API Reference ash_authentication v#5.0.0-rc.7
Copy MarkdownModules
AshAuthentication provides a turn-key authentication solution for folks using Ash.
Audit logging support.
Provides common audit logging behaviour for Ash actions.
Implements the Ash.Resource.Change behaviour for audit logging
Implements the Ash.Resource.Preparation behaviour for audit logging
Helpers for audit log-based brute force protection.
Preparation that checks the audit log for failed authentication attempts.
Defines the Spark DSL entity for this add on.
Preparation that rejects an action when the audit log shows too many recent failed attempts for the submitted identity.
Provides IP address privacy transformations for audit logging.
Provides configuration validation for the AuditLog add-on.
Helpers for strategy verifiers that need to validate a
brute_force_strategy {:audit_log, :name} configuration against the
audit-log add-on on the resource.
Confirmation support.
Actions for the confirmation add-on.
Performs a change based on the contents of a confirmation token.
Triggers a confirmation flow when one of the monitored fields is changed.
Defines the Spark DSL entity for this add on.
Handlers for incoming OAuth2 HTTP requests.
DSL transformer for confirmation add-on.
DSL verifier for confirmation add-on.
Log out everywhere support.
Revokes all tokens for the specified user.
Defines the Spark DSL entity for this add on.
Logs a user out from everywhere by revoking all stored tokens.
DSL transformer the the log-out-everywhere add-on.
DSL verifier for the log-out-everywhere add-on.
Provides an implementation of AshAuthentication.HashProvider using Argon2.
This is an Ash resource extension which generates the default audit log resource.
A GenServer which batches up writes to the audit log to reduce write pressure in busy environments.
A GenServer which removes old audit log entries once they're no longer relevant.
Introspection functions for the AshAuthentication.AuditLogResource Ash extension.
Compile-time checks for the audit log resource.
Provides the default implementation of AshAuthentication.HashProvider using Bcrypt.
This check is true if the context private.ash_authentication? is set to true.
This check is true if user.__metadata__[:using_api_key?] is set to true.
Allows you to debug authentication failures in development.
A generic, authentication failed error.
An unconfirmed user cannot be confirmed outside of explicit actions.
A secret returned an invalid value.
An invalid token was presented.
A secret is now missing.
A sender failed to deliver a token.
The user is unconfirmed and so the operation cannot be executed.
Given a successful registration or sign-in, generate a token.
A behaviour providing password hashing.
Codemods for working with AshAuthentication
Generated configuration functions based on a resource's DSL configuration.
Uses the excellent joken hex package to generate and sign Json Web Tokens.
Implementation details JWT generation and validation.
Generate an authentication plug.
Provides the default implementations of handle_success/3 and
handle_failure/2 used in generated authentication plugs.
Route requests and callbacks to the correct provider plugs.
Authentication helpers for use in your router, etc.
Generators used within use AshAuthentication.Plug.
Dynamically generates the authentication router for the authentication requests and callbacks.
Filters a user by the identifier in the subject of a JWT.
Provides an implementation of AshAuthentication.HashProvider using SHA-256.
A module to implement retrieving of secrets.
Implements AshAuthentication.Secret for functions that are provided to the
DSL instead of modules.
A module to implement sending of a token to a user.
Implements AshAuthentication.Sender for functions that are provided to the
DSL instead of modules.
The protocol used for interacting with authentication strategies.
Strategy for authenticating using an API key.
Actions for the API key strategy.
Generates a random API key for a user.
Plug for authenticating using API keys.
Prepare a query for sign in.
DSL transformer for API keys.
DSL verifier for API key authentication.
Strategy for authenticating using Apple Sign In
DSL verifier for Apple strategy.
Strategy for authenticating using Auth0.
Define your own custom authentication strategy.
Helpers for use within custom strategies.
Transformer used by custom strategies.
Verifier used by custom strategies.
Strategy for authenticating using GitHub
Strategy for authenticating using Google
Strategy for authentication using a magic link.
Actions for the magic link strategy.
Plugs for the magic link strategy.
Requests a magic link for the given identity field.
Set up a create action for magic link sign in.
Prepare a query for sign in.
DSL transformer for magic links.
DSL verifier for magic links.
Strategy for authenticating using Microsoft
When using Microsoft's /common or /organizations OIDC endpoints, the
discovery document returns a templated issuer
Strategy for authenticating using any OAuth 2.0 server as the source of truth.
Actions for the oauth2 strategy.
Defines the Spark DSL entity for this strategy.
Updates the identity resource when a user is registered.
Handlers for incoming OAuth2 HTTP requests.
Prepare a query for sign in
DSL transformer for oauth2 strategies.
Sets resource attributes from the user_info argument provided by an OAuth2 callback.
DSL verifier for oauth2 strategies.
Strategy for authentication using an OpenID Connect compatible server as the source of truth.
An implmentation of AshAuthentication.Secret that generates nonces for
OpenID Connect strategies.
DSL transformer for oidc strategies.
DSL verifier for OpenID Connect strategy.
Strategy for authenticating using Okta.
Strategy for authentication using a one-time password (OTP).
Actions for the OTP strategy.
Default OTP code generator.
Plugs for the OTP strategy.
Implementation of the OTP request action.
Change for OTP sign-in when registration is enabled.
