# ash_authentication v5.0.0-rc.8 - Table of Contents

Authentication extension for the Ash Framework.

## GUIDES

- [README](readme.md)
- [Change Log](changelog.md)

- Start Here
  - [Get started with Ash Authentication](get-started.md)

- Tutorials
  - [API Keys](api-keys.md)
  - [Audit Log Tutorial](audit-log.md)
  - [Auth0 Tutorial](auth0.md)
  - [Confirmation Tutorial](confirmation.md)
  - [GitHub Tutorial](github.md)
  - [Google Tutorial](google.md)
  - [Magic Links Tutorial](magic-links.md)
  - [Microsoft Tutorial](microsoft.md)
  - [Okta Tutorial](okta.md)
  - [OTP (One-Time Password) Tutorial](otp.md)
  - [Password Authentication](password.md)
  - [Recovery Codes](recovery-codes.md)
  - [Slack Tutorial](slack.md)
  - [TOTP (Time-based One-Time Password) Tutorial](totp.md)

- Topics
  - [Auto Sign-out](auto-signout.md)
  - [Defining Custom Authentication Strategies](custom-strategy.md)
  - [Policies on Authenticated Resources](policies-on-authentication-resources.md)
  - [Testing](testing.md)
  - [Recovery Code Security](recovery-code-security.md)
  - [Tokens](tokens.md)
  - [Upgrading](upgrading.md)

- Reference
  - [AshAuthentication](dsl-ashauthentication.md)
  - [AshAuthentication.AddOn.Confirmation](dsl-ashauthentication-addon-confirmation.md)
  - [AshAuthentication.AddOn.LogOutEverywhere](dsl-ashauthentication-addon-logouteverywhere.md)
  - [AshAuthentication.Strategy.ApiKey](dsl-ashauthentication-strategy-apikey.md)
  - [AshAuthentication.Strategy.Apple](dsl-ashauthentication-strategy-apple.md)
  - [AshAuthentication.Strategy.Auth0](dsl-ashauthentication-strategy-auth0.md)
  - [AshAuthentication.Strategy.Github](dsl-ashauthentication-strategy-github.md)
  - [AshAuthentication.Strategy.Google](dsl-ashauthentication-strategy-google.md)
  - [AshAuthentication.Strategy.MagicLink](dsl-ashauthentication-strategy-magiclink.md)
  - [AshAuthentication.Strategy.Microsoft](dsl-ashauthentication-strategy-microsoft.md)
  - [AshAuthentication.Strategy.OAuth2](dsl-ashauthentication-strategy-oauth2.md)
  - [AshAuthentication.Strategy.Oidc](dsl-ashauthentication-strategy-oidc.md)
  - [AshAuthentication.Strategy.Okta](dsl-ashauthentication-strategy-okta.md)
  - [AshAuthentication.Strategy.Otp](dsl-ashauthentication-strategy-otp.md)
  - [AshAuthentication.Strategy.Password](dsl-ashauthentication-strategy-password.md)
  - [AshAuthentication.Strategy.RecoveryCode](dsl-ashauthentication-strategy-recoverycode.md)
  - [AshAuthentication.Strategy.Slack](dsl-ashauthentication-strategy-slack.md)
  - [AshAuthentication.Strategy.Totp](dsl-ashauthentication-strategy-totp.md)
  - [AshAuthentication.TokenResource](dsl-ashauthentication-tokenresource.md)
  - [AshAuthentication.UserIdentity](dsl-ashauthentication-useridentity.md)

## Modules

- Extensions
  - [AshAuthentication](AshAuthentication.md): AshAuthentication provides a turn-key authentication solution for folks using
[Ash](https://www.ash-hq.org/).
  - [AshAuthentication.TokenResource](AshAuthentication.TokenResource.md): This is an Ash resource extension which generates the default token resource.
  - [AshAuthentication.UserIdentity](AshAuthentication.UserIdentity.md): An Ash extension which generates the default user identities resource.

- Strategies
  - [AshAuthentication.AddOn.Confirmation](AshAuthentication.AddOn.Confirmation.md): Confirmation support.
  - [AshAuthentication.AddOn.LogOutEverywhere](AshAuthentication.AddOn.LogOutEverywhere.md): Log out everywhere support.
  - [AshAuthentication.Strategy](AshAuthentication.Strategy.md): The protocol used for interacting with authentication strategies.
  - [AshAuthentication.Strategy.Apple](AshAuthentication.Strategy.Apple.md): Strategy for authenticating using [Apple Sign In](https://developer.apple.com/sign-in-with-apple/)
  - [AshAuthentication.Strategy.Auth0](AshAuthentication.Strategy.Auth0.md): Strategy for authenticating using [Auth0](https://auth0.com).
  - [AshAuthentication.Strategy.Custom](AshAuthentication.Strategy.Custom.md): Define your own custom authentication strategy.
  - [AshAuthentication.Strategy.Github](AshAuthentication.Strategy.Github.md): Strategy for authenticating using [GitHub](https://github.com)
  - [AshAuthentication.Strategy.Google](AshAuthentication.Strategy.Google.md): Strategy for authenticating using [Google](https://google.com)
  - [AshAuthentication.Strategy.MagicLink](AshAuthentication.Strategy.MagicLink.md): Strategy for authentication using a magic link.
  - [AshAuthentication.Strategy.Microsoft](AshAuthentication.Strategy.Microsoft.md): Strategy for authenticating using [Microsoft](https://microsoft.com)
  - [AshAuthentication.Strategy.OAuth2](AshAuthentication.Strategy.OAuth2.md): Strategy for authenticating using any OAuth 2.0 server as the source of truth.
  - [AshAuthentication.Strategy.Oidc](AshAuthentication.Strategy.Oidc.md): Strategy for authentication using an [OpenID
Connect](https://openid.net/connect/) compatible server as the source of
truth.
  - [AshAuthentication.Strategy.Otp](AshAuthentication.Strategy.Otp.md): Strategy for authentication using a one-time password (OTP).
  - [AshAuthentication.Strategy.Password](AshAuthentication.Strategy.Password.md): Strategy for authenticating using local resources as the source of truth.
  - [AshAuthentication.Strategy.Slack](AshAuthentication.Strategy.Slack.md): Strategy for authenticating using [Slack](https://slack.com)

