||||
(ie `https://`).
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
```elixir
|
|
||||||
base_url fn _, resource ->
|
|
||||||
:my_app
|
|
||||||
|> Application.get_env(resource, [])
|
|
||||||
|> Keyword.fetch(:oauth_site)
|
|
||||||
end
|
|
||||||
```
|
|
||||||
|
|
||||||
* `:site` - Deprecated: Use `base_url` instead.
|
|
||||||
|
|
||||||
* `:auth_method` - The authentication strategy used, optional. If not set, no
|
|
||||||
authentication will be used during the access token request. The
|
|
||||||
value may be one of the following:
|
|
||||||
* `:client_secret_basic`
|
|
||||||
* `:client_secret_post`
|
|
||||||
* `:client_secret_jwt`
|
|
||||||
* `:private_key_jwt`
|
|
||||||
Valid values are nil, :client_secret_basic, :client_secret_post, :client_secret_jwt, :private_key_jwt The default value is `:client_secret_post`.
|
|
||||||
|
|
||||||
* `:client_secret` - The OAuth2 client secret.
|
|
||||||
Required if :auth_method is `:client_secret_basic`,
|
|
||||||
`:client_secret_post` or `:client_secret_jwt`.
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
```elixir
|
|
||||||
site fn _, resource ->
|
|
||||||
:my_app
|
|
||||||
|> Application.get_env(resource, [])
|
|
||||||
|> Keyword.fetch(:oauth_site)
|
|
||||||
end
|
|
||||||
```
|
|
||||||
|
|
||||||
* `:authorize_url` - Required. The API url to the OAuth2 authorize endpoint.
|
|
||||||
Relative to the value of `site`.
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
```elixir
|
|
||||||
authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end
|
|
||||||
```
|
|
||||||
|
|
||||||
* `:token_url` - Required. The API url to access the token endpoint.
|
|
||||||
Relative to the value of `site`.
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
```elixir
|
|
||||||
token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end
|
|
||||||
```
|
|
||||||
|
|
||||||
* `:private_key` - The private key to use if `:auth_method` is `:private_key_jwt`
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
* `:redirect_uri` - Required. The callback URI base.
|
|
||||||
Not the whole URI back to the callback endpoint, but the URI to your
|
|
||||||
`AuthPlug`. We can generate the rest.
|
|
||||||
Whilst not particularly secret, it seemed prudent to allow this to be
|
|
||||||
configured dynamically so that you can use different URIs for
|
|
||||||
different environments.
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
* `:authorization_params` (`t:keyword/0`) - Any additional parameters to encode in the request phase.
|
|
||||||
eg: `authorization_params scope: "openid profile email"` The default value is `[]`.
|
|
||||||
|
|
||||||
* `:registration_enabled?` (`t:boolean/0`) - Is registration enabled for this provider?
|
|
||||||
If this option is enabled, then new users will be able to register for
|
|
||||||
your site when authenticating and not already present.
|
|
||||||
If not, then only existing users will be able to authenticate. The default value is `true`.
|
|
||||||
|
|
||||||
* `:register_action_name` (`t:atom/0`) - The name of the action to use to register a user.
|
|
||||||
Only needed if `registration_enabled?` is `true`.
|
|
||||||
Because we we don't know the response format of the server, you must
|
|
||||||
implement your own registration action of the same name.
|
|
||||||
See the "Registration and Sign-in" section of the module
|
|
||||||
documentation for more information.
|
|
||||||
The default is computed from the strategy name eg:
|
|
||||||
`register_with_#{name}`.
|
|
||||||
|
|
||||||
* `:sign_in_action_name` (`t:atom/0`) - The name of the action to use to sign in an existing user.
|
|
||||||
Only needed if `registration_enabled?` is `false`.
|
|
||||||
Because we don't know the response format of the server, you must
|
|
||||||
implement your own sign-in action of the same name.
|
|
||||||
See the "Registration and Sign-in" section of the module
|
|
||||||
documentation for more information.
|
|
||||||
The default is computed from the strategy name, eg:
|
|
||||||
`sign_in_with_#{name}`.
|
|
||||||
|
|
||||||
* `:identity_resource` - The resource used to store user identities.
|
|
||||||
Given that a user can be signed into multiple different
|
|
||||||
authentication providers at once we use the
|
|
||||||
`AshAuthentication.UserIdentity` resource to build a mapping
|
|
||||||
between users, providers and that provider's uid.
|
|
||||||
See the Identities section of the module documentation for more
|
|
||||||
information.
|
|
||||||
Set to `false` to disable. The default value is `false`.
|
|
||||||
|
|
||||||
* `:identity_relationship_name` (`t:atom/0`) - Name of the relationship to the provider identities resource The default value is `:identities`.
|
|
||||||
|
|
||||||
* `:identity_relationship_user_id_attribute` (`t:atom/0`) - The name of the destination (user_id) attribute on your provider
|
|
||||||
identity resource.
|
|
||||||
The only reason to change this would be if you changed the
|
|
||||||
`user_id_attribute_name` option of the provider identity. The default value is `:user_id`.
|
|
||||||
|
|
||||||
* `:icon` (`t:atom/0`) - The name of an icon to use in any potential UI.
|
|
||||||
This is a *hint* for UI generators to use, and not in any way canonical. The default value is `:oauth2`.
|
|
||||||
|
|
||||||
* `:openid_configuration_uri` (`t:String.t/0`) - The URI for the OpenID provider The default value is `"/.well-known/openid-configuration"`.
|
|
||||||
|
|
||||||
* `:client_authentication_method` - The client authentication method to use. Valid values are :client_secret_basic, :client_secret_post, :client_secret_jwt, :private_key_jwt The default value is `:client_secret_basic`.
|
|
||||||
|
|
||||||
* `:openid_configuration` (`t:map/0`) - The OpenID configuration.
|
|
||||||
If not set, the configuration will be retrieved from `openid_configuration_uri`. The default value is `%{}`.
|
|
||||||
|
|
||||||
* `:id_token_signed_response_alg` - The `id_token_signed_response_alg` parameter sent by the Client during Registration.
|
|
||||||
Valid values are "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512", "Ed25519", "Ed25519ph", "Ed448", "Ed448ph", "EdDSA" The default value is `"RS256"`.
|
|
||||||
|
|
||||||
* `:id_token_ttl_seconds` - The number of seconds from `iat` that an ID Token will be considered valid. The default value is `nil`.
|
|
||||||
|
|
||||||
* `:nonce` - A function for generating the session nonce.
|
|
||||||
When set to `true` the nonce will be automatically generated using
|
|
||||||
`AshAuthentication.Strategy.Oidc.NonceGenerator`. Set to `false`
|
|
||||||
to explicitly disable.
|
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
```elixir
|
|
||||||
nonce fn _, _ ->
|
|
||||||
16
|
|
||||||
|> :crypto.strong_rand_bytes()
|
|
||||||
|> Base.encode64(padding: false)
|
|
||||||
end
|
|
||||||
```
|
|
||||||
|
|
||||||
The default value is `true`.
|
|
||||||
|
|
||||||
* `:trusted_audiences` - A list of audiences which are trusted. The default value is `nil`.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## authentication.strategies.oidc
|
## authentication.strategies.oidc
|
||||||
|
@ -261,8 +61,6 @@ Provides an OpenID Connect authentication strategy.
|
||||||
This strategy is built using the `:oauth2` strategy, and thus provides
|
This strategy is built using the `:oauth2` strategy, and thus provides
|
||||||
all the same configuration options should you need them.
|
all the same configuration options should you need them.
|
||||||
|
|
||||||
###### Schema:
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
@ -277,29 +75,29 @@ all the same configuration options should you need them.
|
||||||
|
|
||||||
| Name | Type | Default | Docs |
|
| Name | Type | Default | Docs |
|
||||||
|------|------|---------|------|
|
|------|------|---------|------|
|
||||||
| [`client_id`](#authentication-strategies-oidc-client_id){: #authentication-strategies-oidc-client_id .spark-required} | `(any, any -> any) \| module \| String.t` | | The OAuth2 client ID. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir client_id fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_client_id) end ``` |
|
| [`client_id`](#authentication-strategies-oidc-client_id){: #authentication-strategies-oidc-client_id .spark-required} | `(any, any -> any) \| module \| String.t` | | The OAuth2 client ID. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`authorize_url`](#authentication-strategies-oidc-authorize_url){: #authentication-strategies-oidc-authorize_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to the OAuth2 authorize endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end ``` |
|
| [`authorize_url`](#authentication-strategies-oidc-authorize_url){: #authentication-strategies-oidc-authorize_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to the OAuth2 authorize endpoint, relative to `site`, e.g `authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`token_url`](#authentication-strategies-oidc-token_url){: #authentication-strategies-oidc-token_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the token endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end ``` |
|
| [`token_url`](#authentication-strategies-oidc-token_url){: #authentication-strategies-oidc-token_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the token endpoint, relative to `site`, e.g `token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`redirect_uri`](#authentication-strategies-oidc-redirect_uri){: #authentication-strategies-oidc-redirect_uri .spark-required} | `(any, any -> any) \| module \| String.t` | | The callback URI base. Not the whole URI back to the callback endpoint, but the URI to your `AuthPlug`. We can generate the rest. Whilst not particularly secret, it seemed prudent to allow this to be configured dynamically so that you can use different URIs for different environments. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. |
|
| [`redirect_uri`](#authentication-strategies-oidc-redirect_uri){: #authentication-strategies-oidc-redirect_uri .spark-required} | `(any, any -> any) \| module \| String.t` | | The callback URI *base*. Not the whole URI back to the callback endpoint, but the URI to your `AuthPlug`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`base_url`](#authentication-strategies-oidc-base_url){: #authentication-strategies-oidc-base_url } | `(any, any -> any) \| module \| String.t` | | The base URL of the OAuth2 server - including the leading protocol (ie `https://`). Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir base_url fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_site) end ``` |
|
| [`base_url`](#authentication-strategies-oidc-base_url){: #authentication-strategies-oidc-base_url } | `(any, any -> any) \| module \| String.t` | | The base URL of the OAuth2 server - including the leading protocol (ie `https://`). Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`site`](#authentication-strategies-oidc-site){: #authentication-strategies-oidc-site } | `(any, any -> any) \| module \| String.t` | | Deprecated: Use `base_url` instead. |
|
| [`site`](#authentication-strategies-oidc-site){: #authentication-strategies-oidc-site } | `(any, any -> any) \| module \| String.t` | | Deprecated: Use `base_url` instead. |
|
||||||
| [`auth_method`](#authentication-strategies-oidc-auth_method){: #authentication-strategies-oidc-auth_method } | `nil \| :client_secret_basic \| :client_secret_post \| :client_secret_jwt \| :private_key_jwt` | `:client_secret_post` | The authentication strategy used, optional. If not set, no authentication will be used during the access token request. The value may be one of the following: * `:client_secret_basic` * `:client_secret_post` * `:client_secret_jwt` * `:private_key_jwt` |
|
| [`auth_method`](#authentication-strategies-oidc-auth_method){: #authentication-strategies-oidc-auth_method } | `nil \| :client_secret_basic \| :client_secret_post \| :client_secret_jwt \| :private_key_jwt` | `:client_secret_post` | The authentication strategy used, optional. If not set, no authentication will be used during the access token request. |
|
||||||
| [`client_secret`](#authentication-strategies-oidc-client_secret){: #authentication-strategies-oidc-client_secret } | `(any, any -> any) \| module \| String.t` | | The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir site fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_site) end ``` |
|
| [`client_secret`](#authentication-strategies-oidc-client_secret){: #authentication-strategies-oidc-client_secret } | `(any, any -> any) \| module \| String.t` | | The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`private_key`](#authentication-strategies-oidc-private_key){: #authentication-strategies-oidc-private_key } | `(any, any -> any) \| module \| String.t` | | The private key to use if `:auth_method` is `:private_key_jwt` Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. |
|
| [`private_key`](#authentication-strategies-oidc-private_key){: #authentication-strategies-oidc-private_key } | `(any, any -> any) \| module \| String.t` | | The private key to use if `:auth_method` is `:private_key_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
| [`authorization_params`](#authentication-strategies-oidc-authorization_params){: #authentication-strategies-oidc-authorization_params } | `Keyword.t` | `[]` | Any additional parameters to encode in the request phase. eg: `authorization_params scope: "openid profile email"` |
|
| [`authorization_params`](#authentication-strategies-oidc-authorization_params){: #authentication-strategies-oidc-authorization_params } | `keyword` | `[]` | Any additional parameters to encode in the request phase. eg: `authorization_params scope: "openid profile email"` |
|
||||||
| [`registration_enabled?`](#authentication-strategies-oidc-registration_enabled?){: #authentication-strategies-oidc-registration_enabled? } | `boolean` | `true` | Is registration enabled for this provider? If this option is enabled, then new users will be able to register for your site when authenticating and not already present. If not, then only existing users will be able to authenticate. |
|
| [`registration_enabled?`](#authentication-strategies-oidc-registration_enabled?){: #authentication-strategies-oidc-registration_enabled? } | `boolean` | `true` | If enabled, new users will be able to register for your site when authenticating and not already present. If not, only existing users will be able to authenticate. |
|
||||||
| [`register_action_name`](#authentication-strategies-oidc-register_action_name){: #authentication-strategies-oidc-register_action_name } | `atom` | | The name of the action to use to register a user. Only needed if `registration_enabled?` is `true`. Because we we don't know the response format of the server, you must implement your own registration action of the same name. See the "Registration and Sign-in" section of the module documentation for more information. The default is computed from the strategy name eg: `register_with_#{name}`. |
|
| [`register_action_name`](#authentication-strategies-oidc-register_action_name){: #authentication-strategies-oidc-register_action_name } | `atom` | | The name of the action to use to register a user, if `registration_enabled?` is `true`. Defaults to `register_with_<name>` See the "Registration and Sign-in" section of the strategy docs for more. |
|
||||||
| [`sign_in_action_name`](#authentication-strategies-oidc-sign_in_action_name){: #authentication-strategies-oidc-sign_in_action_name } | `atom` | | The name of the action to use to sign in an existing user. Only needed if `registration_enabled?` is `false`. Because we don't know the response format of the server, you must implement your own sign-in action of the same name. See the "Registration and Sign-in" section of the module documentation for more information. The default is computed from the strategy name, eg: `sign_in_with_#{name}`. |
|
| [`sign_in_action_name`](#authentication-strategies-oidc-sign_in_action_name){: #authentication-strategies-oidc-sign_in_action_name } | `atom` | | The name of the action to use to sign in an existing user, if `sign_in_enabled?` is `true`. Defaults to `sign_in_with_<strategy>`, which is generated for you by default. See the "Registration and Sign-in" section of the strategy docs for more information. |
|
||||||
| [`identity_resource`](#authentication-strategies-oidc-identity_resource){: #authentication-strategies-oidc-identity_resource } | `module \| false` | `false` | The resource used to store user identities. Given that a user can be signed into multiple different authentication providers at once we use the `AshAuthentication.UserIdentity` resource to build a mapping between users, providers and that provider's uid. See the Identities section of the module documentation for more information. Set to `false` to disable. |
|
| [`identity_resource`](#authentication-strategies-oidc-identity_resource){: #authentication-strategies-oidc-identity_resource } | `module \| false` | `false` | The resource used to store user identities, or `false` to disable. See the User Identities section of the strategy docs for more. |
|
||||||
| [`identity_relationship_name`](#authentication-strategies-oidc-identity_relationship_name){: #authentication-strategies-oidc-identity_relationship_name } | `atom` | `:identities` | Name of the relationship to the provider identities resource |
|
| [`identity_relationship_name`](#authentication-strategies-oidc-identity_relationship_name){: #authentication-strategies-oidc-identity_relationship_name } | `atom` | `:identities` | Name of the relationship to the provider identities resource |
|
||||||
| [`identity_relationship_user_id_attribute`](#authentication-strategies-oidc-identity_relationship_user_id_attribute){: #authentication-strategies-oidc-identity_relationship_user_id_attribute } | `atom` | `:user_id` | The name of the destination (user_id) attribute on your provider identity resource. The only reason to change this would be if you changed the `user_id_attribute_name` option of the provider identity. |
|
| [`identity_relationship_user_id_attribute`](#authentication-strategies-oidc-identity_relationship_user_id_attribute){: #authentication-strategies-oidc-identity_relationship_user_id_attribute } | `atom` | `:user_id` | The name of the destination (user_id) attribute on your provider identity resource. Only necessary if you've changed the `user_id_attribute_name` option of the provider identity. |
|
||||||
| [`icon`](#authentication-strategies-oidc-icon){: #authentication-strategies-oidc-icon } | `atom` | `:oauth2` | The name of an icon to use in any potential UI. This is a *hint* for UI generators to use, and not in any way canonical. |
|
| [`icon`](#authentication-strategies-oidc-icon){: #authentication-strategies-oidc-icon } | `atom` | `:oauth2` | The name of an icon to use in any potential UI. This is a *hint* for UI generators to use, and not in any way canonical. |
|
||||||
| [`openid_configuration_uri`](#authentication-strategies-oidc-openid_configuration_uri){: #authentication-strategies-oidc-openid_configuration_uri } | `String.t` | `"/.well-known/openid-configuration"` | The URI for the OpenID provider |
|
| [`openid_configuration_uri`](#authentication-strategies-oidc-openid_configuration_uri){: #authentication-strategies-oidc-openid_configuration_uri } | `String.t` | `"/.well-known/openid-configuration"` | The URI for the OpenID provider |
|
||||||
| [`client_authentication_method`](#authentication-strategies-oidc-client_authentication_method){: #authentication-strategies-oidc-client_authentication_method } | `:client_secret_basic \| :client_secret_post \| :client_secret_jwt \| :private_key_jwt` | `:client_secret_basic` | The client authentication method to use. |
|
| [`client_authentication_method`](#authentication-strategies-oidc-client_authentication_method){: #authentication-strategies-oidc-client_authentication_method } | `:client_secret_basic \| :client_secret_post \| :client_secret_jwt \| :private_key_jwt` | `:client_secret_basic` | The client authentication method to use. |
|
||||||
| [`openid_configuration`](#authentication-strategies-oidc-openid_configuration){: #authentication-strategies-oidc-openid_configuration } | `map` | `%{}` | The OpenID configuration. If not set, the configuration will be retrieved from `openid_configuration_uri`. |
|
| [`openid_configuration`](#authentication-strategies-oidc-openid_configuration){: #authentication-strategies-oidc-openid_configuration } | `map` | `%{}` | The OpenID configuration. If not set, the configuration will be retrieved from `openid_configuration_uri`. |
|
||||||
| [`id_token_signed_response_alg`](#authentication-strategies-oidc-id_token_signed_response_alg){: #authentication-strategies-oidc-id_token_signed_response_alg } | `"HS256" \| "HS384" \| "HS512" \| "RS256" \| "RS384" \| "RS512" \| "ES256" \| "ES384" \| "ES512" \| "PS256" \| "PS384" \| "PS512" \| "Ed25519" \| "Ed25519ph" \| "Ed448" \| "Ed448ph" \| "EdDSA"` | `"RS256"` | The `id_token_signed_response_alg` parameter sent by the Client during Registration. |
|
| [`id_token_signed_response_alg`](#authentication-strategies-oidc-id_token_signed_response_alg){: #authentication-strategies-oidc-id_token_signed_response_alg } | `"HS256" \| "HS384" \| "HS512" \| "RS256" \| "RS384" \| "RS512" \| "ES256" \| "ES384" \| "ES512" \| "PS256" \| "PS384" \| "PS512" \| "Ed25519" \| "Ed25519ph" \| "Ed448" \| "Ed448ph" \| "EdDSA"` | `"RS256"` | The `id_token_signed_response_alg` parameter sent by the Client during Registration. |
|
||||||
| [`id_token_ttl_seconds`](#authentication-strategies-oidc-id_token_ttl_seconds){: #authentication-strategies-oidc-id_token_ttl_seconds } | `nil \| pos_integer` | | The number of seconds from `iat` that an ID Token will be considered valid. |
|
| [`id_token_ttl_seconds`](#authentication-strategies-oidc-id_token_ttl_seconds){: #authentication-strategies-oidc-id_token_ttl_seconds } | `nil \| pos_integer` | | The number of seconds from `iat` that an ID Token will be considered valid. |
|
||||||
| [`nonce`](#authentication-strategies-oidc-nonce){: #authentication-strategies-oidc-nonce } | `boolean \| (any, any -> any) \| module \| String.t` | `true` | A function for generating the session nonce. When set to `true` the nonce will be automatically generated using `AshAuthentication.Strategy.Oidc.NonceGenerator`. Set to `false` to explicitly disable. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir nonce fn _, _ -> 16 \|> :crypto.strong_rand_bytes() \|> Base.encode64(padding: false) end ``` |
|
| [`nonce`](#authentication-strategies-oidc-nonce){: #authentication-strategies-oidc-nonce } | `boolean \| (any, any -> any) \| module \| String.t` | `true` | A function for generating the session nonce, `true` to automatically generate it with `AshAuthetnication.Strategy.Oidc.NonceGenerator`, or `false` to disable. |
|
||||||
| [`trusted_audiences`](#authentication-strategies-oidc-trusted_audiences){: #authentication-strategies-oidc-trusted_audiences } | `nil \| list(String.t)` | | A list of audiences which are trusted. |
|
| [`trusted_audiences`](#authentication-strategies-oidc-trusted_audiences){: #authentication-strategies-oidc-trusted_audiences } | `nil \| list(String.t)` | | A list of audiences which are trusted. |
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -95,105 +95,6 @@ Dispatching to plugs directly:
|
||||||
|
|
||||||
See the [Testing guide](/documentation/topics/testing.md) for tips on testing resources using this strategy.
