BreakGlass.UserProvider behaviour (BreakGlassEx v0.1.0)

Behaviour that host applications implement to supply a user term on successful break-glass authentication.

Callback

The single callback, build_user/1, receives an attrs map that is guaranteed to contain the following four keys:

Key	Type	Description
`:email`	`String.t()`	The configured break-glass email address
`:sentinel_id`	`integer()`	The configured sentinel ID (never a real PK)
`:authenticated_at`	`DateTime.t()`	UTC timestamp of successful authentication
`:break_glass`	`true`	Always `true`; allows host-app guards to identify
		a break-glass session

The return value is term() — the library does not inspect it after invoking the callback. The host application is free to return any value, including a struct, a plain map, or any other term that suits its auth stack.

Example

defmodule MyApp.BreakGlassUserProvider do
  @behaviour BreakGlass.UserProvider

  @impl true
  def build_user(attrs) do
    %MyApp.User{
      id:              attrs.sentinel_id,
      email:           attrs.email,
      authenticated_at: attrs.authenticated_at,
      break_glass:     attrs.break_glass
    }
  end
end

Summary

Callbacks

build_user(attrs)

Builds and returns the host application's user term from the given attrs map.

Callbacks

build_user(attrs)

@callback build_user(attrs :: map()) :: term()

Builds and returns the host application's user term from the given attrs map.

attrs is guaranteed to contain :email, :sentinel_id, :authenticated_at, and :break_glass (always true). The return value is an opaque term() that the library passes through unchanged.