- Cryptography
  - [AshAuthentication.BcryptProvider](AshAuthentication.BcryptProvider.md): Provides the default implementation of `AshAuthentication.HashProvider` using `Bcrypt`.

  - [AshAuthentication.HashProvider](AshAuthentication.HashProvider.md): A behaviour providing password hashing.

  - [AshAuthentication.Jwt](AshAuthentication.Jwt.md): Uses the excellent `joken` hex package to generate and sign Json Web Tokens.

- Introspection
  - [AshAuthentication.Info](AshAuthentication.Info.md): Generated configuration functions based on a resource's DSL configuration.

  - [AshAuthentication.TokenResource.Info](AshAuthentication.TokenResource.Info.md): Introspection functions for the `AshAuthentication.TokenResource` Ash
extension.

  - [AshAuthentication.UserIdentity.Info](AshAuthentication.UserIdentity.Info.md): Introspection functions for the `AshAuthentication.UserIdentity` Ash
extension.

- Utilities
  - [AshAuthentication.Debug](AshAuthentication.Debug.md): Allows you to debug authentication failures in development.
  - [AshAuthentication.Secret](AshAuthentication.Secret.md): A module to implement retrieving of secrets.
  - [AshAuthentication.Sender](AshAuthentication.Sender.md): A module to implement sending of a token to a user.
  - [AshAuthentication.Supervisor](AshAuthentication.Supervisor.md): Starts and manages any processes required by AshAuthentication.

- Plugs
  - [AshAuthentication.Plug](AshAuthentication.Plug.md): Generate an authentication plug.
  - [AshAuthentication.Plug.Helpers](AshAuthentication.Plug.Helpers.md): Authentication helpers for use in your router, etc.

- Reusable Components
  - [AshAuthentication.Checks.AshAuthenticationInteraction](AshAuthentication.Checks.AshAuthenticationInteraction.md): This check is true if the context `private.ash_authentication?` is set to true.
  - [AshAuthentication.GenerateTokenChange](AshAuthentication.GenerateTokenChange.md): Given a successful registration or sign-in, generate a token.

  - [AshAuthentication.Strategy.Password.HashPasswordChange](AshAuthentication.Strategy.Password.HashPasswordChange.md): Set the hash based on the password input.
  - [AshAuthentication.Strategy.Password.PasswordConfirmationValidation](AshAuthentication.Strategy.Password.PasswordConfirmationValidation.md): Validate that the password and password confirmation match.
  - [AshAuthentication.Strategy.Password.PasswordValidation](AshAuthentication.Strategy.Password.PasswordValidation.md): A convenience validation that checks that the password argument against the
hashed password stored in the record.
  - [AshAuthentication.Validations](AshAuthentication.Validations.md): Common validations shared by several transformers.

  - [AshAuthentication.Validations.Action](AshAuthentication.Validations.Action.md): Validation helpers for Resource actions.

  - [AshAuthentication.Validations.Attribute](AshAuthentication.Validations.Attribute.md): Validation helpers for Resource attributes.

- Errors
  - [AshAuthentication.Errors.AuthenticationFailed](AshAuthentication.Errors.AuthenticationFailed.md): A generic, authentication failed error.

  - [AshAuthentication.Errors.CannotConfirmUnconfirmedUser](AshAuthentication.Errors.CannotConfirmUnconfirmedUser.md): An unconfirmed user cannot be confirmed outside of explicit actions.
  - [AshAuthentication.Errors.InvalidSecret](AshAuthentication.Errors.InvalidSecret.md): A secret returned an invalid value.

  - [AshAuthentication.Errors.InvalidToken](AshAuthentication.Errors.InvalidToken.md): An invalid token was presented.

  - [AshAuthentication.Errors.MissingSecret](AshAuthentication.Errors.MissingSecret.md): A secret is now missing.

  - [AshAuthentication.Errors.SenderFailed](AshAuthentication.Errors.SenderFailed.md): A sender failed to deliver a token.

  - [AshAuthentication.Errors.UnconfirmedUser](AshAuthentication.Errors.UnconfirmedUser.md): The user is unconfirmed and so the operation cannot be executed.