|
See the [Testing guide](/documentation/topics/testing.md) for tips on testing resources using this strategy.
|
||||||
|
|
||||||
## DSL Documentation
|
|
||||||
|
|
||||||
Strategy for authenticating using local resources as the source of truth.
|
|
||||||
|
|
||||||
* resettable
|
|
||||||
|
|
||||||
Examples:
|
|
||||||
```
|
|
||||||
password :password do
|
|
||||||
identity_field :email
|
|
||||||
hashed_password_field :hashed_password
|
|
||||||
hash_provider AshAuthentication.BcryptProvider
|
|
||||||
confirmation_required? true
|
|
||||||
end
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
|
|
||||||
* `:identity_field` (`t:atom/0`) - The name of the attribute which uniquely identifies the user.
|
|
||||||
Usually something like `username` or `email_address`. The default value is `:username`.
|
|
||||||
|
|
||||||
* `:hashed_password_field` (`t:atom/0`) - The name of the attribute within which to store the user's password
|
|
||||||
once it has been hashed. The default value is `:hashed_password`.
|
|
||||||
|
|
||||||
* `:hash_provider` (`t:atom/0`) - A module which implements the `AshAuthentication.HashProvider`
|
|
||||||
behaviour.
|
|
||||||
Used to provide cryptographic hashing of passwords. The default value is `AshAuthentication.BcryptProvider`.
|
|
||||||
|
|
||||||
* `:confirmation_required?` (`t:boolean/0`) - Whether a password confirmation field is required when registering or
|
|
||||||
changing passwords. The default value is `true`.
|
|
||||||
|
|
||||||
* `:register_action_accept` (list of `t:atom/0`) - A list of additional fields to be accepted in the register action. The default value is `[]`.
|
|
||||||
|
|
||||||
* `:password_field` (`t:atom/0`) - The name of the argument used to collect the user's password in
|
|
||||||
plaintext when registering, checking or changing passwords. The default value is `:password`.
|
|
||||||
|
|
||||||
* `:password_confirmation_field` (`t:atom/0`) - The name of the argument used to confirm the user's password in
|
|
||||||
plaintext when registering or changing passwords. The default value is `:password_confirmation`.
|
|
||||||
|
|
||||||
* `:register_action_name` (`t:atom/0`) - The name to use for the register action.
|
|
||||||
If not present it will be generated by prepending the strategy name
|
|
||||||
with `register_with_`.
|
|
||||||
|
|
||||||
* `:registration_enabled?` (`t:boolean/0`) - If you do not want new users to be able to register using this
|
|
||||||
strategy, set this to false. The default value is `true`.
|
|
||||||
|
|
||||||
* `:sign_in_action_name` (`t:atom/0`) - The name to use for the sign in action.
|
|
||||||
If not present it will be generated by prepending the strategy name
|
|
||||||
with `sign_in_with_`.
|
|
||||||
|
|
||||||
* `:sign_in_enabled?` (`t:boolean/0`) - If you do not want new users to be able to sign in using this
|
|
||||||
strategy, set this to false. The default value is `true`.
|
|
||||||
|
|
||||||
* `:sign_in_tokens_enabled?` (`t:boolean/0`) - Whether or not to support generating short lived sign in tokens. Requires the resource to have
|
|
||||||
tokens enabled. There is no drawback to supporting this, and in the future this default will
|
|
||||||
change from `false` to `true`.
|
|
||||||
Sign in tokens can be generated on request by setting the `:token_type` context to `:sign_in`
|
|
||||||
when calling the sign in action. You might do this when you need to generate a short lived token
|
|
||||||
to be exchanged for a real token using the `validate_sign_in_token` route. This is used, for example,
|
|
||||||
by `ash_authentication_phoenix` (since 1.7) to support signing in in a liveview, and then redirecting
|
|
||||||
with a valid token to a controller action, allowing the liveview to show invalid username/password errors. The default value is `false`.
|
|
||||||
|
|
||||||
* `:sign_in_token_lifetime` - A lifetime for which a generated sign in token will be valid, if `sign_in_tokens_enabled?`.
|
|
||||||
If no unit is specified, defaults to `:seconds`. The default value is `{60, :seconds}`.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
### resettable
|
|
||||||
|
|
||||||
Configure password reset options for the resource
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
* `:token_lifetime` - How long should the reset token be valid.
|
|
||||||
If no unit is provided `:hours` is assumed.
|
|
||||||
Defaults to 3 days. The default value is `{3, :days}`.
|
|
||||||
|
|
||||||
* `:request_password_reset_action_name` (`t:atom/0`) - The name to use for the action which generates a password reset token.
|
|
||||||
If not present it will be generated by prepending the strategy name
|
|
||||||
with `request_password_reset_with_`.
|
|
||||||
|
|
||||||
* `:password_reset_action_name` (`t:atom/0`) - The name to use for the action which actually resets the user's
|
|
||||||
password.
|
|
||||||
If not present it will be generated by prepending the strategy name
|
|
||||||
with `password_reset_with_`.
|
|
||||||
|
|
||||||
* `:sender` - Required. How to send the password reset instructions to the user.
|
|
||||||
Allows you to glue sending of reset instructions to [swoosh](https://hex.pm/packages/swoosh), [ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification system is appropriate for your application.
|
|
||||||
Accepts a module, module and opts, or a function that takes a record, reset token and options.
|
|
||||||
See `AshAuthentication.Sender` for more information.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## authentication.strategies.password
|
## authentication.strategies.password
|
||||||
|
@ -226,19 +127,19 @@ end
|
||||||
|
|
||||||
| Name | Type | Default | Docs |
|
| Name | Type | Default | Docs |
|
||||||
|------|------|---------|------|
|
|------|------|---------|------|
|
||||||
| [`identity_field`](#authentication-strategies-password-identity_field){: #authentication-strategies-password-identity_field } | `atom` | `:username` | The name of the attribute which uniquely identifies the user. Usually something like `username` or `email_address`. |
|
| [`identity_field`](#authentication-strategies-password-identity_field){: #authentication-strategies-password-identity_field } | `atom` | `:username` | The name of the attribute which uniquely identifies the user, usually something like `username` or `email_address`. |
|
||||||
| [`hashed_password_field`](#authentication-strategies-password-hashed_password_field){: #authentication-strategies-password-hashed_password_field } | `atom` | `:hashed_password` | The name of the attribute within which to store the user's password once it has been hashed. |
|
| [`hashed_password_field`](#authentication-strategies-password-hashed_password_field){: #authentication-strategies-password-hashed_password_field } | `atom` | `:hashed_password` | The name of the attribute within which to store the user's password once it has been hashed. |
|
||||||
| [`hash_provider`](#authentication-strategies-password-hash_provider){: #authentication-strategies-password-hash_provider } | `module` | `AshAuthentication.BcryptProvider` | A module which implements the `AshAuthentication.HashProvider` behaviour. Used to provide cryptographic hashing of passwords. |
|
| [`hash_provider`](#authentication-strategies-password-hash_provider){: #authentication-strategies-password-hash_provider } | `module` | `AshAuthentication.BcryptProvider` | A module which implements the `AshAuthentication.HashProvider` behaviour, to provide cryptographic hashing of passwords. |
|
||||||
| [`confirmation_required?`](#authentication-strategies-password-confirmation_required?){: #authentication-strategies-password-confirmation_required? } | `boolean` | `true` | Whether a password confirmation field is required when registering or changing passwords. |
|
| [`confirmation_required?`](#authentication-strategies-password-confirmation_required?){: #authentication-strategies-password-confirmation_required? } | `boolean` | `true` | Whether a password confirmation field is required when registering or changing passwords. |
|
||||||
| [`register_action_accept`](#authentication-strategies-password-register_action_accept){: #authentication-strategies-password-register_action_accept } | `list(atom)` | `[]` | A list of additional fields to be accepted in the register action. |
|
| [`register_action_accept`](#authentication-strategies-password-register_action_accept){: #authentication-strategies-password-register_action_accept } | `list(atom)` | `[]` | A list of additional fields to be accepted in the register action. |
|
||||||
| [`password_field`](#authentication-strategies-password-password_field){: #authentication-strategies-password-password_field } | `atom` | `:password` | The name of the argument used to collect the user's password in plaintext when registering, checking or changing passwords. |
|
| [`password_field`](#authentication-strategies-password-password_field){: #authentication-strategies-password-password_field } | `atom` | `:password` | The name of the argument used to collect the user's password in plaintext when registering, checking or changing passwords. |
|
||||||
| [`password_confirmation_field`](#authentication-strategies-password-password_confirmation_field){: #authentication-strategies-password-password_confirmation_field } | `atom` | `:password_confirmation` | The name of the argument used to confirm the user's password in plaintext when registering or changing passwords. |
|
| [`password_confirmation_field`](#authentication-strategies-password-password_confirmation_field){: #authentication-strategies-password-password_confirmation_field } | `atom` | `:password_confirmation` | The name of the argument used to confirm the user's password in plaintext when registering or changing passwords. |
|
||||||
| [`register_action_name`](#authentication-strategies-password-register_action_name){: #authentication-strategies-password-register_action_name } | `atom` | | The name to use for the register action. If not present it will be generated by prepending the strategy name with `register_with_`. |
|
| [`register_action_name`](#authentication-strategies-password-register_action_name){: #authentication-strategies-password-register_action_name } | `atom` | | The name to use for the register action. Defaults to `register_with_<strategy_name>` |
|
||||||
| [`registration_enabled?`](#authentication-strategies-password-registration_enabled?){: #authentication-strategies-password-registration_enabled? } | `boolean` | `true` | If you do not want new users to be able to register using this strategy, set this to false. |
|
| [`registration_enabled?`](#authentication-strategies-password-registration_enabled?){: #authentication-strategies-password-registration_enabled? } | `boolean` | `true` | If you do not want new users to be able to register using this strategy, set this to false. |
|
||||||
| [`sign_in_action_name`](#authentication-strategies-password-sign_in_action_name){: #authentication-strategies-password-sign_in_action_name } | `atom` | | The name to use for the sign in action. If not present it will be generated by prepending the strategy name with `sign_in_with_`. |
|
| [`sign_in_action_name`](#authentication-strategies-password-sign_in_action_name){: #authentication-strategies-password-sign_in_action_name } | `atom` | | The name to use for the sign in action. Defaults to `sign_in_with_<strategy_name>` |
|
||||||
| [`sign_in_enabled?`](#authentication-strategies-password-sign_in_enabled?){: #authentication-strategies-password-sign_in_enabled? } | `boolean` | `true` | If you do not want new users to be able to sign in using this strategy, set this to false. |
|
| [`sign_in_enabled?`](#authentication-strategies-password-sign_in_enabled?){: #authentication-strategies-password-sign_in_enabled? } | `boolean` | `true` | If you do not want new users to be able to sign in using this strategy, set this to false. |
|
||||||
| [`sign_in_tokens_enabled?`](#authentication-strategies-password-sign_in_tokens_enabled?){: #authentication-strategies-password-sign_in_tokens_enabled? } | `boolean` | `false` | Whether or not to support generating short lived sign in tokens. Requires the resource to have tokens enabled. There is no drawback to supporting this, and in the future this default will change from `false` to `true`. Sign in tokens can be generated on request by setting the `:token_type` context to `:sign_in` when calling the sign in action. You might do this when you need to generate a short lived token to be exchanged for a real token using the `validate_sign_in_token` route. This is used, for example, by `ash_authentication_phoenix` (since 1.7) to support signing in in a liveview, and then redirecting with a valid token to a controller action, allowing the liveview to show invalid username/password errors. |
|
| [`sign_in_tokens_enabled?`](#authentication-strategies-password-sign_in_tokens_enabled?){: #authentication-strategies-password-sign_in_tokens_enabled? } | `boolean` | `false` | Whether or not to support generating short lived sign in tokens. Requires the resource to have tokens enabled. There is no drawback to supporting this, and in the future this default will change from `false` to `true`. |
|
||||||
| [`sign_in_token_lifetime`](#authentication-strategies-password-sign_in_token_lifetime){: #authentication-strategies-password-sign_in_token_lifetime } | `pos_integer \| {pos_integer, :days \| :hours \| :minutes \| :seconds}` | `{60, :seconds}` | A lifetime for which a generated sign in token will be valid, if `sign_in_tokens_enabled?`. If no unit is specified, defaults to `:seconds`. |
|
| [`sign_in_token_lifetime`](#authentication-strategies-password-sign_in_token_lifetime){: #authentication-strategies-password-sign_in_token_lifetime } | `pos_integer \| {pos_integer, :days \| :hours \| :minutes \| :seconds}` | `{60, :seconds}` | A lifetime for which a generated sign in token will be valid, if `sign_in_tokens_enabled?`. Unit defaults to `:seconds`. |
|
||||||
|
|
||||||
|
|
||||||
## authentication.strategies.password.resettable
|
## authentication.strategies.password.resettable
|
||||||
|
@ -255,10 +156,10 @@ Configure password reset options for the resource
|
||||||
|
|
||||||
| Name | Type | Default | Docs |
|
| Name | Type | Default | Docs |
|
||||||
|------|------|---------|------|
|
|------|------|---------|------|
|
||||||
| [`sender`](#authentication-strategies-password-resettable-sender){: #authentication-strategies-password-resettable-sender .spark-required} | `(any, any, any -> any) \| module` | | How to send the password reset instructions to the user. Allows you to glue sending of reset instructions to [swoosh](https://hex.pm/packages/swoosh), [ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification system is appropriate for your application. Accepts a module, module and opts, or a function that takes a record, reset token and options. See `AshAuthentication.Sender` for more information. |
|
| [`sender`](#authentication-strategies-password-resettable-sender){: #authentication-strategies-password-resettable-sender .spark-required} | `(any, any, any -> any) \| module` | | The sender to use when sending password reset instructions. |
|
||||||
| [`token_lifetime`](#authentication-strategies-password-resettable-token_lifetime){: #authentication-strategies-password-resettable-token_lifetime } | `pos_integer \| {pos_integer, :days \| :hours \| :minutes \| :seconds}` | `{3, :days}` | How long should the reset token be valid. If no unit is provided `:hours` is assumed. Defaults to 3 days. |
|
| [`token_lifetime`](#authentication-strategies-password-resettable-token_lifetime){: #authentication-strategies-password-resettable-token_lifetime } | `pos_integer \| {pos_integer, :days \| :hours \| :minutes \| :seconds}` | `{3, :days}` | How long should the reset token be valid. If no unit is provided `:hours` is assumed. |
|
||||||
