AshAuthentication.TokenResource.Actions (ash_authentication v5.0.0-rc.8)

Copy Markdown View Source

The code interface for interacting with the token resource.

Summary

Functions

expunge_expired(resource, opts \\ [])

Remove all expired records.

get_token(resource, params, opts \\ [])

Retrieve a token by token or JTI optionally filtering by purpose.

jti_revoked?(resource, jti, opts \\ [])

Has the token been revoked?

revoke(resource, token, opts \\ [])

Revoke a token.

revoke_jti(resource, jti, subject, opts \\ [])

Revoke a token by JTI.

store_token(resource, params, opts \\ [])

Store a token.

token_revoked?(resource, token, opts \\ [])

Has the token been revoked?

Functions

expunge_expired(resource, opts \\ [])

@spec expunge_expired(
  Ash.Resource.t(),
  keyword()
) :: :ok | {:error, any()}

Remove all expired records.

get_token(resource, params, opts \\ [])

@spec get_token(Ash.Resource.t(), map(), keyword()) ::
  {:ok, [Ash.Resource.record()]} | {:error, any()}

Retrieve a token by token or JTI optionally filtering by purpose.

jti_revoked?(resource, jti, opts \\ [])

@spec jti_revoked?(Ash.Resource.t(), String.t(), keyword()) :: boolean()

Has the token been revoked?

Similar to token-revoked?/2..3 except that rather than extracting the JTI from the token, assumes that it's being passed in directly.

revoke(resource, token, opts \\ [])

@spec revoke(Ash.Resource.t(), String.t(), keyword()) :: :ok | {:error, any()}

Revoke a token.

Extracts the JTI from the provided token and uses it to generate a revocation record.

Options

  • :store_all_tokens? — describes whether the token was generated by an authentication resource with store_all_tokens? enabled. When provided, the revocation is performed atomically so that concurrent revocations of the same token cannot both succeed:

    • true — the token row is expected to exist; it is locked with SELECT … FOR UPDATE and its purpose flipped to "revocation". Returns {:error, _} if the row is already a revocation record.
    • false — the token row is expected not to exist; a plain insert is performed. A concurrent duplicate results in a primary key conflict which is surfaced as {:error, _}.

    If omitted, the legacy upsert behaviour is used. This path is NOT safe against concurrent duplicate revocations and is retained only for backwards compatibility.

revoke_jti(resource, jti, subject, opts \\ [])

@spec revoke_jti(Ash.Resource.t(), String.t(), String.t(), keyword()) ::
  :ok | {:error, any()}

Revoke a token by JTI.

If you have the token, you should use revoke/2 instead.

Accepts the same :store_all_tokens? option as revoke/3.

store_token(resource, params, opts \\ [])

@spec store_token(Ash.Resource.t(), map(), keyword()) :: :ok | {:error, any()}

Store a token.

Stores a token for any purpose.

token_revoked?(resource, token, opts \\ [])

@spec token_revoked?(Ash.Resource.t(), String.t(), keyword()) :: boolean()

Has the token been revoked?

Similar to jti_revoked?/2..3 except that it extracts the JTI from the token, rather than relying on it to be passed in.