Prepare a query for OTP sign in.
DSL transformer for OTP strategy.
DSL verifier for OTP strategy.
Strategy for authenticating using local resources as the source of truth.
Actions for the password strategy
Defines the Spark DSL entity for this strategy.
Set the hash based on the password input.
Validate that the password and password confirmation match.
A convenience validation that checks that the password argument against the hashed password stored in the record.
Plugs for the password strategy.
Requests a password reset.
Validate that the token is a valid password reset request token.
The entity used to store password reset information.
Prepare a query for sign in
Prepare a query for sign in via token.
DSL transformer for the password strategy.
DSL verifier for the password strategy.
Strategy for recovery code authentication.
Actions for the recovery code strategy.
Defines the Spark DSL entity for the recovery code strategy.
Change that hashes recovery codes before storage.
Plugs for the recovery code strategy.
DSL transformer for the recovery_code strategy.
DSL verifier for the recovery_code strategy.
Implementation of the recovery code verify action.
Strategy for authenticating using a remember me token that has a configurable token_lifetime and is typically valid longer than a session token. Remember me tokens are generated by other strategies (e.g. MagicLink) to allow for authentication to continue beyond the scope of the current session.
Defines the Spark DSL entity for the RememberMe strategy.
Maybe generate a remember me token and put it in the metadata of the resource to later be dropped as a cookie.
Maybe generate a remember me token and put it in the metadata of the resource to later be dropped as a cookie.
Plug for signing in with remember me token in cookies.
Prepare a query for sign in via the remember me token.
Helpers for remember me tokens.
DSL transformer for the remember me strategy.
DSL verifier for the remember me strategy.
Strategy for authenticating using Slack
DSL verifier for Slack strategy.
Strategy for Time-based One-Time Password (TOTP) authentication.
Actions for the TOTP strategy.
Change that checks the audit log for failed TOTP attempts before update actions.
Delegates to AshAuthentication.AddOn.AuditLog.BruteForceHelpers.
Preparation that checks the audit log for failed TOTP attempts.
Confirms a pending TOTP setup by verifying a code and storing the secret.
Defines the Spark DSL entity for this strategy.
Generates a pending TOTP setup for two-step confirmation.
Generates a new TOTP secret for a user.
Plugs for the TOTP strategy.
Preparation for the TOTP sign-in action.
Calculates the TOTP URL for a user record.
DSL transformer for the totp strategy.
DSL verifier for the totp strategy.
Implementation of the TOTP verify action.
Strategy for authenticating using WebAuthn/FIDO2 hardware security keys and passkeys.
Core action implementations for the WebAuthn strategy.
An Ash type for storing COSE public keys using CBOR encoding.
Defines the Spark DSL entity for the WebAuthn strategy.
Helper functions for the WebAuthn strategy.
Plug handlers for the WebAuthn strategy.
Prepare a query for WebAuthn sign in.
DSL transformer for the WebAuthn strategy.
DSL verifier for the WebAuthn strategy.
Starts and manages any processes required by AshAuthentication.
Generates valid WebAuthn registration and authentication fixture data using programmatic EC key pairs and CBOR encoding.
This is an Ash resource extension which generates the default token resource.
The code interface for interacting with the token resource.
A GenServer which periodically removes expired token revocations.
Constrains a query to only records which are confirmations that match the jti argument.
Constrains a query to only records which match the jti or token argument
and optionally by the purpose argument.
Introspection functions for the AshAuthentication.TokenResource Ash
extension.
Checks for the existence of a revocation token for the provided token revocation token for the provided token.
Updates all tokens for a given subject to have the purpose revocation
Generates a revocation record for a given token.
Generates a revocation record for a given token.
Populates the JTI based on the token argument.
Stores an arbitrary token.
The token resource transformer.
The token resource verifier.
The Authentication transformer
Sets the select_for_senders options to its default value.
An Ash extension which generates the default user identities resource.
Code interface for provider identity actions.
Introspection functions for the AshAuthentication.UserIdentity Ash
extension.
The user identity transformer.
A change which upserts a user's identity into the user identity resource.
The user identity verifier.
Common validations shared by several transformers.
Validation helpers for Resource actions.
Validation helpers for Resource attributes.
The Authentication verifier.
Mix Tasks
Adds the provided add-on to your user resource
Adds an audit log add-on to your user resource
Adds email confirmation to your user resource
Adds the provided strategy or strategies to your user resource
Adds API key authentication to your user resource
Adds Apple Sign In authentication to your user resource
Adds Auth0 OAuth authentication to your user resource
Adds GitHub OAuth authentication to your user resource
Adds Google OAuth authentication to your user resource
Adds magic link authentication to your user resource
Adds Microsoft OAuth authentication to your user resource
Adds a generic OAuth2 authentication strategy to your user resource
Adds a generic OpenID Connect authentication strategy to your user resource
Adds Okta OIDC authentication to your user resource
Adds one-time password (OTP) authentication to your user resource
Adds password authentication to your user resource
Adds the recovery code authentication strategy
Adds Slack OAuth authentication to your user resource
Adds TOTP authentication to your user resource
Adds WebAuthn/Passkey authentication to your user resource
Installs AshAuthentication. Invoke with mix igniter.install ash_authentication