| [`request_password_reset_action_name`](#authentication-strategies-password-resettable-request_password_reset_action_name){: #authentication-strategies-password-resettable-request_password_reset_action_name } | `atom` | | The name to use for the action which generates a password reset token. If not present it will be generated by prepending the strategy name with `request_password_reset_with_`. |
|
| [`request_password_reset_action_name`](#authentication-strategies-password-resettable-request_password_reset_action_name){: #authentication-strategies-password-resettable-request_password_reset_action_name } | `atom` | | The name to use for the action which generates a password reset token. Defaults to `request_password_reset_with_<strategy_name>`. |
|
||||||
| [`password_reset_action_name`](#authentication-strategies-password-resettable-password_reset_action_name){: #authentication-strategies-password-resettable-password_reset_action_name } | `atom` | | The name to use for the action which actually resets the user's password. If not present it will be generated by prepending the strategy name with `password_reset_with_`. |
|
| [`password_reset_action_name`](#authentication-strategies-password-resettable-password_reset_action_name){: #authentication-strategies-password-resettable-password_reset_action_name } | `atom` | | The name to use for the action which actually resets the user's password. Defaults to `password_reset_with_<strategy_name>`. |
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -72,10 +72,10 @@ Configuration options for this token resource
|
||||||
|------|------|---------|------|
|
|------|------|---------|------|
|
||||||
| [`api`](#token-api){: #token-api .spark-required} | `module` | | The Ash API to use to access this resource. |
|
| [`api`](#token-api){: #token-api .spark-required} | `module` | | The Ash API to use to access this resource. |
|
||||||
| [`expunge_expired_action_name`](#token-expunge_expired_action_name){: #token-expunge_expired_action_name } | `atom` | `:expunge_expired` | The name of the action used to remove expired tokens. |
|
| [`expunge_expired_action_name`](#token-expunge_expired_action_name){: #token-expunge_expired_action_name } | `atom` | `:expunge_expired` | The name of the action used to remove expired tokens. |
|
||||||
| [`read_expired_action_name`](#token-read_expired_action_name){: #token-read_expired_action_name } | `atom` | `:read_expired` | The name of the action use to find all expired tokens. Used internally by the `expunge_expired` action. |
|
| [`read_expired_action_name`](#token-read_expired_action_name){: #token-read_expired_action_name } | `atom` | `:read_expired` | The name of the action use to find all expired tokens. |
|
||||||
| [`expunge_interval`](#token-expunge_interval){: #token-expunge_interval } | `pos_integer` | `12` | How often to remove expired records. How often to scan this resource for records which have expired, and thus can be removed. |
|
| [`expunge_interval`](#token-expunge_interval){: #token-expunge_interval } | `pos_integer` | `12` | How often to scan this resource for records which have expired, and thus can be removed. |
|
||||||
| [`store_token_action_name`](#token-store_token_action_name){: #token-store_token_action_name } | `atom` | `:store_token` | The name of the action to use to store a token. Used if `store_all_tokens?` is enabled in your authentication resource. |
|
| [`store_token_action_name`](#token-store_token_action_name){: #token-store_token_action_name } | `atom` | `:store_token` | The name of the action to use to store a token, if `require_tokens_for_authentication?` is enabled in your authentication resource. |
|
||||||
| [`get_token_action_name`](#token-get_token_action_name){: #token-get_token_action_name } | `atom` | `:get_token` | The name of the action used to retrieve tokens from the store. Used if `require_token_presence_for_authentication?` is enabled in your authentication resource. |
|
| [`get_token_action_name`](#token-get_token_action_name){: #token-get_token_action_name } | `atom` | `:get_token` | The name of the action used to retrieve tokens from the store, if `require_tokens_for_authentication?` is enabled in your authentication resource. |
|
||||||
|
|
||||||
|
|
||||||
## token.revocation
|
## token.revocation
|
||||||
|
|
|
@ -101,9 +101,9 @@ Configure authentication for this resource
|
||||||
| Name | Type | Default | Docs |
|
| Name | Type | Default | Docs |
|
||||||
|------|------|---------|------|
|
|------|------|---------|------|
|
||||||
| [`api`](#authentication-api){: #authentication-api .spark-required} | `module` | | The name of the Ash API to use to access this resource when doing anything authenticaiton related. |
|
| [`api`](#authentication-api){: #authentication-api .spark-required} | `module` | | The name of the Ash API to use to access this resource when doing anything authenticaiton related. |
|
||||||
| [`subject_name`](#authentication-subject_name){: #authentication-subject_name } | `atom` | | The subject name is used anywhere that a short version of your resource name is needed, eg: - generating token claims, - generating routes, - form parameter nesting. This needs to be unique system-wide and if not set will be inferred from the resource name (ie `MyApp.Accounts.User` will have a subject name of `user`). |
|
| [`subject_name`](#authentication-subject_name){: #authentication-subject_name } | `atom` | | The subject name is used anywhere that a short version of your resource name is needed. Must be unique system-wide and will be inferred from the resource name by default (ie `MyApp.Accounts.User` -> `user`). |
|
||||||
| [`get_by_subject_action_name`](#authentication-get_by_subject_action_name){: #authentication-get_by_subject_action_name } | `atom` | `:get_by_subject` | The name of the read action used to retrieve records. Used internally by `AshAuthentication.subject_to_user/2`. If the action doesn't exist, one will be generated for you. |
|
| [`get_by_subject_action_name`](#authentication-get_by_subject_action_name){: #authentication-get_by_subject_action_name } | `atom` | `:get_by_subject` | The name of the read action used to retrieve records. If the action doesn't exist, one will be generated for you. |
|
||||||
| [`select_for_senders`](#authentication-select_for_senders){: #authentication-select_for_senders } | `list(atom)` | | A list of fields that we will ensure are selected whenever a sender will be invoked. This is useful if using something like `ash_graphql` which by default only selects what fields appear in the query, and if you are exposing these actions that way. Defaults to `[:email]` if there is an `:email` attribute on the resource, and `[]` otherwise. |
|
| [`select_for_senders`](#authentication-select_for_senders){: #authentication-select_for_senders } | `list(atom)` | | A list of fields that we will ensure are selected whenever a sender will be invoked. Defaults to `[:email]` if there is an `:email` attribute on the resource, and `[]` otherwise. |
|
||||||
|
|
||||||
|
|
||||||
## authentication.tokens
|
## authentication.tokens
|
||||||
|
@ -118,13 +118,13 @@ Configure JWT settings for this resource
|
||||||
|
|
||||||
| Name | Type | Default | Docs |
|
| Name | Type | Default | Docs |
|
||||||
|------|------|---------|------|
|
|------|------|---------|------|
|
||||||
| [`token_resource`](#authentication-tokens-token_resource){: #authentication-tokens-token_resource .spark-required} | `module \| false` | | The resource used to store token information. If token generation is enabled for this resource, we need a place to store information about tokens, such as revocations and in-flight confirmations. |
|
| [`token_resource`](#authentication-tokens-token_resource){: #authentication-tokens-token_resource .spark-required} | `module \| false` | | The resource used to store token information, such as in-flight confirmations, revocations, and if `store_all_tokens?` is enabled, authentication tokens themselves. |
|
||||||
| [`enabled?`](#authentication-tokens-enabled?){: #authentication-tokens-enabled? } | `boolean` | `false` | Should JWTs be generated by this resource? |
|
| [`enabled?`](#authentication-tokens-enabled?){: #authentication-tokens-enabled? } | `boolean` | `false` | Should JWTs be generated by this resource? |
|
||||||
| [`store_all_tokens?`](#authentication-tokens-store_all_tokens?){: #authentication-tokens-store_all_tokens? } | `boolean` | `false` | Store all tokens in the `token_resource`? Some applications need to keep track of all tokens issued to any user. This is optional behaviour with `ash_authentication` in order to preserve as much performance as possible. |
|
| [`store_all_tokens?`](#authentication-tokens-store_all_tokens?){: #authentication-tokens-store_all_tokens? } | `boolean` | `false` | Store all tokens in the `token_resource`. See the [tokens guide](/documentation/topics/tokens.md) for more. |
|
||||||
| [`require_token_presence_for_authentication?`](#authentication-tokens-require_token_presence_for_authentication?){: #authentication-tokens-require_token_presence_for_authentication? } | `boolean` | `false` | Require a locally-stored token for authentication? This inverts the token validation behaviour from requiring that tokens are not revoked to requiring any token presented by a client to be present in the token resource to be considered valid. Requires `store_all_tokens?` to be `true`. |
|
| [`require_token_presence_for_authentication?`](#authentication-tokens-require_token_presence_for_authentication?){: #authentication-tokens-require_token_presence_for_authentication? } | `boolean` | `false` | Require a locally-stored token for authentication. See the [tokens guide](/documentation/topics/tokens.md) for more. |
|
||||||
| [`signing_algorithm`](#authentication-tokens-signing_algorithm){: #authentication-tokens-signing_algorithm } | `String.t` | `"HS256"` | The algorithm to use for token signing. Available signing algorithms are; EdDSA, Ed448ph, Ed448, Ed25519ph, Ed25519, PS512, PS384, PS256, ES512, ES384, ES256, RS512, RS384, RS256, HS512, HS384 and HS256. |
|
| [`signing_algorithm`](#authentication-tokens-signing_algorithm){: #authentication-tokens-signing_algorithm } | `String.t` | `"HS256"` | The algorithm to use for token signing. Available signing algorithms are; EdDSA, Ed448ph, Ed448, Ed25519ph, Ed25519, PS512, PS384, PS256, ES512, ES384, ES256, RS512, RS384, RS256, HS512, HS384 and HS256. |
|
||||||
| [`token_lifetime`](#authentication-tokens-token_lifetime){: #authentication-tokens-token_lifetime } | `pos_integer \| {pos_integer, :days \| :hours \| :minutes \| :seconds}` | `{14, :days}` | How long a token should be valid. Since refresh tokens are not yet supported, you should probably set this to a reasonably long time to ensure a good user experience. You can either provide a tuple with a time unit, or a positive integer, in which case the unit is assumed to be hours. Defaults to 14 days. |
|
| [`token_lifetime`](#authentication-tokens-token_lifetime){: #authentication-tokens-token_lifetime } | `pos_integer \| {pos_integer, :days \| :hours \| :minutes \| :seconds}` | `{14, :days}` | How long a token should be valid. See [the tokens guide](/documentation/topics/tokens.md) for more. |
|
||||||
| [`signing_secret`](#authentication-tokens-signing_secret){: #authentication-tokens-signing_secret } | `(any, any -> any) \| module \| String.t` | | The secret used to sign tokens. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. |
|
| [`signing_secret`](#authentication-tokens-signing_secret){: #authentication-tokens-signing_secret } | `(any, any -> any) \| module \| String.t` | | The secret used to sign tokens. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
7
documentation/topics/confirmation.md
Normal file
7
documentation/topics/confirmation.md
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
# Confirmation
|
||||||
|
|
||||||
|
## Inhibiting Updates
|
||||||
|
|
||||||
|
Inhibiting updates can be done with `d:AshAuthentication.AddOn.Confirmation.**authentication**.add_ons.confirmation.inhibit_updates?`.
|
||||||
|
|
||||||
|
If a change to a monitored field is detected, then the change is stored in the token resource and the changeset updated to not make the requested change. When the token is confirmed, the change will be applied. This could be potentially weird for your users, but useful in the case of a user changing their email address or phone number where you want to verify that the new contact details are reachable.
|
19
documentation/topics/tokens.md
Normal file
19
documentation/topics/tokens.md
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
# Tokens
|
||||||
|
|
||||||
|
## Token Lifetime
|
||||||
|
|
||||||
|
Since refresh tokens are not yet included in `ash_authentication`, you should set the token lifetime to a reasonably long time to ensure a good user experience. Alternatively, refresh tokens can be implemented on your own.
|
||||||
|
|
||||||
|
## Requiring Token Storage
|
||||||
|
|
||||||
|
Using `d:AshAuthentication.Dsl.authentication.tokens.require_token_presence_for_authentication?` inverts the token validation behaviour from requiring that tokens are not revoked to requiring any token presented by a client to be present in the token resource to be considered valid.
|
||||||
|
|
||||||
|
Requires `store_all_tokens?` to be `true`.
|
||||||
|
|
||||||
|
`store_all_tokens?` instructs `AshAuthentication` to keep track of all tokens issued to any user. This is optional behaviour with `ash_authentication` in order to preserve as much performance as possible.
|
||||||
|
|
||||||
|
## Sign in Tokens
|
||||||
|
|
||||||
|
Enabled with `d:AshAuthentication.Strategy.Password.authentication.strategies.password.sign_in_tokens_enabled?`
|
||||||
|
|
||||||
|
Sign in tokens can be generated on request by setting the `:token_type` context to `:sign_in` when calling the sign in action. You might do this when you need to generate a short lived token to be exchanged for a real token using the `validate_sign_in_token` route. This is used, for example, by `ash_authentication_phoenix` (since 1.7) to support signing in in a liveview, and then redirecting with a valid token to a controller action, allowing the liveview to show invalid username/password errors.
|
|
@ -86,10 +86,6 @@ defmodule AshAuthentication.AddOn.Confirmation do
|
||||||
...> {_conn, {:ok, user}} = Plug.Helpers.get_authentication_result(conn)
|
...> {_conn, {:ok, user}} = Plug.Helpers.get_authentication_result(conn)
|
||||||
...> user.confirmed_at >= one_second_ago()
|
...> user.confirmed_at >= one_second_ago()
|
||||||
true
|
true
|
||||||
|
|
||||||
## DSL Documentation
|
|
||||||
|
|
||||||
#{Spark.Dsl.Extension.doc_entity(Dsl.dsl())}
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
defstruct confirm_action_name: :confirm,
|
defstruct confirm_action_name: :confirm,
|
||||||
|
|
|
@ -37,90 +37,49 @@ defmodule AshAuthentication.AddOn.Confirmation.Dsl do
|
||||||
:pos_integer,
|
:pos_integer,
|
||||||
{:tuple, [:pos_integer, {:in, [:days, :hours, :minutes, :seconds]}]}
|
{:tuple, [:pos_integer, {:in, [:days, :hours, :minutes, :seconds]}]}
|
||||||
]},
|
]},
|
||||||
doc: """
|
doc:
|
||||||
How long should the confirmation token be valid.
|
"How long should the confirmation token be valid. If no unit is provided, then hours is assumed.",
|
||||||
If no unit is provided, then hours is assumed.
|
|
||||||
|
|
||||||
Defaults to #{@default_confirmation_lifetime_days} days.
|
|
||||||
""",
|
|
||||||
default: {@default_confirmation_lifetime_days, :days}
|
default: {@default_confirmation_lifetime_days, :days}
|
||||||
],
|
],
|
||||||
monitor_fields: [
|
monitor_fields: [
|
||||||
type: {:list, :atom},
|
type: {:list, :atom},
|
||||||
doc: """
|
doc:
|
||||||
A list of fields to monitor for changes (eg `[:email, :phone_number]`).
|
"A list of fields to monitor for changes. Confirmation will be sent when one of these fields are changed.",
|
||||||
The confirmation will only be sent when one of these fields are changed.