- Internals
  - [AshAuthentication.AddOn.AuditLog](AshAuthentication.AddOn.AuditLog.md): Audit logging support.
  - [AshAuthentication.AddOn.AuditLog.Auditor](AshAuthentication.AddOn.AuditLog.Auditor.md): Provides common audit logging behaviour for Ash actions.

  - [AshAuthentication.AddOn.AuditLog.Auditor.Change](AshAuthentication.AddOn.AuditLog.Auditor.Change.md): Implements the `Ash.Resource.Change` behaviour for audit logging
  - [AshAuthentication.AddOn.AuditLog.Auditor.Preparation](AshAuthentication.AddOn.AuditLog.Auditor.Preparation.md): Implements the `Ash.Resource.Preparation` behaviour for audit logging
  - [AshAuthentication.AddOn.AuditLog.BruteForceHelpers](AshAuthentication.AddOn.AuditLog.BruteForceHelpers.md): Helpers for audit log-based brute force protection.
  - [AshAuthentication.AddOn.AuditLog.BruteForcePreparation](AshAuthentication.AddOn.AuditLog.BruteForcePreparation.md): Preparation that checks the audit log for failed authentication attempts.
  - [AshAuthentication.AddOn.AuditLog.Dsl](AshAuthentication.AddOn.AuditLog.Dsl.md): Defines the Spark DSL entity for this add on.

  - [AshAuthentication.AddOn.AuditLog.IdentityBruteForcePreparation](AshAuthentication.AddOn.AuditLog.IdentityBruteForcePreparation.md): Preparation that rejects an action when the audit log shows too many recent
failed attempts for the submitted identity.
  - [AshAuthentication.AddOn.AuditLog.IpPrivacy](AshAuthentication.AddOn.AuditLog.IpPrivacy.md): Provides IP address privacy transformations for audit logging.
  - [AshAuthentication.AddOn.AuditLog.Verifier](AshAuthentication.AddOn.AuditLog.Verifier.md): Provides configuration validation for the AuditLog add-on.

  - [AshAuthentication.AddOn.AuditLog.VerifierHelpers](AshAuthentication.AddOn.AuditLog.VerifierHelpers.md): Helpers for strategy verifiers that need to validate a
`brute_force_strategy {:audit_log, :name}` configuration against the
audit-log add-on on the resource.

  - [AshAuthentication.AddOn.Confirmation.Actions](AshAuthentication.AddOn.Confirmation.Actions.md): Actions for the confirmation add-on.
  - [AshAuthentication.AddOn.Confirmation.ConfirmChange](AshAuthentication.AddOn.Confirmation.ConfirmChange.md): Performs a change based on the contents of a confirmation token.

  - [AshAuthentication.AddOn.Confirmation.ConfirmationHookChange](AshAuthentication.AddOn.Confirmation.ConfirmationHookChange.md): Triggers a confirmation flow when one of the monitored fields is changed.
  - [AshAuthentication.AddOn.Confirmation.Dsl](AshAuthentication.AddOn.Confirmation.Dsl.md): Defines the Spark DSL entity for this add on.

  - [AshAuthentication.AddOn.Confirmation.Plug](AshAuthentication.AddOn.Confirmation.Plug.md): Handlers for incoming OAuth2 HTTP requests.

  - [AshAuthentication.AddOn.Confirmation.Transformer](AshAuthentication.AddOn.Confirmation.Transformer.md): DSL transformer for confirmation add-on.
  - [AshAuthentication.AddOn.Confirmation.Verifier](AshAuthentication.AddOn.Confirmation.Verifier.md): DSL verifier for confirmation add-on.

  - [AshAuthentication.AddOn.LogOutEverywhere.Action](AshAuthentication.AddOn.LogOutEverywhere.Action.md): Revokes all tokens for the specified user.

  - [AshAuthentication.AddOn.LogOutEverywhere.Dsl](AshAuthentication.AddOn.LogOutEverywhere.Dsl.md): Defines the Spark DSL entity for this add on.

  - [AshAuthentication.AddOn.LogOutEverywhere.OnPasswordChange](AshAuthentication.AddOn.LogOutEverywhere.OnPasswordChange.md): Logs a user out from everywhere by revoking all stored tokens.
  - [AshAuthentication.AddOn.LogOutEverywhere.Transformer](AshAuthentication.AddOn.LogOutEverywhere.Transformer.md): DSL transformer the the log-out-everywhere add-on.
  - [AshAuthentication.AddOn.LogOutEverywhere.Verifier](AshAuthentication.AddOn.LogOutEverywhere.Verifier.md): DSL verifier for the log-out-everywhere add-on.

  - [AshAuthentication.Argon2Provider](AshAuthentication.Argon2Provider.md): Provides an implementation of `AshAuthentication.HashProvider` using `Argon2`.

  - [AshAuthentication.AuditLogResource](AshAuthentication.AuditLogResource.md): This is an Ash resource extension which generates the default audit log resource.
  - [AshAuthentication.AuditLogResource.Batcher](AshAuthentication.AuditLogResource.Batcher.md): A `GenServer` which batches up writes to the audit log to reduce write pressure in busy environments.
  - [AshAuthentication.AuditLogResource.Expunger](AshAuthentication.AuditLogResource.Expunger.md): A `GenServer` which removes old audit log entries once they're no longer relevant.
  - [AshAuthentication.AuditLogResource.Info](AshAuthentication.AuditLogResource.Info.md): Introspection functions for the `AshAuthentication.AuditLogResource` Ash extension.

