AshAuthentication.Strategy.OAuth2.Verifier
(ash_authentication v5.0.0-rc.7)
Copy Markdown
View Source
DSL verifier for oauth2 strategies.
Summary
Functions
Verifies that an OAuth2-derived strategy isn't paired with a password strategy unless a confirmation add-on is also present, which would otherwise allow an attacker to hijack an existing local account by registering through the OAuth provider with a matching identity field.
Functions
@spec prevent_hijacking(map(), AshAuthentication.Strategy.OAuth2.t()) :: :ok | {:error, Exception.t()}
Verifies that an OAuth2-derived strategy isn't paired with a password strategy unless a confirmation add-on is also present, which would otherwise allow an attacker to hijack an existing local account by registering through the OAuth provider with a matching identity field.