|
|
||||||
""",
|
|
||||||
required: true
|
required: true
|
||||||
],
|
],
|
||||||
confirmed_at_field: [
|
confirmed_at_field: [
|
||||||
type: :atom,
|
type: :atom,
|
||||||
doc: """
|
doc:
|
||||||
The name of a field to store the time that the last confirmation took
|
"The name of the field to store the time that the last confirmation took place. Created if it does not exist.",
|
||||||
place.
|
|
||||||
This attribute will be dynamically added to the resource if not already
|
|
||||||
present.
|
|
||||||
""",
|
|
||||||
default: :confirmed_at
|
default: :confirmed_at
|
||||||
],
|
],
|
||||||
confirm_on_create?: [
|
confirm_on_create?: [
|
||||||
type: :boolean,
|
type: :boolean,
|
||||||
doc: """
|
doc:
|
||||||
Generate and send a confirmation token when a new resource is created?
|
"Generate and send a confirmation token when a new resource is created. Triggers when a create action is executed _and_ one of the monitored fields is being set.",
|
||||||
Will only trigger when a create action is executed _and_ one of the
|
|
||||||
monitored fields is being set.
|
|
||||||
""",
|
|
||||||
default: true
|
default: true
|
||||||
],
|
],
|
||||||
confirm_on_update?: [
|
confirm_on_update?: [
|
||||||
type: :boolean,
|
type: :boolean,
|
||||||
doc: """
|
doc:
|
||||||
Generate and send a confirmation token when a resource is changed?
|
"Generate and send a confirmation token when a resource is changed. Triggers when an update action is executed _and_ one of the monitored fields is being set.",
|
||||||
Will only trigger when an update action is executed _and_ one of the
|
|
||||||
monitored fields is being set.
|
|
||||||
""",
|
|
||||||
default: true
|
default: true
|
||||||
],
|
],
|
||||||
inhibit_updates?: [
|
inhibit_updates?: [
|
||||||
type: :boolean,
|
type: :boolean,
|
||||||
doc: """
|
doc:
|
||||||
Wait until confirmation is received before actually changing a monitored
|
"Whether or not to wait until confirmation is received before actually changing a monitored field. See [the confirmation guide](/documentation/topics/confirmation.md) for more.",
|
||||||
field?
|
|
||||||
If a change to a monitored field is detected, then the change is stored
|
|
||||||
in the token resource and the changeset updated to not make the
|
|
||||||
requested change. When the token is confirmed, the change will be
|
|
||||||
applied.
|
|
||||||
This could be potentially weird for your users, but useful in the case
|
|
||||||
of a user changing their email address or phone number where you want
|
|
||||||
to verify that the new contact details are reachable.
|
|
||||||
""",
|
|
||||||
default: true
|
default: true
|
||||||
],
|
],
|
||||||
sender: [
|
sender: [
|
||||||
type: {:spark_function_behaviour, Sender, {SenderFunction, 3}},
|
type: {:spark_function_behaviour, Sender, {SenderFunction, 3}},
|
||||||
doc: """
|
doc: "How to send the confirmation instructions to the user.",
|
||||||
How to send the confirmation instructions to the user.
|
|
||||||
Allows you to glue sending of confirmation instructions to
|
|
||||||
[swoosh](https://hex.pm/packages/swoosh),
|
|
||||||
[ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification
|
|
||||||
system is appropriate for your application.
|
|
||||||
Accepts a module, module and opts, or a function that takes a record,
|
|
||||||
reset token and options.
|
|
||||||
The options will be a keyword list containing the original
|
|
||||||
changeset, before any changes were inhibited. This allows you
|
|
||||||
to send an email to the user's new email address if it is being
|
|
||||||
changed for example.
|
|
||||||
See `AshAuthentication.Sender` for more information.
|
|
||||||
""",
|
|
||||||
required: true
|
required: true
|
||||||
],
|
],
|
||||||
confirm_action_name: [
|
confirm_action_name: [
|
||||||
type: :atom,
|
type: :atom,
|
||||||
doc: """
|
doc:
|
||||||
The name of the action to use when performing confirmation.
|
"The name of the action to use when performing confirmation. Will be created if it does not already exist.",
|
||||||
If this action is not already present on the resource, it will be
|
|
||||||
created for you.
|
|
||||||
""",
|
|
||||||
default: :confirm
|
default: :confirm
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
|
|
|
@ -28,13 +28,8 @@ defmodule AshAuthentication.Dsl do
|
||||||
@doc false
|
@doc false
|
||||||
@spec secret_doc :: String.t()
|
@spec secret_doc :: String.t()
|
||||||
def secret_doc,
|
def secret_doc,
|
||||||
do: """
|
do:
|
||||||
Takes either a module which implements the `AshAuthentication.Secret`
|
"Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string."
|
||||||
behaviour, a 2 arity anonymous function or a string.
|
|
||||||
|
|
||||||
See the module documentation for `AshAuthentication.Secret` for more
|
|
||||||
information.
|
|
||||||
"""
|
|
||||||
|
|
||||||
@doc false
|
@doc false
|
||||||
@spec dsl :: [Section.t()]
|
@spec dsl :: [Section.t()]
|
||||||
|
@ -50,46 +45,25 @@ defmodule AshAuthentication.Dsl do
|
||||||
schema: [
|
schema: [
|
||||||
subject_name: [
|
subject_name: [
|
||||||
type: :atom,
|
type: :atom,
|
||||||
doc: """
|
doc:
|
||||||
The subject name is used anywhere that a short version of your
|
"The subject name is used anywhere that a short version of your resource name is needed. Must be unique system-wide and will be inferred from the resource name by default (ie `MyApp.Accounts.User` -> `user`)."
|
||||||
resource name is needed, eg:
|
|
||||||
|
|
||||||
- generating token claims,
|
|
||||||
- generating routes,
|
|
||||||
- form parameter nesting.
|
|
||||||
|
|
||||||
This needs to be unique system-wide and if not set will be inferred
|
|
||||||
from the resource name (ie `MyApp.Accounts.User` will have a subject
|
|
||||||
name of `user`).
|
|
||||||
"""
|
|
||||||
],
|
],
|
||||||
api: [
|
api: [
|
||||||
type: {:behaviour, Api},
|
type: {:behaviour, Api},
|
||||||
doc: """
|
doc:
|
||||||
The name of the Ash API to use to access this resource when
|
"The name of the Ash API to use to access this resource when doing anything authenticaiton related.",
|
||||||
doing anything authenticaiton related.
|
|
||||||
""",
|
|
||||||
required: true
|
required: true
|
||||||
],
|
],
|
||||||
get_by_subject_action_name: [
|
get_by_subject_action_name: [
|
||||||
type: :atom,
|
type: :atom,
|
||||||
doc: """
|
doc:
|
||||||
The name of the read action used to retrieve records.
|
"The name of the read action used to retrieve records. If the action doesn't exist, one will be generated for you.",
|
||||||
|
|
||||||
Used internally by `AshAuthentication.subject_to_user/2`. If the
|
|
||||||
action doesn't exist, one will be generated for you.
|
|
||||||
""",
|
|
||||||
default: :get_by_subject
|
default: :get_by_subject
|
||||||
],
|
],
|
||||||
select_for_senders: [
|
select_for_senders: [
|
||||||
type: {:list, :atom},
|
type: {:list, :atom},
|
||||||
doc: """
|
doc:
|
||||||
A list of fields that we will ensure are selected whenever a sender will be invoked.
|
"A list of fields that we will ensure are selected whenever a sender will be invoked. Defaults to `[:email]` if there is an `:email` attribute on the resource, and `[]` otherwise."
|
||||||
This is useful if using something like `ash_graphql` which by default only selects
|
|
||||||
what fields appear in the query, and if you are exposing these actions that way.
|
|
||||||
Defaults to `[:email]` if there is an `:email` attribute on the resource, and `[]`
|
|
||||||
otherwise.
|
|
||||||
"""
|
|
||||||
]
|
]
|
||||||
],
|
],
|
||||||
sections: [
|
sections: [
|
||||||
|
@ -107,37 +81,20 @@ defmodule AshAuthentication.Dsl do
|
||||||
],
|
],
|
||||||
store_all_tokens?: [
|
store_all_tokens?: [
|
||||||
type: :boolean,
|
type: :boolean,
|
||||||
doc: """
|
doc:
|
||||||
Store all tokens in the `token_resource`?
|
"Store all tokens in the `token_resource`. See the [tokens guide](/documentation/topics/tokens.md) for more.",
|
||||||
|
|
||||||
Some applications need to keep track of all tokens issued to
|
|
||||||
any user. This is optional behaviour with `ash_authentication`
|
|
||||||
in order to preserve as much performance as possible.
|
|
||||||
""",
|
|
||||||
default: false
|
default: false
|
||||||
],
|
],
|
||||||
require_token_presence_for_authentication?: [
|
require_token_presence_for_authentication?: [
|
||||||
type: :boolean,
|
type: :boolean,
|
||||||
doc: """
|
doc:
|
||||||
Require a locally-stored token for authentication?
|
"Require a locally-stored token for authentication. See the [tokens guide](/documentation/topics/tokens.md) for more.",
|
||||||
|
|
||||||
This inverts the token validation behaviour from requiring that
|
|
||||||
tokens are not revoked to requiring any token presented by a
|
|
||||||
client to be present in the token resource to be considered
|
|
||||||
valid.
|
|
||||||
|
|
||||||
Requires `store_all_tokens?` to be `true`.
|
|
||||||
""",
|
|
||||||
default: false
|
default: false
|
||||||
],
|
],
|
||||||
signing_algorithm: [
|
signing_algorithm: [
|
||||||
type: :string,
|
type: :string,
|
||||||
doc: """
|
doc:
|
||||||
The algorithm to use for token signing.
|
"The algorithm to use for token signing. Available signing algorithms are; #{to_sentence(algorithms(), final: "and")}.",
|
||||||
|
|
||||||
Available signing algorithms are;
|
|
||||||
#{to_sentence(algorithms(), final: "and")}.
|
|
||||||
""",
|
|
||||||
default: hd(algorithms())
|
default: hd(algorithms())
|
||||||
],
|
],
|
||||||
token_lifetime: [
|
token_lifetime: [
|
||||||
|
@ -147,38 +104,19 @@ defmodule AshAuthentication.Dsl do
|
||||||
:pos_integer,
|
:pos_integer,
|
||||||
{:tuple, [:pos_integer, {:in, [:days, :hours, :minutes, :seconds]}]}
|
{:tuple, [:pos_integer, {:in, [:days, :hours, :minutes, :seconds]}]}
|
||||||
]},
|
]},
|
||||||
doc: """
|
doc:
|
||||||
How long a token should be valid.
|
"How long a token should be valid. See [the tokens guide](/documentation/topics/tokens.md) for more.",
|
||||||
|
|
||||||
Since refresh tokens are not yet supported, you should
|
|
||||||
probably set this to a reasonably long time to ensure
|
|
||||||
a good user experience.
|
|
||||||
|
|
||||||
You can either provide a tuple with a time unit, or a positive
|
|
||||||
integer, in which case the unit is assumed to be hours.
|
|
||||||
|
|
||||||
Defaults to #{@default_token_lifetime_days} days.
|
|
||||||
""",
|
|
||||||
default: {@default_token_lifetime_days, :days}
|
default: {@default_token_lifetime_days, :days}
|
||||||
],
|
],
|
||||||
token_resource: [
|
token_resource: [
|
||||||
type: {:or, [{:behaviour, Resource}, {:in, [false]}]},
|
type: {:or, [{:behaviour, Resource}, {:in, [false]}]},
|
||||||
doc: """
|
doc:
|
||||||
The resource used to store token information.
|
"The resource used to store token information, such as in-flight confirmations, revocations, and if `store_all_tokens?` is enabled, authentication tokens themselves.",
|
||||||
|
|
||||||
If token generation is enabled for this resource, we need a place to
|
|
||||||
store information about tokens, such as revocations and in-flight
|
|
||||||
confirmations.
|
|
||||||
""",
|
|
||||||
required: true
|
required: true
|
||||||
],
|
],
|
||||||
signing_secret: [
|
signing_secret: [
|
||||||
type: secret_type,
|
type: secret_type,
|
||||||
doc: """
|
doc: "The secret used to sign tokens. #{secret_doc}"
|
||||||
The secret used to sign tokens.
|
|
||||||
|
|
||||||
#{secret_doc}
|
|
||||||
"""
|
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
|
|
|
@ -16,10 +16,6 @@ defmodule AshAuthentication.Strategy.Auth0 do
|
||||||
|
|
||||||
See the [Auth0 quickstart guide](/documentation/tutorials/auth0-quickstart.md)
|
See the [Auth0 quickstart guide](/documentation/tutorials/auth0-quickstart.md)
|
||||||
for more information.
|
for more information.
|
||||||
|
|
||||||
## DSL Documentation
|
|
||||||
|
|
||||||
#{Spark.Dsl.Extension.doc_entity(Dsl.dsl())}
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
alias AshAuthentication.Strategy.{Custom, OAuth2}
|
alias AshAuthentication.Strategy.{Custom, OAuth2}
|
||||||
|
|
|
@ -22,8 +22,6 @@ defmodule AshAuthentication.Strategy.Auth0.Dsl do
|
||||||
#### Strategy defaults:
|
#### Strategy defaults:
|
||||||
|
|
||||||
#{strategy_override_docs(Assent.Strategy.Auth0)}
|
#{strategy_override_docs(Assent.Strategy.Auth0)}
|
||||||
|
|
||||||
#### Schema:
|
|
||||||
""",
|
""",
|
||||||
auto_set_fields: strategy_fields(Assent.Strategy.Auth0, icon: :auth0)
|
auto_set_fields: strategy_fields(Assent.Strategy.Auth0, icon: :auth0)
|
||||||
})
|
})
|
||||||
|
|
|
@ -15,10 +15,6 @@ defmodule AshAuthentication.Strategy.Github do
|
||||||
|
|
||||||
See the [GitHub quickstart guide](/documentation/tutorials/github-quickstart.html)
|
See the [GitHub quickstart guide](/documentation/tutorials/github-quickstart.html)
|
||||||
for more information.
|
for more information.
|
||||||
|
|
||||||
## DSL Documentation
|
|
||||||
|
|
||||||
#{Spark.Dsl.Extension.doc_entity(Dsl.dsl())}
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
alias AshAuthentication.Strategy.{Custom, OAuth2}
|
alias AshAuthentication.Strategy.{Custom, OAuth2}
|
||||||
|
|
|
@ -22,8 +22,6 @@ defmodule AshAuthentication.Strategy.Github.Dsl do
|
||||||
#### Strategy defaults:
|
#### Strategy defaults:
|
||||||
|
|
||||||
#{strategy_override_docs(Assent.Strategy.Github)}
|
#{strategy_override_docs(Assent.Strategy.Github)}
|
||||||
|
|
||||||
#### Schema:
|
|
||||||
""",
|
""",
|
||||||
auto_set_fields: strategy_fields(Assent.Strategy.Github, icon: :github)
|
auto_set_fields: strategy_fields(Assent.Strategy.Github, icon: :github)
|
||||||
})
|
})
|
||||||
|
|
|
@ -16,10 +16,6 @@ defmodule AshAuthentication.Strategy.Google do
|
||||||
|
|
||||||
See the [Google OAuth 2.0 Overview](https://developers.google.com/identity/protocols/oauth2)
|
See the [Google OAuth 2.0 Overview](https://developers.google.com/identity/protocols/oauth2)
|
||||||
for Google setup details.
|
for Google setup details.
|
||||||
|
|
||||||
## DSL Documentation
|
|
||||||
|
|
||||||
#{Spark.Dsl.Extension.doc_entity(Dsl.dsl())}
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
alias AshAuthentication.Strategy.{Custom, OAuth2}
|
alias AshAuthentication.Strategy.{Custom, OAuth2}
|
||||||
|
|
|
@ -22,8 +22,6 @@ defmodule AshAuthentication.Strategy.Google.Dsl do
|
||||||
#### Strategy defaults:
|
#### Strategy defaults:
|
||||||
|
|
||||||
#{strategy_override_docs(Assent.Strategy.Google)}
|
#{strategy_override_docs(Assent.Strategy.Google)}
|
||||||
|
|
||||||
#### Schema:
|
|
||||||
""",
|
""",
|
||||||
auto_set_fields: strategy_fields(Assent.Strategy.Google, icon: :google)
|
auto_set_fields: strategy_fields(Assent.Strategy.Google, icon: :google)
|
||||||
})
|
})
|
||||||
|
|
|
@ -94,10 +94,6 @@ defmodule AshAuthentication.Strategy.MagicLink do
|
||||||
...> {_conn, {:ok, signed_in_user}} = Plug.Helpers.get_authentication_result(conn)
|
...> {_conn, {:ok, signed_in_user}} = Plug.Helpers.get_authentication_result(conn)
|
||||||
...> signed_in_user.id == user.id
|
...> signed_in_user.id == user.id
|
||||||
true
|
true
|
||||||
|
|
||||||
## DSL Documentation
|
|
||||||
|
|
||||||
#{Spark.Dsl.Extension.doc_entity(Dsl.dsl())}
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
defstruct identity_field: :username,
|
defstruct identity_field: :username,
|
||||||
|
|
|
@ -21,11 +21,8 @@ defmodule AshAuthentication.Strategy.MagicLink.Dsl do
|
||||||
],
|
],
|
||||||
identity_field: [
|
identity_field: [
|
||||||
type: :atom,
|
type: :atom,
|
||||||
doc: """
|
doc:
|
||||||
The name of the attribute which uniquely identifies the user.