  - [AshAuthentication.AuditLogResource.Verifier](AshAuthentication.AuditLogResource.Verifier.md): Compile-time checks for the audit log resource.

  - [AshAuthentication.Checks.UsingApiKey](AshAuthentication.Checks.UsingApiKey.md): This check is true if `user.__metadata__[:using_api_key?]` is set to true.

  - [AshAuthentication.Igniter](AshAuthentication.Igniter.md): Codemods for working with AshAuthentication
  - [AshAuthentication.Jwt.Config](AshAuthentication.Jwt.Config.md): Implementation details JWT generation and validation.
  - [AshAuthentication.Plug.Defaults](AshAuthentication.Plug.Defaults.md): Provides the default implementations of `handle_success/3` and
`handle_failure/2` used in generated authentication plugs.

  - [AshAuthentication.Plug.Dispatcher](AshAuthentication.Plug.Dispatcher.md): Route requests and callbacks to the correct provider plugs.

  - [AshAuthentication.Plug.Macros](AshAuthentication.Plug.Macros.md): Generators used within `use AshAuthentication.Plug`.

  - [AshAuthentication.Plug.Router](AshAuthentication.Plug.Router.md): Dynamically generates the authentication router for the authentication
requests and callbacks.
  - [AshAuthentication.Preparations.FilterBySubject](AshAuthentication.Preparations.FilterBySubject.md): Filters a user by the identifier in the subject of a JWT.
  - [AshAuthentication.SHA256Provider](AshAuthentication.SHA256Provider.md): Provides an implementation of `AshAuthentication.HashProvider` using SHA-256.
  - [AshAuthentication.SecretFunction](AshAuthentication.SecretFunction.md): Implements `AshAuthentication.Secret` for functions that are provided to the
DSL instead of modules.

  - [AshAuthentication.SenderFunction](AshAuthentication.SenderFunction.md): Implements `AshAuthentication.Sender` for functions that are provided to the
DSL instead of modules.

  - [AshAuthentication.Strategy.ApiKey](AshAuthentication.Strategy.ApiKey.md): Strategy for authenticating using an API key.
  - [AshAuthentication.Strategy.ApiKey.Actions](AshAuthentication.Strategy.ApiKey.Actions.md): Actions for the API key strategy.
  - [AshAuthentication.Strategy.ApiKey.GenerateApiKey](AshAuthentication.Strategy.ApiKey.GenerateApiKey.md): Generates a random API key for a user.
  - [AshAuthentication.Strategy.ApiKey.Plug](AshAuthentication.Strategy.ApiKey.Plug.md): Plug for authenticating using API keys.
  - [AshAuthentication.Strategy.ApiKey.SignInPreparation](AshAuthentication.Strategy.ApiKey.SignInPreparation.md): Prepare a query for sign in.

  - [AshAuthentication.Strategy.ApiKey.Transformer](AshAuthentication.Strategy.ApiKey.Transformer.md): DSL transformer for API keys.

  - [AshAuthentication.Strategy.ApiKey.Verifier](AshAuthentication.Strategy.ApiKey.Verifier.md): DSL verifier for API key authentication.

  - [AshAuthentication.Strategy.Apple.Verifier](AshAuthentication.Strategy.Apple.Verifier.md): DSL verifier for Apple strategy.

  - [AshAuthentication.Strategy.Custom.Helpers](AshAuthentication.Strategy.Custom.Helpers.md): Helpers for use within custom strategies.

  - [AshAuthentication.Strategy.Custom.Transformer](AshAuthentication.Strategy.Custom.Transformer.md): Transformer used by custom strategies.
  - [AshAuthentication.Strategy.Custom.Verifier](AshAuthentication.Strategy.Custom.Verifier.md): Verifier used by custom strategies.
  - [AshAuthentication.Strategy.MagicLink.Actions](AshAuthentication.Strategy.MagicLink.Actions.md): Actions for the magic link strategy.
  - [AshAuthentication.Strategy.MagicLink.Plug](AshAuthentication.Strategy.MagicLink.Plug.md): Plugs for the magic link strategy.
  - [AshAuthentication.Strategy.MagicLink.Request](AshAuthentication.Strategy.MagicLink.Request.md): Requests a magic link for the given identity field.

  - [AshAuthentication.Strategy.MagicLink.SignInChange](AshAuthentication.Strategy.MagicLink.SignInChange.md): Set up a create action for magic link sign in.

  - [AshAuthentication.Strategy.MagicLink.SignInPreparation](AshAuthentication.Strategy.MagicLink.SignInPreparation.md): Prepare a query for sign in.

  - [AshAuthentication.Strategy.MagicLink.Transformer](AshAuthentication.Strategy.MagicLink.Transformer.md): DSL transformer for magic links.

  - [AshAuthentication.Strategy.MagicLink.Verifier](AshAuthentication.Strategy.MagicLink.Verifier.md): DSL verifier for magic links.

