mirror of https://github.com/team-alembic/ash_authentication.git synced 2024-09-20 05:13:10 +12:00

improvement: add policy utilities and accompanying guide (#119 )

* improvement: add policy utilities and accompanying guide
fix: improve some error message/validation logic

* chore: update castore & fix check definition

* improvement: fix build/warnings/dialyzer/format

* chore: add private context to new `get_token` action.

* chore: fix build.

I'd rather have the warning than a build failure.

Co-authored-by: James Harton <james@harton.nz>

2023-01-12 15:34:41 +13:00

805 B

Raw Blame History

Policies on Authenticated Resources

Typically, we want to lock down our User resource pretty heavily, which, in Ash, involves writing policies. However, AshAuthentication will be calling actions on your user/token resources. To make this more convenient, all actions run with AshAuthentication will set a special context. Additionally a check is provided that will check if that context has been set: AshAuthentication.Checks.AshAuthenticationInteraction. Using this you can write a simple bypass policy on your user/token resources like so:

policies do
  bypass always() do
    authorize_if AshAuthentication.Checks.AshAuthenticationInteraction
  end

  # or, pick your poison

  bypass AshAuthentication.Checks.AshAuthenticationInteraction do
    authorize_if always()
  end
end

805 B Raw Blame History

Policies on Authenticated Resources

805 B

Raw Blame History