|
"The name of the attribute which uniquely identifies the user, usually something like `username` or `email_address`.",
|
||||||
|
|
||||||
Usually something like `username` or `email_address`.
|
|
||||||
""",
|
|
||||||
default: :username
|
default: :username
|
||||||
],
|
],
|
||||||
token_lifetime: [
|
token_lifetime: [
|
||||||
|
@ -35,21 +32,13 @@ defmodule AshAuthentication.Strategy.MagicLink.Dsl do
|
||||||
:pos_integer,
|
:pos_integer,
|
||||||
{:tuple, [:pos_integer, {:in, [:days, :hours, :minutes, :seconds]}]}
|
{:tuple, [:pos_integer, {:in, [:days, :hours, :minutes, :seconds]}]}
|
||||||
]},
|
]},
|
||||||
doc: """
|
doc:
|
||||||
How long the sign in token is valid.
|
"How long the sign in token is valid. If no unit is provided, then `minutes` is assumed.",
|
||||||
|
|
||||||
If no unit is provided, then `minutes` is assumed.
|
|
||||||
""",
|
|
||||||
default: {10, :minutes}
|
default: {10, :minutes}
|
||||||
],
|
],
|
||||||
request_action_name: [
|
request_action_name: [
|
||||||
type: :atom,
|
type: :atom,
|
||||||
doc: """
|
doc: "The name to use for the request action. Defaults to `request_<strategy_name>`",
|
||||||
The name to use for the request action.
|
|
||||||
|
|
||||||
If not present it will be generated by prepending the strategy name
|
|
||||||
with `request_`.
|
|
||||||
""",
|
|
||||||
required: false
|
required: false
|
||||||
],
|
],
|
||||||
single_use_token?: [
|
single_use_token?: [
|
||||||
|
@ -61,12 +50,8 @@ defmodule AshAuthentication.Strategy.MagicLink.Dsl do
|
||||||
],
|
],
|
||||||
sign_in_action_name: [
|
sign_in_action_name: [
|
||||||
type: :atom,
|
type: :atom,
|
||||||
doc: """
|
doc:
|
||||||
The name to use for the sign in action.
|
"The name to use for the sign in action. Defaults to `sign_in_with_<strategy_name>`",
|
||||||
|
|
||||||
If not present it will be generated by prepending the strategy name
|
|
||||||
with `sign_in_with_`.
|
|
||||||
""",
|
|
||||||
required: false
|
required: false
|
||||||
],
|
],
|
||||||
token_param_name: [
|
token_param_name: [
|
||||||
|
@ -81,15 +66,7 @@ defmodule AshAuthentication.Strategy.MagicLink.Dsl do
|
||||||
type:
|
type:
|
||||||
{:spark_function_behaviour, AshAuthentication.Sender,
|
{:spark_function_behaviour, AshAuthentication.Sender,
|
||||||
{AshAuthentication.SenderFunction, 3}},
|
{AshAuthentication.SenderFunction, 3}},
|
||||||
doc: """
|
doc: "How to send the magic link to the user.",
|
||||||
How to send the magic link to the user.
|
|
||||||
|
|
||||||
Allows you to glue sending of magic links to [swoosh](https://hex.pm/packages/swoosh), [ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification system is appropriate for your application.
|
|
||||||
|
|
||||||
Accepts a module, module and opts, or a function that takes a record, reset token and options.
|
|
||||||
|
|
||||||
See `AshAuthentication.Sender` for more information.
|
|
||||||
""",
|
|
||||||
required: true
|
required: true
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
|
|
|
@ -215,11 +215,6 @@ defmodule AshAuthentication.Strategy.OAuth2 do
|
||||||
authentication provider for authentication.
|
authentication provider for authentication.
|
||||||
2. The callback phase, where the provider redirects the user back to your app
|
2. The callback phase, where the provider redirects the user back to your app
|
||||||
to create a local database record, session, etc.
|
to create a local database record, session, etc.
|
||||||
|
|
||||||
|
|
||||||
## DSL Documentation
|
|
||||||
|
|
||||||
#{Spark.Dsl.Extension.doc_entity(Dsl.dsl())}
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
@struct_fields [
|
@struct_fields [
|
||||||
|
|
|
@ -39,41 +39,13 @@ defmodule AshAuthentication.Strategy.OAuth2.Dsl do
|
||||||
],
|
],
|
||||||
client_id: [
|
client_id: [
|
||||||
type: secret_type,
|
type: secret_type,
|
||||||
doc: """
|
doc: "The OAuth2 client ID. #{secret_doc}",
|
||||||
The OAuth2 client ID.
|
|
||||||
|
|
||||||
#{secret_doc}
|
|
||||||
|
|
||||||
Example:
|
|
||||||
|
|
||||||
```elixir
|
|
||||||
client_id fn _, resource ->
|
|
||||||
:my_app
|
|
||||||
|> Application.get_env(resource, [])
|
|
||||||
|> Keyword.fetch(:oauth_client_id)
|
|
||||||
end
|
|
||||||
```
|
|
||||||
""",
|
|
||||||
required: true
|
required: true
|
||||||
],
|
],
|
||||||
base_url: [
|
base_url: [
|
||||||
type: secret_type,
|
type: secret_type,
|
||||||
doc: """
|
doc:
|
||||||
The base URL of the OAuth2 server - including the leading protocol
|
"The base URL of the OAuth2 server - including the leading protocol (ie `https://`). #{secret_doc}",
|
||||||
(ie `https://`).
|
|
||||||
|
|
||||||
#{secret_doc}
|
|
||||||
|
|
||||||
Example:
|
|
||||||
|
|
||||||
```elixir
|
|
||||||
base_url fn _, resource ->
|
|
||||||
:my_app
|
|
||||||
|> Application.get_env(resource, [])
|
|
||||||
|> Keyword.fetch(:oauth_site)
|
|
||||||
end
|
|
||||||
```
|
|
||||||
""",
|
|
||||||
required: false
|
required: false
|
||||||
],
|
],
|
||||||
site: [
|
site: [
|
||||||
|
@ -91,188 +63,73 @@ defmodule AshAuthentication.Strategy.OAuth2.Dsl do
|
||||||
:client_secret_jwt,
|
:client_secret_jwt,
|
||||||
:private_key_jwt
|
:private_key_jwt
|
||||||
]},
|
]},
|
||||||
doc: """
|
doc:
|
||||||
The authentication strategy used, optional. If not set, no
|
"The authentication strategy used, optional. If not set, no authentication will be used during the access token request.",
|
||||||
authentication will be used during the access token request. The
|
|
||||||
value may be one of the following:
|
|
||||||
|
|
||||||
* `:client_secret_basic`
|
|
||||||
* `:client_secret_post`
|
|
||||||
* `:client_secret_jwt`
|
|
||||||
* `:private_key_jwt`
|
|
||||||
""",
|
|
||||||
default: :client_secret_post
|
default: :client_secret_post
|
||||||
],
|
],
|
||||||
client_secret: [
|
client_secret: [
|
||||||
type: secret_type,
|
type: secret_type,
|
||||||
doc: """
|
doc:
|
||||||
The OAuth2 client secret.
|
"The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. #{secret_doc}",
|
||||||
|
|
||||||
Required if :auth_method is `:client_secret_basic`,
|
|
||||||
`:client_secret_post` or `:client_secret_jwt`.
|
|
||||||
|
|
||||||
#{secret_doc}
|
|
||||||
|
|
||||||
Example:
|
|
||||||
|
|
||||||
```elixir
|
|
||||||
site fn _, resource ->
|
|
||||||
:my_app
|
|
||||||
|> Application.get_env(resource, [])
|
|
||||||
|> Keyword.fetch(:oauth_site)
|
|
||||||
end
|
|
||||||
```
|
|
||||||
""",
|
|
||||||
required: false
|
required: false
|
||||||
],
|
],
|
||||||
authorize_url: [
|
authorize_url: [
|
||||||
type: secret_type,
|
type: secret_type,
|
||||||
doc: """
|
doc:
|
||||||
The API url to the OAuth2 authorize endpoint.
|
"The API url to the OAuth2 authorize endpoint, relative to `site`, e.g `authorize_url fn _, _ -> {:ok, \"https://exampe.com/authorize\"} end`. #{secret_doc}",
|
||||||
|
|
||||||
Relative to the value of `site`.
|
|
||||||
|
|
||||||
#{secret_doc}
|
|
||||||
|
|
||||||
Example:
|
|
||||||
|
|
||||||
```elixir
|
|
||||||
authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end
|
|
||||||
```
|
|
||||||
""",
|
|
||||||
required: true
|
required: true
|
||||||
],
|
],
|
||||||
token_url: [
|
token_url: [
|
||||||
type: secret_type,
|
type: secret_type,
|
||||||
doc: """
|
doc:
|
||||||
The API url to access the token endpoint.
|
"The API url to access the token endpoint, relative to `site`, e.g `token_url fn _, _ -> {:ok, \"https://example.com/oauth_token\"} end`. #{secret_doc}",
|
||||||
|
|
||||||
Relative to the value of `site`.
|
|
||||||
|
|
||||||
#{secret_doc}
|
|
||||||
|
|
||||||
Example:
|
|
||||||
|
|
||||||
```elixir
|
|
||||||
token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end
|
|
||||||
```
|
|
||||||
""",
|
|
||||||
required: true
|
required: true
|
||||||
],
|
],
|
||||||
user_url: [
|
user_url: [
|
||||||
type: secret_type,
|
type: secret_type,
|
||||||
doc: """
|
doc:
|
||||||
The API url to access the user endpoint.
|
"The API url to access the user endpoint, relative to `site`, e.g `user_url fn _, _ -> {:ok, \"https://example.com/userinfo\"} end`. #{secret_doc}",
|
||||||
|
|
||||||
Relative to the value of `site`.
|
|
||||||
|
|
||||||
#{secret_doc}
|
|
||||||
|
|
||||||
Example:
|
|
||||||
|
|
||||||
```elixir
|
|
||||||
user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end
|
|
||||||
```
|
|
||||||
""",
|
|
||||||
required: true
|
required: true
|
||||||
],
|
],
|
||||||
private_key: [
|
private_key: [
|
||||||
type: secret_type,
|
type: secret_type,
|
||||||
doc: """
|
doc: "The private key to use if `:auth_method` is `:private_key_jwt`. #{secret_doc}",
|
||||||
The private key to use if `:auth_method` is `:private_key_jwt`
|
|
||||||
|
|
||||||
#{secret_doc}
|
|
||||||
""",
|
|
||||||
required: false
|
required: false
|
||||||
],
|
],
|
||||||
redirect_uri: [
|
redirect_uri: [
|
||||||
type: secret_type,
|
type: secret_type,
|
||||||
doc: """
|
doc:
|
||||||
The callback URI base.
|
"The callback URI *base*. Not the whole URI back to the callback endpoint, but the URI to your `AuthPlug`. #{secret_doc}",
|
||||||
|
|
||||||
Not the whole URI back to the callback endpoint, but the URI to your
|
|
||||||
`AuthPlug`. We can generate the rest.
|
|
||||||
|
|
||||||
Whilst not particularly secret, it seemed prudent to allow this to be
|
|
||||||
configured dynamically so that you can use different URIs for
|
|
||||||
different environments.
|
|
||||||
|
|
||||||
#{secret_doc}
|
|
||||||
""",
|
|
||||||
required: true
|
required: true
|
||||||
],
|
],
|
||||||
authorization_params: [
|
authorization_params: [
|
||||||
type: :keyword_list,
|
type: :keyword_list,
|
||||||
doc: """
|
doc:
|
||||||
Any additional parameters to encode in the request phase.
|
"Any additional parameters to encode in the request phase. eg: `authorization_params scope: \"openid profile email\"`",
|
||||||
|
|
||||||
eg: `authorization_params scope: "openid profile email"`
|
|
||||||
""",
|
|
||||||
default: []
|
default: []
|
||||||
],
|
],
|
||||||
registration_enabled?: [
|
registration_enabled?: [
|
||||||
type: :boolean,
|
type: :boolean,
|
||||||
doc: """
|
doc:
|
||||||
Is registration enabled for this provider?
|
"If enabled, new users will be able to register for your site when authenticating and not already present. If not, only existing users will be able to authenticate.",
|
||||||
|
|
||||||
If this option is enabled, then new users will be able to register for
|
|
||||||
your site when authenticating and not already present.
|
|
||||||
|
|
||||||
If not, then only existing users will be able to authenticate.
|
|
||||||
""",
|
|
||||||
default: true
|
default: true
|
||||||
],
|
],
|
||||||
register_action_name: [
|
register_action_name: [
|
||||||
type: :atom,
|
type: :atom,
|
||||||
doc: ~S"""
|
doc:
|
||||||
The name of the action to use to register a user.
|
"The name of the action to use to register a user, if `registration_enabled?` is `true`. Defaults to `register_with_<name>` See the \"Registration and Sign-in\" section of the strategy docs for more.",
|
||||||
|
|
||||||
Only needed if `registration_enabled?` is `true`.
|
|
||||||
|
|
||||||
Because we we don't know the response format of the server, you must
|
|
||||||
implement your own registration action of the same name.
|
|
||||||
|
|
||||||
See the "Registration and Sign-in" section of the module
|
|
||||||
documentation for more information.
|
|
||||||
|
|
||||||
The default is computed from the strategy name eg:
|
|
||||||
`register_with_#{name}`.
|
|
||||||
""",
|
|
||||||
required: false
|
required: false
|
||||||
],
|
],
|
||||||
sign_in_action_name: [
|
sign_in_action_name: [
|
||||||
type: :atom,
|
type: :atom,
|
||||||
doc: ~S"""
|
doc:
|
||||||
The name of the action to use to sign in an existing user.
|
"The name of the action to use to sign in an existing user, if `sign_in_enabled?` is `true`. Defaults to `sign_in_with_<strategy>`, which is generated for you by default. See the \"Registration and Sign-in\" section of the strategy docs for more information.",
|
||||||
|
|
||||||
Only needed if `registration_enabled?` is `false`.
|
|
||||||
|
|
||||||
Because we don't know the response format of the server, you must
|
|
||||||
implement your own sign-in action of the same name.
|
|
||||||
|
|
||||||
See the "Registration and Sign-in" section of the module
|
|
||||||
documentation for more information.
|
|
||||||
|
|
||||||
The default is computed from the strategy name, eg:
|
|
||||||
`sign_in_with_#{name}`.
|
|
||||||
""",
|
|
||||||
required: false
|
required: false
|
||||||
],
|
],
|
||||||
identity_resource: [
|
identity_resource: [
|
||||||
type: {:or, [{:behaviour, Ash.Resource}, {:in, [false]}]},
|
type: {:or, [{:behaviour, Ash.Resource}, {:in, [false]}]},
|
||||||
doc: """
|
doc:
|
||||||
The resource used to store user identities.
|
"The resource used to store user identities, or `false` to disable. See the User Identities section of the strategy docs for more.",
|
||||||
|
|
||||||
Given that a user can be signed into multiple different
|
|
||||||
authentication providers at once we use the
|
|
||||||
`AshAuthentication.UserIdentity` resource to build a mapping
|
|
||||||
between users, providers and that provider's uid.
|
|
||||||
|
|
||||||
See the Identities section of the module documentation for more
|
|
||||||
information.
|
|
||||||
|
|
||||||
Set to `false` to disable.
|
|
||||||
""",
|
|
||||||
default: false
|
default: false
|
||||||
],
|
],
|
||||||
identity_relationship_name: [
|
identity_relationship_name: [
|
||||||
|
@ -282,22 +139,14 @@ defmodule AshAuthentication.Strategy.OAuth2.Dsl do
|
||||||
],
|
],
|
||||||
identity_relationship_user_id_attribute: [
|
identity_relationship_user_id_attribute: [
|
||||||
type: :atom,
|
type: :atom,
|
||||||
doc: """
|
doc:
|
||||||
The name of the destination (user_id) attribute on your provider
|
"The name of the destination (user_id) attribute on your provider identity resource. Only necessary if you've changed the `user_id_attribute_name` option of the provider identity.",
|
||||||
identity resource.
|
|
||||||
|
|
||||||
The only reason to change this would be if you changed the
|
|
||||||
`user_id_attribute_name` option of the provider identity.
|
|
||||||
""",
|
|
||||||
default: :user_id
|
default: :user_id
|
||||||
],
|
],
|
||||||
icon: [
|
icon: [
|
||||||
type: :atom,
|
type: :atom,
|
||||||
doc: """
|
doc:
|
||||||
The name of an icon to use in any potential UI.
|
" The name of an icon to use in any potential UI. This is a *hint* for UI generators to use, and not in any way canonical.",
|
||||||
|
|
||||||
This is a *hint* for UI generators to use, and not in any way canonical.
|
|
||||||
""",
|
|
||||||
required: false,
|
required: false,
|
||||||
default: :oauth2
|
default: :oauth2
|
||||||
]
|
]
|
||||||
|
|
|
@ -46,10 +46,6 @@ defmodule AshAuthentication.Strategy.Oidc do
|
||||||
|
|
||||||
AshAuthentication will dynamically generate one for the session if `nonce` is
|
AshAuthentication will dynamically generate one for the session if `nonce` is
|
||||||
set to `true`.
