AshAuthentication.Strategy.OAuth2.Verifier (ash_authentication v5.0.0-rc.10)

Copy Markdown View Source

DSL verifier for oauth2 strategies.

Summary

Functions

prevent_hijacking(dsl_state, strategy)

Verifies that an OAuth2-derived strategy isn't paired with a password strategy unless a confirmation add-on is also present, which would otherwise allow an attacker to hijack an existing local account by registering through the OAuth provider with a matching identity field.

validate_confirmation_for_untrusted_match(dsl_state, strategy)

Verifies that a strategy using on_untrusted_email_match :confirm also has a confirmation add-on, which is required to issue and apply the link.

Functions

prevent_hijacking(dsl_state, strategy)

@spec prevent_hijacking(map(), AshAuthentication.Strategy.OAuth2.t()) ::
  :ok | {:error, Exception.t()}

Verifies that an OAuth2-derived strategy isn't paired with a password strategy unless a confirmation add-on is also present, which would otherwise allow an attacker to hijack an existing local account by registering through the OAuth provider with a matching identity field.

validate_confirmation_for_untrusted_match(dsl_state, strategy)

@spec validate_confirmation_for_untrusted_match(
  map(),
  AshAuthentication.Strategy.OAuth2.t()
) ::
  :ok | {:error, Exception.t()}

Verifies that a strategy using on_untrusted_email_match :confirm also has a confirmation add-on, which is required to issue and apply the link.