Use the `AshAuthentication.Secret` behaviour, rather than asking the user to explicitly set it in their application environment.
This is a breaking change that will require folks to change their resource config to look up the signing secret.
Closes#79.
Closes#77.
* Fix typo
* Password strategy requires a name
* Update documentation/getting_started/getting_started_01_basic_setup.md
Co-authored-by: James Harton <59449+jimsynz@users.noreply.github.com>
Co-authored-by: James Harton <59449+jimsynz@users.noreply.github.com>
* improvement(Confirmation): Confirmation is not a strategy.
* improvement(Confirmation): Support more than one confirmation entity.
* chore: move FIXME doc to issue.
Highlights:
* Replaced `AshAuthentication.Provider` with the much more flexible `AshAuthentication.Strategy`.
* Moved strategies to within the `authentication` DSL using entities and removed excess extensions.
* Added a lot more documentation and test coverage.
* fix(PasswordReset): Generate the reset token using the target action, not the source action.
Also improve tests.
* improvement(PasswordReset): rework PasswordReset to be a provider in it's own right - this means it has it's own routes, etc.
* improvement(docs): change all references to `actor` to `user`.
The word "actor" has special meaning in the Ash ecosystem.
* chore: format `dev` directory also.
* feat(Ash.PlugHelpers): Support standard actor configuration.
* Adds the `:set_actor` plug which will set the actor to a resource based on the subject name.
* Also includes GraphQL and JSON:API interfaces in the devserver for testing.
This is missing a bunch of features that you probably want to use (eg confirmation, password resets), but it's a pretty good place to put a stake in the sand and say it works.