|
set to `true`.
|
||||||
|
|
||||||
## DSL Documentation
|
|
||||||
|
|
||||||
#{Spark.Dsl.Extension.doc_entity(Dsl.dsl())}
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
alias AshAuthentication.Strategy.{Custom, Oidc}
|
alias AshAuthentication.Strategy.{Custom, Oidc}
|
||||||
|
|
|
@ -15,8 +15,6 @@ defmodule AshAuthentication.Strategy.Oidc.Dsl do
|
||||||
|
|
||||||
This strategy is built using the `:oauth2` strategy, and thus provides
|
This strategy is built using the `:oauth2` strategy, and thus provides
|
||||||
all the same configuration options should you need them.
|
all the same configuration options should you need them.
|
||||||
|
|
||||||
#### Schema:
|
|
||||||
""",
|
""",
|
||||||
auto_set_fields: [assent_strategy: Assent.Strategy.OIDC, icon: :oidc],
|
auto_set_fields: [assent_strategy: Assent.Strategy.OIDC, icon: :oidc],
|
||||||
schema: patch_schema()
|
schema: patch_schema()
|
||||||
|
@ -43,11 +41,8 @@ defmodule AshAuthentication.Strategy.Oidc.Dsl do
|
||||||
],
|
],
|
||||||
openid_configuration: [
|
openid_configuration: [
|
||||||
type: :map,
|
type: :map,
|
||||||
doc: """
|
doc:
|
||||||
The OpenID configuration.
|
"The OpenID configuration. If not set, the configuration will be retrieved from `openid_configuration_uri`.",
|
||||||
|
|
||||||
If not set, the configuration will be retrieved from `openid_configuration_uri`.
|
|
||||||
""",
|
|
||||||
required: false,
|
required: false,
|
||||||
default: %{}
|
default: %{}
|
||||||
],
|
],
|
||||||
|
@ -69,25 +64,8 @@ defmodule AshAuthentication.Strategy.Oidc.Dsl do
|
||||||
],
|
],
|
||||||
nonce: [
|
nonce: [
|
||||||
type: {:or, [:boolean, AshAuthentication.Dsl.secret_type()]},
|
type: {:or, [:boolean, AshAuthentication.Dsl.secret_type()]},
|
||||||
doc: """
|
doc:
|
||||||
A function for generating the session nonce.
|
"A function for generating the session nonce, `true` to automatically generate it with `AshAuthetnication.Strategy.Oidc.NonceGenerator`, or `false` to disable.",
|
||||||
|
|
||||||
When set to `true` the nonce will be automatically generated using
|
|
||||||
`AshAuthentication.Strategy.Oidc.NonceGenerator`. Set to `false`
|
|
||||||
to explicitly disable.
|
|
||||||
|
|
||||||
#{AshAuthentication.Dsl.secret_doc()}
|
|
||||||
|
|
||||||
Example:
|
|
||||||
|
|
||||||
```elixir
|
|
||||||
nonce fn _, _ ->
|
|
||||||
16
|
|
||||||
|> :crypto.strong_rand_bytes()
|
|
||||||
|> Base.encode64(padding: false)
|
|
||||||
end
|
|
||||||
```
|
|
||||||
""",
|
|
||||||
default: true,
|
default: true,
|
||||||
required: false
|
required: false
|
||||||
],
|
],
|
||||||
|
|
|
@ -93,10 +93,6 @@ defmodule AshAuthentication.Strategy.Password do
|
||||||
## Testing
|
## Testing
|
||||||
|
|
||||||
See the [Testing guide](/documentation/topics/testing.md) for tips on testing resources using this strategy.
|
See the [Testing guide](/documentation/topics/testing.md) for tips on testing resources using this strategy.
|
||||||
|
|
||||||
## DSL Documentation
|
|
||||||
|
|
||||||
#{Spark.Dsl.Extension.doc_entity(Dsl.dsl())}
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
defstruct confirmation_required?: false,
|
defstruct confirmation_required?: false,
|
||||||
|
|
|
@ -39,38 +39,27 @@ defmodule AshAuthentication.Strategy.Password.Dsl do
|
||||||
],
|
],
|
||||||
identity_field: [
|
identity_field: [
|
||||||
type: :atom,
|
type: :atom,
|
||||||
doc: """
|
doc:
|
||||||
The name of the attribute which uniquely identifies the user.
|
"The name of the attribute which uniquely identifies the user, usually something like `username` or `email_address`.",
|
||||||
|
|
||||||
Usually something like `username` or `email_address`.
|
|
||||||
""",
|
|
||||||
default: :username
|
default: :username
|
||||||
],
|
],
|
||||||
hashed_password_field: [
|
hashed_password_field: [
|
||||||
type: :atom,
|
type: :atom,
|
||||||
doc: """
|
doc:
|
||||||
The name of the attribute within which to store the user's password
|
"The name of the attribute within which to store the user's password once it has been hashed.",
|
||||||
once it has been hashed.
|
|
||||||
""",
|
|
||||||
default: :hashed_password
|
default: :hashed_password
|
||||||
],
|
],
|
||||||
hash_provider: [
|
hash_provider: [
|
||||||
type: {:behaviour, AshAuthentication.HashProvider},
|
type: {:behaviour, AshAuthentication.HashProvider},
|
||||||
doc: """
|
doc:
|
||||||
A module which implements the `AshAuthentication.HashProvider`
|
"A module which implements the `AshAuthentication.HashProvider` behaviour, to provide cryptographic hashing of passwords.",
|
||||||
behaviour.
|
|
||||||
|
|
||||||
Used to provide cryptographic hashing of passwords.
|
|
||||||
""",
|
|
||||||
default: AshAuthentication.BcryptProvider
|
default: AshAuthentication.BcryptProvider
|
||||||
],
|
],
|
||||||
confirmation_required?: [
|
confirmation_required?: [
|
||||||
type: :boolean,
|
type: :boolean,
|
||||||
required: false,
|
required: false,
|
||||||
doc: """
|
doc:
|
||||||
Whether a password confirmation field is required when registering or
|
"Whether a password confirmation field is required when registering or changing passwords.",
|
||||||
changing passwords.
|
|
||||||
""",
|
|
||||||
default: true
|
default: true
|
||||||
],
|
],
|
||||||
register_action_accept: [
|
register_action_accept: [
|
||||||
|
@ -80,71 +69,47 @@ defmodule AshAuthentication.Strategy.Password.Dsl do
|
||||||
],
|
],
|
||||||
password_field: [
|
password_field: [
|
||||||
type: :atom,
|
type: :atom,
|
||||||
doc: """
|
doc:
|
||||||
The name of the argument used to collect the user's password in
|
"The name of the argument used to collect the user's password in plaintext when registering, checking or changing passwords.",
|
||||||
plaintext when registering, checking or changing passwords.
|
|
||||||
""",
|
|
||||||
default: :password
|
default: :password
|
||||||
],
|
],
|
||||||
password_confirmation_field: [
|
password_confirmation_field: [
|
||||||
type: :atom,
|
type: :atom,
|
||||||
doc: """
|
doc: """
|
||||||
The name of the argument used to confirm the user's password in
|
The name of the argument used to confirm the user's password in plaintext when registering or changing passwords.
|
||||||
plaintext when registering or changing passwords.
|
|
||||||
""",
|
""",
|
||||||
default: :password_confirmation
|
default: :password_confirmation
|
||||||
],
|
],
|
||||||
register_action_name: [
|
register_action_name: [
|
||||||
type: :atom,
|
type: :atom,
|
||||||
doc: """
|
doc:
|
||||||
The name to use for the register action.
|
"The name to use for the register action. Defaults to `register_with_<strategy_name>`",
|
||||||
|
|
||||||
If not present it will be generated by prepending the strategy name
|
|
||||||
with `register_with_`.
|
|
||||||
""",
|
|
||||||
required: false
|
required: false
|
||||||
],
|
],
|
||||||
registration_enabled?: [
|
registration_enabled?: [
|
||||||
type: :boolean,
|
type: :boolean,
|
||||||
doc: """
|
doc:
|
||||||
If you do not want new users to be able to register using this
|
"If you do not want new users to be able to register using this strategy, set this to false.",
|
||||||
strategy, set this to false.
|
|
||||||
""",
|
|
||||||
required: false,
|
required: false,
|
||||||
default: true
|
default: true
|
||||||
],
|
],
|
||||||
sign_in_action_name: [
|
sign_in_action_name: [
|
||||||
type: :atom,
|
type: :atom,
|
||||||
doc: """
|
doc:
|
||||||
The name to use for the sign in action.
|
"The name to use for the sign in action. Defaults to `sign_in_with_<strategy_name>`",
|
||||||
|
|
||||||
If not present it will be generated by prepending the strategy name
|
|
||||||
with `sign_in_with_`.
|
|
||||||
""",
|
|
||||||
required: false
|
required: false
|
||||||
],
|
],
|
||||||
sign_in_enabled?: [
|
sign_in_enabled?: [
|
||||||
type: :boolean,
|
type: :boolean,
|
||||||
doc: """
|
doc:
|
||||||
If you do not want new users to be able to sign in using this
|
"If you do not want new users to be able to sign in using this strategy, set this to false.",
|
||||||
strategy, set this to false.
|
|
||||||
""",
|
|
||||||
required: false,
|
required: false,
|
||||||
default: true
|
default: true
|
||||||
],
|
],
|
||||||
sign_in_tokens_enabled?: [
|
sign_in_tokens_enabled?: [
|
||||||
type: :boolean,
|
type: :boolean,
|
||||||
doc: """
|
doc:
|
||||||
Whether or not to support generating short lived sign in tokens. Requires the resource to have
|
"Whether or not to support generating short lived sign in tokens. Requires the resource to have tokens enabled. There is no drawback to supporting this, and in the future this default will change from `false` to `true`.",
|
||||||
tokens enabled. There is no drawback to supporting this, and in the future this default will
|
|
||||||
change from `false` to `true`.
|
|
||||||
|
|
||||||
Sign in tokens can be generated on request by setting the `:token_type` context to `:sign_in`
|
|
||||||
when calling the sign in action. You might do this when you need to generate a short lived token
|
|
||||||
to be exchanged for a real token using the `validate_sign_in_token` route. This is used, for example,
|
|
||||||
by `ash_authentication_phoenix` (since 1.7) to support signing in in a liveview, and then redirecting
|
|
||||||
with a valid token to a controller action, allowing the liveview to show invalid username/password errors.
|
|
||||||
""",
|
|
||||||
required: false,
|
required: false,
|
||||||
default: false
|
default: false
|
||||||
],
|
],
|
||||||
|
@ -156,11 +121,8 @@ defmodule AshAuthentication.Strategy.Password.Dsl do
|
||||||
{:tuple, [:pos_integer, {:in, [:days, :hours, :minutes, :seconds]}]}
|
{:tuple, [:pos_integer, {:in, [:days, :hours, :minutes, :seconds]}]}
|
||||||
]},
|
]},
|
||||||
default: {60, :seconds},
|
default: {60, :seconds},
|
||||||
doc: """
|
doc:
|
||||||
A lifetime for which a generated sign in token will be valid, if `sign_in_tokens_enabled?`.
|
"A lifetime for which a generated sign in token will be valid, if `sign_in_tokens_enabled?`. Unit defaults to `:seconds`."
|
||||||
|
|
||||||
If no unit is specified, defaults to `:seconds`.
|
|
||||||
"""
|
|
||||||
]
|
]
|
||||||
],
|
],
|
||||||
entities: [
|
entities: [
|
||||||
|
@ -177,49 +139,27 @@ defmodule AshAuthentication.Strategy.Password.Dsl do
|
||||||
:pos_integer,
|
:pos_integer,
|
||||||
{:tuple, [:pos_integer, {:in, [:days, :hours, :minutes, :seconds]}]}
|
{:tuple, [:pos_integer, {:in, [:days, :hours, :minutes, :seconds]}]}
|
||||||
]},
|
]},
|
||||||
doc: """
|
doc:
|
||||||
How long should the reset token be valid.
|
"How long should the reset token be valid. If no unit is provided `:hours` is assumed.",
|
||||||
|
|
||||||
If no unit is provided `:hours` is assumed.
|
|
||||||
|
|
||||||
Defaults to #{@default_token_lifetime_days} days.
|
|
||||||
""",
|
|
||||||
default: {@default_token_lifetime_days, :days}
|
default: {@default_token_lifetime_days, :days}
|
||||||
],
|
],
|
||||||
request_password_reset_action_name: [
|
request_password_reset_action_name: [
|
||||||
type: :atom,
|
type: :atom,
|
||||||
doc: """
|
doc:
|
||||||
The name to use for the action which generates a password reset token.
|
"The name to use for the action which generates a password reset token. Defaults to `request_password_reset_with_<strategy_name>`.",
|
||||||
|
|
||||||
If not present it will be generated by prepending the strategy name
|
|
||||||
with `request_password_reset_with_`.
|
|
||||||
""",
|
|
||||||
required: false
|
required: false
|
||||||
],
|
],
|
||||||
password_reset_action_name: [
|
password_reset_action_name: [
|
||||||
type: :atom,
|
type: :atom,
|
||||||
doc: """
|
doc:
|
||||||
The name to use for the action which actually resets the user's
|
"The name to use for the action which actually resets the user's password. Defaults to `password_reset_with_<strategy_name>`.",
|
||||||
password.
|
|
||||||
|
|
||||||
If not present it will be generated by prepending the strategy name
|
|
||||||
with `password_reset_with_`.
|
|
||||||
""",
|
|
||||||
required: false
|
required: false
|
||||||
],
|
],
|
||||||
sender: [
|
sender: [
|
||||||
type:
|
type:
|
||||||
{:spark_function_behaviour, AshAuthentication.Sender,
|
{:spark_function_behaviour, AshAuthentication.Sender,
|
||||||
{AshAuthentication.SenderFunction, 3}},
|
{AshAuthentication.SenderFunction, 3}},
|
||||||
doc: """
|
doc: "The sender to use when sending password reset instructions.",
|
||||||
How to send the password reset instructions to the user.
|
|
||||||
|
|
||||||
Allows you to glue sending of reset instructions to [swoosh](https://hex.pm/packages/swoosh), [ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification system is appropriate for your application.
|
|
||||||
|
|
||||||
Accepts a module, module and opts, or a function that takes a record, reset token and options.
|
|
||||||
|
|
||||||
See `AshAuthentication.Sender` for more information.
|
|
||||||
""",
|
|
||||||
required: true
|
required: true
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
|
|
|
@ -23,38 +23,25 @@ defmodule AshAuthentication.TokenResource do
|
||||||
],
|
],
|
||||||
read_expired_action_name: [
|
read_expired_action_name: [
|
||||||
type: :atom,
|
type: :atom,
|
||||||
doc: """
|
doc: "The name of the action use to find all expired tokens.",
|
||||||
The name of the action use to find all expired tokens.
|
|
||||||
|
|
||||||
Used internally by the `expunge_expired` action.
|
|
||||||
""",
|
|
||||||
default: :read_expired
|
default: :read_expired
|
||||||
],
|
],
|
||||||
expunge_interval: [
|
expunge_interval: [
|
||||||
type: :pos_integer,
|
type: :pos_integer,
|
||||||
doc: """
|
doc:
|
||||||
How often to remove expired records.
|
"How often to scan this resource for records which have expired, and thus can be removed.",
|
||||||
|
|
||||||
How often to scan this resource for records which have expired, and thus can be removed.
|
|
||||||
""",
|
|
||||||
default: @default_expunge_interval_hrs
|
default: @default_expunge_interval_hrs
|
||||||
],
|
],
|
||||||
store_token_action_name: [
|
store_token_action_name: [
|
||||||
type: :atom,
|
type: :atom,
|
||||||
doc: """
|
doc:
|
||||||
The name of the action to use to store a token.
|
"The name of the action to use to store a token, if `require_tokens_for_authentication?` is enabled in your authentication resource.",
|
||||||
|
|
||||||
Used if `store_all_tokens?` is enabled in your authentication resource.
|
|
||||||
""",
|
|
||||||
default: :store_token
|
default: :store_token
|
||||||
],
|
],
|
||||||
get_token_action_name: [
|
get_token_action_name: [
|
||||||
type: :atom,
|
type: :atom,
|
||||||
doc: """
|
doc:
|
||||||
The name of the action used to retrieve tokens from the store.
|
"The name of the action used to retrieve tokens from the store, if `require_tokens_for_authentication?` is enabled in your authentication resource.",
|
||||||
|
|
||||||
Used if `require_token_presence_for_authentication?` is enabled in your authentication resource.