  - [AshAuthentication.Strategy.Microsoft.AzureADMultitenant](AshAuthentication.Strategy.Microsoft.AzureADMultitenant.md): When using Microsoft's `/common` or `/organizations` OIDC endpoints, the
discovery document returns a templated issuer
  - [AshAuthentication.Strategy.OAuth2.Actions](AshAuthentication.Strategy.OAuth2.Actions.md): Actions for the oauth2 strategy.
  - [AshAuthentication.Strategy.OAuth2.Dsl](AshAuthentication.Strategy.OAuth2.Dsl.md): Defines the Spark DSL entity for this strategy.

  - [AshAuthentication.Strategy.OAuth2.IdentityChange](AshAuthentication.Strategy.OAuth2.IdentityChange.md): Updates the identity resource when a user is registered.

  - [AshAuthentication.Strategy.OAuth2.Plug](AshAuthentication.Strategy.OAuth2.Plug.md): Handlers for incoming OAuth2 HTTP requests.

  - [AshAuthentication.Strategy.OAuth2.SignInPreparation](AshAuthentication.Strategy.OAuth2.SignInPreparation.md): Prepare a query for sign in
  - [AshAuthentication.Strategy.OAuth2.Transformer](AshAuthentication.Strategy.OAuth2.Transformer.md): DSL transformer for oauth2 strategies.
  - [AshAuthentication.Strategy.OAuth2.UserInfoToAttributes](AshAuthentication.Strategy.OAuth2.UserInfoToAttributes.md): Sets resource attributes from the `user_info` argument provided by an OAuth2 callback.
  - [AshAuthentication.Strategy.OAuth2.Verifier](AshAuthentication.Strategy.OAuth2.Verifier.md): DSL verifier for oauth2 strategies.

  - [AshAuthentication.Strategy.Oidc.NonceGenerator](AshAuthentication.Strategy.Oidc.NonceGenerator.md): An implmentation of `AshAuthentication.Secret` that generates nonces for
OpenID Connect strategies.
  - [AshAuthentication.Strategy.Oidc.Transformer](AshAuthentication.Strategy.Oidc.Transformer.md): DSL transformer for oidc strategies.
  - [AshAuthentication.Strategy.Oidc.Verifier](AshAuthentication.Strategy.Oidc.Verifier.md): DSL verifier for OpenID Connect strategy.

  - [AshAuthentication.Strategy.Okta](AshAuthentication.Strategy.Okta.md): Strategy for authenticating using [Okta](https://okta.com).
  - [AshAuthentication.Strategy.Otp.Actions](AshAuthentication.Strategy.Otp.Actions.md): Actions for the OTP strategy.
  - [AshAuthentication.Strategy.Otp.DefaultGenerator](AshAuthentication.Strategy.Otp.DefaultGenerator.md): Default OTP code generator.
  - [AshAuthentication.Strategy.Otp.Plug](AshAuthentication.Strategy.Otp.Plug.md): Plugs for the OTP strategy.
  - [AshAuthentication.Strategy.Otp.Request](AshAuthentication.Strategy.Otp.Request.md): Implementation of the OTP request action.
  - [AshAuthentication.Strategy.Otp.SignInChange](AshAuthentication.Strategy.Otp.SignInChange.md): Change for OTP sign-in when registration is enabled.
  - [AshAuthentication.Strategy.Otp.SignInPreparation](AshAuthentication.Strategy.Otp.SignInPreparation.md): Prepare a query for OTP sign in.
  - [AshAuthentication.Strategy.Otp.Transformer](AshAuthentication.Strategy.Otp.Transformer.md): DSL transformer for OTP strategy.

  - [AshAuthentication.Strategy.Otp.Verifier](AshAuthentication.Strategy.Otp.Verifier.md): DSL verifier for OTP strategy.

  - [AshAuthentication.Strategy.Password.Actions](AshAuthentication.Strategy.Password.Actions.md): Actions for the password strategy
  - [AshAuthentication.Strategy.Password.Dsl](AshAuthentication.Strategy.Password.Dsl.md): Defines the Spark DSL entity for this strategy.

  - [AshAuthentication.Strategy.Password.Plug](AshAuthentication.Strategy.Password.Plug.md): Plugs for the password strategy.
  - [AshAuthentication.Strategy.Password.RequestPasswordReset](AshAuthentication.Strategy.Password.RequestPasswordReset.md): Requests a password reset.
  - [AshAuthentication.Strategy.Password.ResetTokenValidation](AshAuthentication.Strategy.Password.ResetTokenValidation.md): Validate that the token is a valid password reset request token.

  - [AshAuthentication.Strategy.Password.Resettable](AshAuthentication.Strategy.Password.Resettable.md): The entity used to store password reset information.

  - [AshAuthentication.Strategy.Password.SignInPreparation](AshAuthentication.Strategy.Password.SignInPreparation.md): Prepare a query for sign in
  - [AshAuthentication.Strategy.Password.SignInWithTokenPreparation](AshAuthentication.Strategy.Password.SignInWithTokenPreparation.md): Prepare a query for sign in via token.
  - [AshAuthentication.Strategy.Password.Transformer](AshAuthentication.Strategy.Password.Transformer.md): DSL transformer for the password strategy.
  - [AshAuthentication.Strategy.Password.Verifier](AshAuthentication.Strategy.Password.Verifier.md): DSL verifier for the password strategy.