|
|
||||||
""",
|
|
||||||
default: :get_token
|
default: :get_token
|
||||||
]
|
]
|
||||||
],
|
],
|
||||||
|
|
181
mix.exs
181
mix.exs
|
@ -24,8 +24,38 @@ defmodule AshAuthentication.MixProject do
|
||||||
],
|
],
|
||||||
docs: [
|
docs: [
|
||||||
main: "readme",
|
main: "readme",
|
||||||
extras: extra_documentation(),
|
extras: [
|
||||||
groups_for_extras: extra_documentation_groups(),
|
{"README.md", name: "READ ME"},
|
||||||
|
"documentation/tutorials/getting-started-with-authentication.md",
|
||||||
|
"documentation/tutorials/auth0-quickstart.md",
|
||||||
|
"documentation/tutorials/github-quickstart.md",
|
||||||
|
"documentation/tutorials/google-quickstart.md",
|
||||||
|
"documentation/tutorials/integrating-ash-authentication-and-phoenix.md",
|
||||||
|
"documentation/tutorials/magic-links-quickstart.md",
|
||||||
|
"documentation/topics/custom-strategy.md",
|
||||||
|
"documentation/topics/policies-on-authentication-resources.md",
|
||||||
|
"documentation/topics/testing.md",
|
||||||
|
"documentation/topics/tokens.md",
|
||||||
|
"documentation/topics/confirmation.md",
|
||||||
|
"documentation/topics/upgrading.md",
|
||||||
|
"documentation/dsls/DSL:-AshAuthentication.md",
|
||||||
|
"documentation/dsls/DSL:-AshAuthentication.AddOn.Confirmation.md",
|
||||||
|
"documentation/dsls/DSL:-AshAuthentication.Strategy.Auth0.md",
|
||||||
|
"documentation/dsls/DSL:-AshAuthentication.Strategy.Github.md",
|
||||||
|
"documentation/dsls/DSL:-AshAuthentication.Strategy.Google.md",
|
||||||
|
"documentation/dsls/DSL:-AshAuthentication.Strategy.MagicLink.md",
|
||||||
|
"documentation/dsls/DSL:-AshAuthentication.Strategy.OAuth2.md",
|
||||||
|
"documentation/dsls/DSL:-AshAuthentication.Strategy.Oidc.md",
|
||||||
|
"documentation/dsls/DSL:-AshAuthentication.Strategy.Password.md",
|
||||||
|
"documentation/dsls/DSL:-AshAuthentication.TokenResource.md",
|
||||||
|
"documentation/dsls/DSL:-AshAuthentication.UserIdentity.md"
|
||||||
|
],
|
||||||
|
groups_for_extras: [
|
||||||
|
Tutorials: ~r'documentation/tutorials',
|
||||||
|
"How To": ~r'documentation/how_to',
|
||||||
|
Topics: ~r'documentation/topics',
|
||||||
|
DSLs: ~r'documentation/dsls'
|
||||||
|
],
|
||||||
extra_section: "GUIDES",
|
extra_section: "GUIDES",
|
||||||
formatters: ["html"],
|
formatters: ["html"],
|
||||||
before_closing_head_tag: fn type ->
|
before_closing_head_tag: fn type ->
|
||||||
|
@ -46,69 +76,11 @@ defmodule AshAuthentication.MixProject do
|
||||||
filter_modules: ~r/^Elixir.AshAuthentication/,
|
filter_modules: ~r/^Elixir.AshAuthentication/,
|
||||||
source_url_pattern:
|
source_url_pattern:
|
||||||
"https://github.com/team-alembic/ash_authentication/blob/main/%{path}#L%{line}",
|
"https://github.com/team-alembic/ash_authentication/blob/main/%{path}#L%{line}",
|
||||||
spark: [
|
nest_modules_by_prefix: [
|
||||||
extensions: [
|
AshAuthentication.Strategy,
|
||||||
%{
|
AshAuthentication.AddOn,
|
||||||
module: AshAuthentication,
|
AshAuthentication.Plug,
|
||||||
name: "Authentication",
|
AshAuthentication.Validations
|
||||||
target: "Ash.Resource",
|
|
||||||
type: "Authentication"
|
|
||||||
},
|
|
||||||
%{
|
|
||||||
module: AshAuthentication.TokenResource,
|
|
||||||
name: "Token Resource",
|
|
||||||
target: "Ash.Resource",
|
|
||||||
type: "Token"
|
|
||||||
},
|
|
||||||
%{
|
|
||||||
module: AshAuthentication.UserIdentity,
|
|
||||||
name: "User Identity",
|
|
||||||
target: "Ash.Resource",
|
|
||||||
type: "User identity"
|
|
||||||
},
|
|
||||||
%{
|
|
||||||
module: AshAuthentication.Strategy.MagicLink,
|
|
||||||
name: "Magic Link",
|
|
||||||
target: "Ash.Resource",
|
|
||||||
type: "Authentication Strategy"
|
|
||||||
},
|
|
||||||
%{
|
|
||||||
module: AshAuthentication.AddOn.Confirmation,
|
|
||||||
name: "Confirmation",
|
|
||||||
target: "Ash.Resource",
|
|
||||||
type: "Authentication Add On"
|
|
||||||
},
|
|
||||||
%{
|
|
||||||
module: AshAuthentication.Strategy.Auth0,
|
|
||||||
name: "Auth0",
|
|
||||||
target: "Ash.Resource",
|
|
||||||
type: "Authentication Strategy"
|
|
||||||
},
|
|
||||||
%{
|
|
||||||
module: AshAuthentication.Strategy.Github,
|
|
||||||
name: "Github",
|
|
||||||
target: "Ash.Resource",
|
|
||||||
type: "Authentication Strategy"
|
|
||||||
},
|
|
||||||
%{
|
|
||||||
module: AshAuthentication.Strategy.Google,
|
|
||||||
name: "Google",
|
|
||||||
target: "Ash.Resource",
|
|
||||||
type: "Authentication Strategy"
|
|
||||||
},
|
|
||||||
%{
|
|
||||||
module: AshAuthentication.Strategy.OAuth2,
|
|
||||||
name: "OAuth2",
|
|
||||||
target: "Ash.Resource",
|
|
||||||
type: "Authentication Strategy"
|
|
||||||
},
|
|
||||||
%{
|
|
||||||
module: AshAuthentication.Strategy.Password,
|
|
||||||
name: "Password",
|
|
||||||
target: "Ash.Resource",
|
|
||||||
type: "Authentication Strategy"
|
|
||||||
}
|
|
||||||
]
|
|
||||||
],
|
],
|
||||||
groups_for_modules: [
|
groups_for_modules: [
|
||||||
Extensions: [
|
Extensions: [
|
||||||
|
@ -125,6 +97,9 @@ defmodule AshAuthentication.MixProject do
|
||||||
AshAuthentication.Strategy.OAuth2,
|
AshAuthentication.Strategy.OAuth2,
|
||||||
AshAuthentication.Strategy.Password
|
AshAuthentication.Strategy.Password
|
||||||
],
|
],
|
||||||
|
CustomStrategies: [
|
||||||
|
~r/AshAuthentication.Strategy.Custom/
|
||||||
|
],
|
||||||
"Add ons": [
|
"Add ons": [
|
||||||
AshAuthentication.AddOn.Confirmation
|
AshAuthentication.AddOn.Confirmation
|
||||||
],
|
],
|
||||||
|
@ -133,58 +108,40 @@ defmodule AshAuthentication.MixProject do
|
||||||
AshAuthentication.BcryptProvider,
|
AshAuthentication.BcryptProvider,
|
||||||
AshAuthentication.Jwt
|
AshAuthentication.Jwt
|
||||||
],
|
],
|
||||||
Plug: ~r/^AshAuthentication\.Plug.*/,
|
Introspection: [
|
||||||
Internals: ~r/^AshAuthentication.*/
|
AshAuthentication.Info,
|
||||||
|
AshAuthentication.TokenResource.Info,
|
||||||
|
AshAuthentication.UserIdentity.Info
|
||||||
|
],
|
||||||
|
Utilities: [
|
||||||
|
AshAuthentication.Debug,
|
||||||
|
AshAuthentication.Secret,
|
||||||
|
AshAuthentication.Sender,
|
||||||
|
AshAuthentication.Supervisor,
|
||||||
|
~r/.*Actions$/,
|
||||||
|
AshAuthentication.Strategy.Password.Actions,
|
||||||
|
AshAuthentication.TokenResource.Expunger
|
||||||
|
],
|
||||||
|
Plugs: [~r/^AshAuthentication\.Plug.*/, AshAuthentication.Strategy.MagicLink.Plug],
|
||||||
|
"Reusable Components": [
|
||||||
|
AshAuthentication.GenerateTokenChange,
|
||||||
|
AshAuthentication.Strategy.Password.HashPasswordChange,
|
||||||
|
AshAuthentication.Strategy.Password.PasswordConfirmationValidation,
|
||||||
|
AshAuthentication.Strategy.Password.PasswordValidation,
|
||||||
|
AshAuthentication.Checks.AshAuthenticationInteraction,
|
||||||
|
AshAuthentication.Password.Plug,
|
||||||
|
~r/AshAuthentication.Validations/
|
||||||
|
],
|
||||||
|
Errors: ~r/AshAuthentication.Errors/,
|
||||||
|
"DSL Transformers": [
|
||||||
|
~r/Transformer/,
|
||||||
|
~r/Verifier/
|
||||||
|
]
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
end
|
end
|
||||||
|
|
||||||
defp extra_documentation do
|
|
||||||
["README.md"]
|
|
||||||
|> Enum.concat(Path.wildcard("documentation/**/*.{md,livemd,cheatmd}"))
|
|
||||||
|> Enum.map(fn
|
|
||||||
"README.md" ->
|
|
||||||
{:"README.md", title: "Read Me", ash_hq?: false}
|
|
||||||
|
|
||||||
"documentation/tutorials/integrating-ash-authentication-and-phoenix.md" = name ->
|
|
||||||
{String.to_atom(name), ash_hq?: false}
|
|
||||||
|
|
||||||
"documentation/tutorials/" <> _ = path ->
|
|
||||||
{String.to_atom(path), []}
|
|
||||||
|
|
||||||
"documentation/topics/" <> _ = path ->
|
|
||||||
{String.to_atom(path), []}
|
|
||||||
|
|
||||||
"documentation/dsls/" <> _ = path ->
|
|
||||||
{String.to_atom(path), []}
|
|
||||||
end)
|
|
||||||
end
|
|
||||||
|
|
||||||
defp extra_documentation_groups do
|
|
||||||
"documentation/*"
|
|
||||||
|> Path.wildcard()
|
|
||||||
|> Enum.map(fn dir ->
|
|
||||||
name =
|
|
||||||
dir
|
|
||||||
|> Path.basename()
|
|
||||||
|> String.split(~r/_+/)
|
|
||||||
|> Enum.join(" ")
|
|
||||||
|> capitalize()
|
|
||||||
|
|
||||||
{name, dir |> Path.join("**") |> Path.wildcard()}
|
|
||||||
end)
|
|
||||||
end
|
|
||||||
|
|
||||||
defp capitalize(string) do
|
|
||||||
string
|
|
||||||
|> String.split(" ")
|
|
||||||
|> Enum.map(fn string ->
|
|
||||||
[hd | tail] = String.graphemes(string)
|
|
||||||
String.capitalize(hd) <> Enum.join(tail)
|
|
||||||
end)
|
|
||||||
end
|
|
||||||
|
|
||||||
def package do
|
def package do
|
||||||
[
|
[
|
||||||
maintainers: [
|
maintainers: [
|
||||||
|
|
8
mix.lock
8
mix.lock
|
@ -1,7 +1,7 @@
|
||||||
%{
|
%{
|
||||||
"absinthe": {:hex, :absinthe, "1.7.6", "0b897365f98d068cfcb4533c0200a8e58825a4aeeae6ec33633ebed6de11773b", [:mix], [{:dataloader, "~> 1.0.0 or ~> 2.0", [hex: :dataloader, repo: "hexpm", optional: true]}, {:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}, {:nimble_parsec, "~> 1.2.2 or ~> 1.3", [hex: :nimble_parsec, repo: "hexpm", optional: false]}, {:opentelemetry_process_propagator, "~> 0.2.1", [hex: :opentelemetry_process_propagator, repo: "hexpm", optional: true]}, {:telemetry, "~> 1.0 or ~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "e7626951ca5eec627da960615b51009f3a774765406ff02722b1d818f17e5778"},
|
"absinthe": {:hex, :absinthe, "1.7.6", "0b897365f98d068cfcb4533c0200a8e58825a4aeeae6ec33633ebed6de11773b", [:mix], [{:dataloader, "~> 1.0.0 or ~> 2.0", [hex: :dataloader, repo: "hexpm", optional: true]}, {:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}, {:nimble_parsec, "~> 1.2.2 or ~> 1.3", [hex: :nimble_parsec, repo: "hexpm", optional: false]}, {:opentelemetry_process_propagator, "~> 0.2.1", [hex: :opentelemetry_process_propagator, repo: "hexpm", optional: true]}, {:telemetry, "~> 1.0 or ~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "e7626951ca5eec627da960615b51009f3a774765406ff02722b1d818f17e5778"},
|
||||||
"absinthe_plug": {:hex, :absinthe_plug, "1.5.8", "38d230641ba9dca8f72f1fed2dfc8abd53b3907d1996363da32434ab6ee5d6ab", [:mix], [{:absinthe, "~> 1.5", [hex: :absinthe, repo: "hexpm", optional: false]}, {:plug, "~> 1.4", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "bbb04176647b735828861e7b2705465e53e2cf54ccf5a73ddd1ebd855f996e5a"},
|
"absinthe_plug": {:hex, :absinthe_plug, "1.5.8", "38d230641ba9dca8f72f1fed2dfc8abd53b3907d1996363da32434ab6ee5d6ab", [:mix], [{:absinthe, "~> 1.5", [hex: :absinthe, repo: "hexpm", optional: false]}, {:plug, "~> 1.4", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "bbb04176647b735828861e7b2705465e53e2cf54ccf5a73ddd1ebd855f996e5a"},
|
||||||
"ash": {:hex, :ash, "2.17.20", "8b201335fac2f9ec8eb89c71c7c9007d11a09089dd82aa070ed4214c7ae02400", [:mix], [{:comparable, "~> 1.0", [hex: :comparable, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: false]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:spark, ">= 1.1.50 and < 2.0.0-0", [hex: :spark, repo: "hexpm", optional: false]}, {:stream_data, "~> 0.6", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "c89da37cf7464803b09cdd6f20c0b944764ea124b782cdfc72eeb9ac43a11445"},
|
"ash": {:hex, :ash, "2.18.1", "d6abf51a38f0aff3448743fe2cc4a07a1104d55934fd1bf06183f6ebef0c85df", [:mix], [{:comparable, "~> 1.0", [hex: :comparable, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: false]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:spark, ">= 1.1.50 and < 2.0.0-0", [hex: :spark, repo: "hexpm", optional: false]}, {:stream_data, "~> 0.6", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "0dda3a3bdfb0dd24ea12acc9914bd8b6c6f965ec19c1655af7a59b1e7c3b8cf2"},
|
||||||
"ash_graphql": {:hex, :ash_graphql, "0.26.8", "ca0af0d267d3cb8e7d1cf006b132f7120f7635b54187c7e150c373a652bff09f", [:mix], [{:absinthe, "~> 1.7", [hex: :absinthe, repo: "hexpm", optional: false]}, {:absinthe_plug, "~> 1.4", [hex: :absinthe_plug, repo: "hexpm", optional: false]}, {:ash, "~> 2.17", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.2", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "dfb0a6b9840715b77fce4b95e0e820133706de76c6b1f9bafc16fa9889e7e739"},
|
"ash_graphql": {:hex, :ash_graphql, "0.26.8", "ca0af0d267d3cb8e7d1cf006b132f7120f7635b54187c7e150c373a652bff09f", [:mix], [{:absinthe, "~> 1.7", [hex: :absinthe, repo: "hexpm", optional: false]}, {:absinthe_plug, "~> 1.4", [hex: :absinthe_plug, repo: "hexpm", optional: false]}, {:ash, "~> 2.17", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.2", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "dfb0a6b9840715b77fce4b95e0e820133706de76c6b1f9bafc16fa9889e7e739"},
|
||||||
"ash_json_api": {:hex, :ash_json_api, "0.34.1", "6abe0369087b051956996233d0a9524b29ae74d16a7ffa37c8835f2e4f29a95b", [:mix], [{:ash, ">= 2.9.24 and < 3.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:json_xema, "~> 0.4.0", [hex: :json_xema, repo: "hexpm", optional: false]}, {:open_api_spex, "~> 3.16", [hex: :open_api_spex, repo: "hexpm", optional: true]}, {:plug, "~> 1.11", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "f48bf65dada604d5e876af63ba2d587d0bfff618f0bccf7774487301b3b3d43f"},
|
"ash_json_api": {:hex, :ash_json_api, "0.34.1", "6abe0369087b051956996233d0a9524b29ae74d16a7ffa37c8835f2e4f29a95b", [:mix], [{:ash, ">= 2.9.24 and < 3.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:json_xema, "~> 0.4.0", [hex: :json_xema, repo: "hexpm", optional: false]}, {:open_api_spex, "~> 3.16", [hex: :open_api_spex, repo: "hexpm", optional: true]}, {:plug, "~> 1.11", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "f48bf65dada604d5e876af63ba2d587d0bfff618f0bccf7774487301b3b3d43f"},
|
||||||
"ash_postgres": {:hex, :ash_postgres, "1.3.68", "acad35de4111fd237d57718593cd5c30a624f5b7cb6686d179e0b6087d70f21f", [:mix], [{:ash, ">= 2.17.20 and < 3.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:ecto, "~> 3.9", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.9", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, ">= 0.0.0", [hex: :postgrex, repo: "hexpm", optional: false]}], "hexpm", "09c5ba51281dba15bde99ada573985d22f12cda76cce4b2ff63fc5f59707d061"},
|
"ash_postgres": {:hex, :ash_postgres, "1.3.68", "acad35de4111fd237d57718593cd5c30a624f5b7cb6686d179e0b6087d70f21f", [:mix], [{:ash, ">= 2.17.20 and < 3.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:ecto, "~> 3.9", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.9", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, ">= 0.0.0", [hex: :postgrex, repo: "hexpm", optional: false]}], "hexpm", "09c5ba51281dba15bde99ada573985d22f12cda76cce4b2ff63fc5f59707d061"},
|
||||||
|
@ -21,14 +21,14 @@
|
||||||
"dialyxir": {:hex, :dialyxir, "1.4.3", "edd0124f358f0b9e95bfe53a9fcf806d615d8f838e2202a9f430d59566b6b53b", [:mix], [{:erlex, ">= 0.2.6", [hex: :erlex, repo: "hexpm", optional: false]}], "hexpm", "bf2cfb75cd5c5006bec30141b131663299c661a864ec7fbbc72dfa557487a986"},
|
"dialyxir": {:hex, :dialyxir, "1.4.3", "edd0124f358f0b9e95bfe53a9fcf806d615d8f838e2202a9f430d59566b6b53b", [:mix], [{:erlex, ">= 0.2.6", [hex: :erlex, repo: "hexpm", optional: false]}], "hexpm", "bf2cfb75cd5c5006bec30141b131663299c661a864ec7fbbc72dfa557487a986"},
|
||||||
"doctor": {:hex, :doctor, "0.21.0", "20ef89355c67778e206225fe74913e96141c4d001cb04efdeba1a2a9704f1ab5", [:mix], [{:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}], "hexpm", "a227831daa79784eb24cdeedfa403c46a4cb7d0eab0e31232ec654314447e4e0"},
|
"doctor": {:hex, :doctor, "0.21.0", "20ef89355c67778e206225fe74913e96141c4d001cb04efdeba1a2a9704f1ab5", [:mix], [{:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}], "hexpm", "a227831daa79784eb24cdeedfa403c46a4cb7d0eab0e31232ec654314447e4e0"},
|
||||||
"earmark": {:hex, :earmark, "1.4.46", "8c7287bd3137e99d26ae4643e5b7ef2129a260e3dcf41f251750cb4563c8fb81", [:mix], [], "hexpm", "798d86db3d79964e759ddc0c077d5eb254968ed426399fbf5a62de2b5ff8910a"},
|
"earmark": {:hex, :earmark, "1.4.46", "8c7287bd3137e99d26ae4643e5b7ef2129a260e3dcf41f251750cb4563c8fb81", [:mix], [], "hexpm", "798d86db3d79964e759ddc0c077d5eb254968ed426399fbf5a62de2b5ff8910a"},
|
||||||
"earmark_parser": {:hex, :earmark_parser, "1.4.36", "487ea8ef9bdc659f085e6e654f3c3feea1d36ac3943edf9d2ef6c98de9174c13", [:mix], [], "hexpm", "a524e395634bdcf60a616efe77fd79561bec2e930d8b82745df06ab4e844400a"},
|
"earmark_parser": {:hex, :earmark_parser, "1.4.39", "424642f8335b05bb9eb611aa1564c148a8ee35c9c8a8bba6e129d51a3e3c6769", [:mix], [], "hexpm", "06553a88d1f1846da9ef066b87b57c6f605552cfbe40d20bd8d59cc6bde41944"},
|
||||||
"ecto": {:hex, :ecto, "3.11.1", "4b4972b717e7ca83d30121b12998f5fcdc62ba0ed4f20fd390f16f3270d85c3e", [:mix], [{:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "ebd3d3772cd0dfcd8d772659e41ed527c28b2a8bde4b00fe03e0463da0f1983b"},
|
"ecto": {:hex, :ecto, "3.11.1", "4b4972b717e7ca83d30121b12998f5fcdc62ba0ed4f20fd390f16f3270d85c3e", [:mix], [{:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "ebd3d3772cd0dfcd8d772659e41ed527c28b2a8bde4b00fe03e0463da0f1983b"},
|
||||||
"ecto_sql": {:hex, :ecto_sql, "3.11.1", "e9abf28ae27ef3916b43545f9578b4750956ccea444853606472089e7d169470", [:mix], [{:db_connection, "~> 2.4.1 or ~> 2.5", [hex: :db_connection, repo: "hexpm", optional: false]}, {:ecto, "~> 3.11.0", [hex: :ecto, repo: "hexpm", optional: false]}, {:myxql, "~> 0.6.0", [hex: :myxql, repo: "hexpm", optional: true]}, {:postgrex, "~> 0.16.0 or ~> 0.17.0 or ~> 1.0", [hex: :postgrex, repo: "hexpm", optional: true]}, {:tds, "~> 2.1.1 or ~> 2.2", [hex: :tds, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4.0 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "ce14063ab3514424276e7e360108ad6c2308f6d88164a076aac8a387e1fea634"},
|
"ecto_sql": {:hex, :ecto_sql, "3.11.1", "e9abf28ae27ef3916b43545f9578b4750956ccea444853606472089e7d169470", [:mix], [{:db_connection, "~> 2.4.1 or ~> 2.5", [hex: :db_connection, repo: "hexpm", optional: false]}, {:ecto, "~> 3.11.0", [hex: :ecto, repo: "hexpm", optional: false]}, {:myxql, "~> 0.6.0", [hex: :myxql, repo: "hexpm", optional: true]}, {:postgrex, "~> 0.16.0 or ~> 0.17.0 or ~> 1.0", [hex: :postgrex, repo: "hexpm", optional: true]}, {:tds, "~> 2.1.1 or ~> 2.2", [hex: :tds, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4.0 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "ce14063ab3514424276e7e360108ad6c2308f6d88164a076aac8a387e1fea634"},
|
||||||
"elixir_make": {:hex, :elixir_make, "0.7.7", "7128c60c2476019ed978210c245badf08b03dbec4f24d05790ef791da11aa17c", [:mix], [{:castore, "~> 0.1 or ~> 1.0", [hex: :castore, repo: "hexpm", optional: true]}], "hexpm", "5bc19fff950fad52bbe5f211b12db9ec82c6b34a9647da0c2224b8b8464c7e6c"},
|
"elixir_make": {:hex, :elixir_make, "0.7.7", "7128c60c2476019ed978210c245badf08b03dbec4f24d05790ef791da11aa17c", [:mix], [{:castore, "~> 0.1 or ~> 1.0", [hex: :castore, repo: "hexpm", optional: true]}], "hexpm", "5bc19fff950fad52bbe5f211b12db9ec82c6b34a9647da0c2224b8b8464c7e6c"},
|
||||||
"erlex": {:hex, :erlex, "0.2.6", "c7987d15e899c7a2f34f5420d2a2ea0d659682c06ac607572df55a43753aa12e", [:mix], [], "hexpm", "2ed2e25711feb44d52b17d2780eabf998452f6efda104877a3881c2f8c0c0c75"},
|
"erlex": {:hex, :erlex, "0.2.6", "c7987d15e899c7a2f34f5420d2a2ea0d659682c06ac607572df55a43753aa12e", [:mix], [], "hexpm", "2ed2e25711feb44d52b17d2780eabf998452f6efda104877a3881c2f8c0c0c75"},
|
||||||
"ets": {:hex, :ets, "0.9.0", "79c6a6c205436780486f72d84230c6cba2f8a9920456750ddd1e47389107d5fd", [:mix], [], "hexpm", "2861fdfb04bcaeff370f1a5904eec864f0a56dcfebe5921ea9aadf2a481c822b"},
|
"ets": {:hex, :ets, "0.9.0", "79c6a6c205436780486f72d84230c6cba2f8a9920456750ddd1e47389107d5fd", [:mix], [], "hexpm", "2861fdfb04bcaeff370f1a5904eec864f0a56dcfebe5921ea9aadf2a481c822b"},
|
||||||
"ex_check": {:hex, :ex_check, "0.15.0", "074b94c02de11c37bba1ca82ae5cc4926e6ccee862e57a485b6ba60fca2d8dc1", [:mix], [], "hexpm", "33848031a0c7e4209c3b4369ce154019788b5219956220c35ca5474299fb6a0e"},
|
"ex_check": {:hex, :ex_check, "0.15.0", "074b94c02de11c37bba1ca82ae5cc4926e6ccee862e57a485b6ba60fca2d8dc1", [:mix], [], "hexpm", "33848031a0c7e4209c3b4369ce154019788b5219956220c35ca5474299fb6a0e"},
|
||||||
"ex_doc": {:git, "https://github.com/elixir-lang/ex_doc.git", "16a8f536d1a0868293a30d63bcff6510bf023de3", []},
|
"ex_doc": {:git, "https://github.com/elixir-lang/ex_doc.git", "a663c13478a49d29ae0267b6e45badb803267cf0", []},
|
||||||
"faker": {:hex, :faker, "0.17.0", "671019d0652f63aefd8723b72167ecdb284baf7d47ad3a82a15e9b8a6df5d1fa", [:mix], [], "hexpm", "a7d4ad84a93fd25c5f5303510753789fc2433ff241bf3b4144d3f6f291658a6a"},
|
"faker": {:hex, :faker, "0.17.0", "671019d0652f63aefd8723b72167ecdb284baf7d47ad3a82a15e9b8a6df5d1fa", [:mix], [], "hexpm", "a7d4ad84a93fd25c5f5303510753789fc2433ff241bf3b4144d3f6f291658a6a"},
|
||||||
"file_system": {:hex, :file_system, "1.0.0", "b689cc7dcee665f774de94b5a832e578bd7963c8e637ef940cd44327db7de2cd", [:mix], [], "hexpm", "6752092d66aec5a10e662aefeed8ddb9531d79db0bc145bb8c40325ca1d8536d"},
|
"file_system": {:hex, :file_system, "1.0.0", "b689cc7dcee665f774de94b5a832e578bd7963c8e637ef940cd44327db7de2cd", [:mix], [], "hexpm", "6752092d66aec5a10e662aefeed8ddb9531d79db0bc145bb8c40325ca1d8536d"},
|
||||||
"finch": {:hex, :finch, "0.17.0", "17d06e1d44d891d20dbd437335eebe844e2426a0cd7e3a3e220b461127c73f70", [:mix], [{:castore, "~> 0.1 or ~> 1.0", [hex: :castore, repo: "hexpm", optional: false]}, {:mime, "~> 1.0 or ~> 2.0", [hex: :mime, repo: "hexpm", optional: false]}, {:mint, "~> 1.3", [hex: :mint, repo: "hexpm", optional: false]}, {:nimble_options, "~> 0.4 or ~> 1.0", [hex: :nimble_options, repo: "hexpm", optional: false]}, {:nimble_pool, "~> 0.2.6 or ~> 1.0", [hex: :nimble_pool, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "8d014a661bb6a437263d4b5abf0bcbd3cf0deb26b1e8596f2a271d22e48934c7"},
|
"finch": {:hex, :finch, "0.17.0", "17d06e1d44d891d20dbd437335eebe844e2426a0cd7e3a3e220b461127c73f70", [:mix], [{:castore, "~> 0.1 or ~> 1.0", [hex: :castore, repo: "hexpm", optional: false]}, {:mime, "~> 1.0 or ~> 2.0", [hex: :mime, repo: "hexpm", optional: false]}, {:mint, "~> 1.3", [hex: :mint, repo: "hexpm", optional: false]}, {:nimble_options, "~> 0.4 or ~> 1.0", [hex: :nimble_options, repo: "hexpm", optional: false]}, {:nimble_pool, "~> 0.2.6 or ~> 1.0", [hex: :nimble_pool, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "8d014a661bb6a437263d4b5abf0bcbd3cf0deb26b1e8596f2a271d22e48934c7"},
|
||||||
|
@ -57,7 +57,7 @@
|
||||||
"ranch": {:hex, :ranch, "1.8.0", "8c7a100a139fd57f17327b6413e4167ac559fbc04ca7448e9be9057311597a1d", [:make, :rebar3], [], "hexpm", "49fbcfd3682fab1f5d109351b61257676da1a2fdbe295904176d5e521a2ddfe5"},
|
"ranch": {:hex, :ranch, "1.8.0", "8c7a100a139fd57f17327b6413e4167ac559fbc04ca7448e9be9057311597a1d", [:make, :rebar3], [], "hexpm", "49fbcfd3682fab1f5d109351b61257676da1a2fdbe295904176d5e521a2ddfe5"},
|
||||||
"sobelow": {:hex, :sobelow, "0.13.0", "218afe9075904793f5c64b8837cc356e493d88fddde126a463839351870b8d1e", [:mix], [{:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "cd6e9026b85fc35d7529da14f95e85a078d9dd1907a9097b3ba6ac7ebbe34a0d"},
|
"sobelow": {:hex, :sobelow, "0.13.0", "218afe9075904793f5c64b8837cc356e493d88fddde126a463839351870b8d1e", [:mix], [{:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "cd6e9026b85fc35d7529da14f95e85a078d9dd1907a9097b3ba6ac7ebbe34a0d"},
|
||||||
"sourceror": {:hex, :sourceror, "0.14.1", "c6fb848d55bd34362880da671debc56e77fd722fa13b4dcbeac89a8998fc8b09", [:mix], [], "hexpm", "8b488a219e4c4d7d9ff29d16346fd4a5858085ccdd010e509101e226bbfd8efc"},
|
"sourceror": {:hex, :sourceror, "0.14.1", "c6fb848d55bd34362880da671debc56e77fd722fa13b4dcbeac89a8998fc8b09", [:mix], [], "hexpm", "8b488a219e4c4d7d9ff29d16346fd4a5858085ccdd010e509101e226bbfd8efc"},
|
||||||
"spark": {:hex, :spark, "1.1.53", "db8a374ef6ada4f38389386bec76b2fa6331d4755308a6e359acad16472e29ea", [:mix], [{:jason, "~> 1.4", [hex: :jason, repo: "hexpm", optional: false]}, {:nimble_options, "~> 0.5 or ~> 1.0", [hex: :nimble_options, repo: "hexpm", optional: false]}, {:sourceror, "~> 0.1", [hex: :sourceror, repo: "hexpm", optional: false]}], "hexpm", "5f8a8e2b4abd2544517bb8d29c28576239254b5979d66d9781b154706c4199dd"},
|
"spark": {:hex, :spark, "1.1.54", "54dac39403a2960f738ba5d60678d20b30de7381fb51b787b6bcb6aeabb73d9d", [:mix], [{:jason, "~> 1.4", [hex: :jason, repo: "hexpm", optional: false]}, {:nimble_options, "~> 0.5 or ~> 1.0", [hex: :nimble_options, repo: "hexpm", optional: false]}, {:sourceror, "~> 0.1", [hex: :sourceror, repo: "hexpm", optional: false]}], "hexpm", "abc9a67cfb60a97d2f3c7e270fa968a2ace94f389e2741d406239d237ec6dbb1"},
|
||||||
"stream_data": {:hex, :stream_data, "0.6.0", "e87a9a79d7ec23d10ff83eb025141ef4915eeb09d4491f79e52f2562b73e5f47", [:mix], [], "hexpm", "b92b5031b650ca480ced047578f1d57ea6dd563f5b57464ad274718c9c29501c"},
|
"stream_data": {:hex, :stream_data, "0.6.0", "e87a9a79d7ec23d10ff83eb025141ef4915eeb09d4491f79e52f2562b73e5f47", [:mix], [], "hexpm", "b92b5031b650ca480ced047578f1d57ea6dd563f5b57464ad274718c9c29501c"},
|
||||||
"telemetry": {:hex, :telemetry, "1.2.1", "68fdfe8d8f05a8428483a97d7aab2f268aaff24b49e0f599faa091f1d4e7f61c", [:rebar3], [], "hexpm", "dad9ce9d8effc621708f99eac538ef1cbe05d6a874dd741de2e689c47feafed5"},
|
"telemetry": {:hex, :telemetry, "1.2.1", "68fdfe8d8f05a8428483a97d7aab2f268aaff24b49e0f599faa091f1d4e7f61c", [:rebar3], [], "hexpm", "dad9ce9d8effc621708f99eac538ef1cbe05d6a874dd741de2e689c47feafed5"},
|
||||||
"typable": {:hex, :typable, "0.3.0", "0431e121d124cd26f312123e313d2689b9a5322b15add65d424c07779eaa3ca1", [:mix], [], "hexpm", "880a0797752da1a4c508ac48f94711e04c86156f498065a83d160eef945858f8"},
|
"typable": {:hex, :typable, "0.3.0", "0431e121d124cd26f312123e313d2689b9a5322b15add65d424c07779eaa3ca1", [:mix], [], "hexpm", "880a0797752da1a4c508ac48f94711e04c86156f498065a83d160eef945858f8"},
|
||||||
|
|
Loading…
Reference in a new issue