  - [AshAuthentication.Strategy.RecoveryCode](AshAuthentication.Strategy.RecoveryCode.md): Strategy for recovery code authentication.
  - [AshAuthentication.Strategy.RecoveryCode.Actions](AshAuthentication.Strategy.RecoveryCode.Actions.md): Actions for the recovery code strategy.
  - [AshAuthentication.Strategy.RecoveryCode.Dsl](AshAuthentication.Strategy.RecoveryCode.Dsl.md): Defines the Spark DSL entity for the recovery code strategy.

  - [AshAuthentication.Strategy.RecoveryCode.HashRecoveryCodesChange](AshAuthentication.Strategy.RecoveryCode.HashRecoveryCodesChange.md): Change that hashes recovery codes before storage.
  - [AshAuthentication.Strategy.RecoveryCode.Plug](AshAuthentication.Strategy.RecoveryCode.Plug.md): Plugs for the recovery code strategy.
  - [AshAuthentication.Strategy.RecoveryCode.Transformer](AshAuthentication.Strategy.RecoveryCode.Transformer.md): DSL transformer for the recovery_code strategy.

  - [AshAuthentication.Strategy.RecoveryCode.Verifier](AshAuthentication.Strategy.RecoveryCode.Verifier.md): DSL verifier for the recovery_code strategy.

  - [AshAuthentication.Strategy.RecoveryCode.VerifyAction](AshAuthentication.Strategy.RecoveryCode.VerifyAction.md): Implementation of the recovery code verify action.
  - [AshAuthentication.Strategy.RememberMe](AshAuthentication.Strategy.RememberMe.md): Strategy for authenticating using a remember me token that has a configurable token_lifetime
and is typically valid longer than a session token. Remember me tokens are generated by other
strategies (e.g. MagicLink) to allow for authentication to continue beyond the scope of the
current session.
  - [AshAuthentication.Strategy.RememberMe.Dsl](AshAuthentication.Strategy.RememberMe.Dsl.md): Defines the Spark DSL entity for the RememberMe strategy.

  - [AshAuthentication.Strategy.RememberMe.MaybeGenerateTokenChange](AshAuthentication.Strategy.RememberMe.MaybeGenerateTokenChange.md): Maybe generate a remember me token and put it in the metadata of the resource to
later be dropped as a cookie.
  - [AshAuthentication.Strategy.RememberMe.MaybeGenerateTokenPreparation](AshAuthentication.Strategy.RememberMe.MaybeGenerateTokenPreparation.md): Maybe generate a remember me token and put it in the metadata of the resource to
later be dropped as a cookie.
  - [AshAuthentication.Strategy.RememberMe.Plug.Helpers](AshAuthentication.Strategy.RememberMe.Plug.Helpers.md): Plug for signing in with remember me token in cookies.

  - [AshAuthentication.Strategy.RememberMe.SignInPreparation](AshAuthentication.Strategy.RememberMe.SignInPreparation.md): Prepare a query for sign in via the remember me token.
  - [AshAuthentication.Strategy.RememberMe.Token.Helpers](AshAuthentication.Strategy.RememberMe.Token.Helpers.md): Helpers for remember me tokens.

  - [AshAuthentication.Strategy.RememberMe.Transformer](AshAuthentication.Strategy.RememberMe.Transformer.md): DSL transformer for the remember me strategy.
  - [AshAuthentication.Strategy.RememberMe.Verifier](AshAuthentication.Strategy.RememberMe.Verifier.md): DSL verifier for the remember me strategy.

  - [AshAuthentication.Strategy.Slack.Verifier](AshAuthentication.Strategy.Slack.Verifier.md): DSL verifier for Slack strategy.

  - [AshAuthentication.Strategy.Totp](AshAuthentication.Strategy.Totp.md): Strategy for Time-based One-Time Password (TOTP) authentication.
  - [AshAuthentication.Strategy.Totp.Actions](AshAuthentication.Strategy.Totp.Actions.md): Actions for the TOTP strategy.
  - [AshAuthentication.Strategy.Totp.AuditLogChange](AshAuthentication.Strategy.Totp.AuditLogChange.md): Change that checks the audit log for failed TOTP attempts before update actions.
  - [AshAuthentication.Strategy.Totp.AuditLogHelpers](AshAuthentication.Strategy.Totp.AuditLogHelpers.md): Delegates to `AshAuthentication.AddOn.AuditLog.BruteForceHelpers`.
  - [AshAuthentication.Strategy.Totp.AuditLogPreparation](AshAuthentication.Strategy.Totp.AuditLogPreparation.md): Preparation that checks the audit log for failed TOTP attempts.
  - [AshAuthentication.Strategy.Totp.ConfirmSetupChange](AshAuthentication.Strategy.Totp.ConfirmSetupChange.md): Confirms a pending TOTP setup by verifying a code and storing the secret.
  - [AshAuthentication.Strategy.Totp.Dsl](AshAuthentication.Strategy.Totp.Dsl.md): Defines the Spark DSL entity for this strategy.

  - [AshAuthentication.Strategy.Totp.GeneratePendingSetupChange](AshAuthentication.Strategy.Totp.GeneratePendingSetupChange.md): Generates a pending TOTP setup for two-step confirmation.
  - [AshAuthentication.Strategy.Totp.GenerateSecretChange](AshAuthentication.Strategy.Totp.GenerateSecretChange.md): Generates a new TOTP secret for a user.
  - [AshAuthentication.Strategy.Totp.Plug](AshAuthentication.Strategy.Totp.Plug.md): Plugs for the TOTP strategy.
  - [AshAuthentication.Strategy.Totp.SignInPreparation](AshAuthentication.Strategy.Totp.SignInPreparation.md): Preparation for the TOTP sign-in action.
  - [AshAuthentication.Strategy.Totp.TotpUrlCalculation](AshAuthentication.Strategy.Totp.TotpUrlCalculation.md): Calculates the TOTP URL for a user record.
  - [AshAuthentication.Strategy.Totp.Transformer](AshAuthentication.Strategy.Totp.Transformer.md): DSL transformer for the totp strategy.

  - [AshAuthentication.Strategy.Totp.Verifier](AshAuthentication.Strategy.Totp.Verifier.md): DSL verifier for the totp strategy.

  - [AshAuthentication.Strategy.Totp.VerifyAction](AshAuthentication.Strategy.Totp.VerifyAction.md): Implementation of the TOTP verify action.
  - [AshAuthentication.Strategy.WebAuthn](AshAuthentication.Strategy.WebAuthn.md): Strategy for authenticating using [WebAuthn/FIDO2](https://webauthn.io/) hardware
security keys and passkeys.
  - [AshAuthentication.Strategy.WebAuthn.Actions](AshAuthentication.Strategy.WebAuthn.Actions.md): Core action implementations for the WebAuthn strategy.
  - [AshAuthentication.Strategy.WebAuthn.CoseKey](AshAuthentication.Strategy.WebAuthn.CoseKey.md): An Ash type for storing COSE public keys using CBOR encoding.
  - [AshAuthentication.Strategy.WebAuthn.Dsl](AshAuthentication.Strategy.WebAuthn.Dsl.md): Defines the Spark DSL entity for the WebAuthn strategy.

  - [AshAuthentication.Strategy.WebAuthn.Helpers](AshAuthentication.Strategy.WebAuthn.Helpers.md): Helper functions for the WebAuthn strategy.
  - [AshAuthentication.Strategy.WebAuthn.Plug](AshAuthentication.Strategy.WebAuthn.Plug.md): Plug handlers for the WebAuthn strategy.
  - [AshAuthentication.Strategy.WebAuthn.SignInPreparation](AshAuthentication.Strategy.WebAuthn.SignInPreparation.md): Prepare a query for WebAuthn sign in.
  - [AshAuthentication.Strategy.WebAuthn.SignInWithTokenPreparation](AshAuthentication.Strategy.WebAuthn.SignInWithTokenPreparation.md): Prepare a query for sign in via short-lived token after a WebAuthn ceremony.
  - [AshAuthentication.Strategy.WebAuthn.Transformer](AshAuthentication.Strategy.WebAuthn.Transformer.md): DSL transformer for the WebAuthn strategy.
  - [AshAuthentication.Strategy.WebAuthn.Verifier](AshAuthentication.Strategy.WebAuthn.Verifier.md): DSL verifier for the WebAuthn strategy.
  - [AshAuthentication.Test.WebAuthnFixtures](AshAuthentication.Test.WebAuthnFixtures.md): Generates valid WebAuthn registration and authentication fixture data
using programmatic EC key pairs and CBOR encoding.
  - [AshAuthentication.TokenResource.Actions](AshAuthentication.TokenResource.Actions.md): The code interface for interacting with the token resource.

  - [AshAuthentication.TokenResource.Expunger](AshAuthentication.TokenResource.Expunger.md): A `GenServer` which periodically removes expired token revocations.
  - [AshAuthentication.TokenResource.GetConfirmationChangesPreparation](AshAuthentication.TokenResource.GetConfirmationChangesPreparation.md): Constrains a query to only records which are confirmations that match the jti
argument.

  - [AshAuthentication.TokenResource.GetTokenPreparation](AshAuthentication.TokenResource.GetTokenPreparation.md): Constrains a query to only records which match the `jti` or `token` argument
and optionally by the `purpose` argument.

  - [AshAuthentication.TokenResource.IsRevoked](AshAuthentication.TokenResource.IsRevoked.md): Checks for the existence of a revocation token for the provided token revocation token for the provided token.

  - [AshAuthentication.TokenResource.RevokeAllStoredForSubjectChange](AshAuthentication.TokenResource.RevokeAllStoredForSubjectChange.md): Updates all tokens for a given subject to have the purpose revocation

  - [AshAuthentication.TokenResource.RevokeJtiChange](AshAuthentication.TokenResource.RevokeJtiChange.md): Generates a revocation record for a given token.

  - [AshAuthentication.TokenResource.RevokeTokenChange](AshAuthentication.TokenResource.RevokeTokenChange.md): Generates a revocation record for a given token.

  - [AshAuthentication.TokenResource.StoreConfirmationChangesChange](AshAuthentication.TokenResource.StoreConfirmationChangesChange.md): Populates the JTI based on the token argument.

  - [AshAuthentication.TokenResource.StoreTokenChange](AshAuthentication.TokenResource.StoreTokenChange.md): Stores an arbitrary token.

  - [AshAuthentication.TokenResource.Transformer](AshAuthentication.TokenResource.Transformer.md): The token resource transformer.
  - [AshAuthentication.TokenResource.Verifier](AshAuthentication.TokenResource.Verifier.md): The token resource verifier.

  - [AshAuthentication.Transformer](AshAuthentication.Transformer.md): The Authentication transformer
  - [AshAuthentication.Transformer.SetSelectForSenders](AshAuthentication.Transformer.SetSelectForSenders.md): Sets the `select_for_senders` options to its default value.

  - [AshAuthentication.UserIdentity.Actions](AshAuthentication.UserIdentity.Actions.md): Code interface for provider identity actions.
  - [AshAuthentication.UserIdentity.Transformer](AshAuthentication.UserIdentity.Transformer.md): The user identity transformer.
  - [AshAuthentication.UserIdentity.UpsertIdentityChange](AshAuthentication.UserIdentity.UpsertIdentityChange.md): A change which upserts a user's identity into the user identity resource.
  - [AshAuthentication.UserIdentity.Verifier](AshAuthentication.UserIdentity.Verifier.md): The user identity verifier.

  - [AshAuthentication.Verifier](AshAuthentication.Verifier.md): The Authentication verifier.

## Mix Tasks

- Internals
  - [mix ash_authentication.add_add_on](Mix.Tasks.AshAuthentication.AddAddOn.md): Adds the provided add-on to your user resource
  - [mix ash_authentication.add_add_on.audit_log](Mix.Tasks.AshAuthentication.AddAddOn.AuditLog.md): Adds an audit log add-on to your user resource
  - [mix ash_authentication.add_add_on.confirmation](Mix.Tasks.AshAuthentication.AddAddOn.Confirmation.md): Adds email confirmation to your user resource
  - [mix ash_authentication.add_strategy](Mix.Tasks.AshAuthentication.AddStrategy.md): Adds the provided strategy or strategies to your user resource
  - [mix ash_authentication.add_strategy.api_key](Mix.Tasks.AshAuthentication.AddStrategy.ApiKey.md): Adds API key authentication to your user resource
  - [mix ash_authentication.add_strategy.apple](Mix.Tasks.AshAuthentication.AddStrategy.Apple.md): Adds Apple Sign In authentication to your user resource
  - [mix ash_authentication.add_strategy.auth0](Mix.Tasks.AshAuthentication.AddStrategy.Auth0.md): Adds Auth0 OAuth authentication to your user resource
  - [mix ash_authentication.add_strategy.github](Mix.Tasks.AshAuthentication.AddStrategy.Github.md): Adds GitHub OAuth authentication to your user resource
  - [mix ash_authentication.add_strategy.google](Mix.Tasks.AshAuthentication.AddStrategy.Google.md): Adds Google OAuth authentication to your user resource
  - [mix ash_authentication.add_strategy.magic_link](Mix.Tasks.AshAuthentication.AddStrategy.MagicLink.md): Adds magic link authentication to your user resource
  - [mix ash_authentication.add_strategy.microsoft](Mix.Tasks.AshAuthentication.AddStrategy.Microsoft.md): Adds Microsoft OAuth authentication to your user resource
  - [mix ash_authentication.add_strategy.oauth2](Mix.Tasks.AshAuthentication.AddStrategy.Oauth2.md): Adds a generic OAuth2 authentication strategy to your user resource
  - [mix ash_authentication.add_strategy.oidc](Mix.Tasks.AshAuthentication.AddStrategy.Oidc.md): Adds a generic OpenID Connect authentication strategy to your user resource
  - [mix ash_authentication.add_strategy.okta](Mix.Tasks.AshAuthentication.AddStrategy.Okta.md): Adds Okta OIDC authentication to your user resource
  - [mix ash_authentication.add_strategy.otp](Mix.Tasks.AshAuthentication.AddStrategy.Otp.md): Adds one-time password (OTP) authentication to your user resource
  - [mix ash_authentication.add_strategy.password](Mix.Tasks.AshAuthentication.AddStrategy.Password.md): Adds password authentication to your user resource
  - [mix ash_authentication.add_strategy.recovery_code](Mix.Tasks.AshAuthentication.AddStrategy.RecoveryCode.md): Adds the recovery code authentication strategy
  - [mix ash_authentication.add_strategy.slack](Mix.Tasks.AshAuthentication.AddStrategy.Slack.md): Adds Slack OAuth authentication to your user resource
  - [mix ash_authentication.add_strategy.totp](Mix.Tasks.AshAuthentication.AddStrategy.Totp.md): Adds TOTP authentication to your user resource
  - [mix ash_authentication.add_strategy.webauthn](Mix.Tasks.AshAuthentication.AddStrategy.Webauthn.md): Adds WebAuthn/Passkey authentication to your user resource
  - [mix ash_authentication.install](Mix.Tasks.AshAuthentication.Install.md): Installs AshAuthentication. Invoke with `mix igniter.install ash_authentication`

