View Source Charon.AuthChallenge.BypassStageChallenge (Charon v0.0.4-alpha)

An auth challenge that is meant to implement "do not ask for MFA again on this machine" functionality. Setting up the challenge results in a "bypass token" that the client can store, and can be used to complete the challenge. This challenge cannot be disabled for individual users. Clients should simply offer users an option to set it up or not, for the current device.

config

Config

Additional config is required for this module under optional.charon_bypass_stage_challenge:

Charon.Config.from_enum(
  ...,
  optional_modules: %{
    charon_bypass_stage_challenge: %{
      ...
    }
  }
)

The following configuration options are supported:

  • :param (optional, default: "bypass_stage_token"). The name of the param that contains the bypass token.
  • :id_field (optional, default: :id). The id field of the user struct that is used to store the user's unique ID.
  • :bypass_stage_token_ttl (optional, default 6 months). For how long the stage can be bypassed.
  • :cookie_name (optional, default "_bypass_stage_challenge_token_sig"). The name of the cookie that is optionally used to store the bypass stage token's signature for browser clients.
  • :cookie_opts (optional, default [http_only: true, same_site: "Strict", secure: true]). The options passed to Plug.Conn.put_resp_cookie/4 when creating the cookie that is optionally used to store the bypass stage token's signature for browser clients.

Link to this section Summary

Link to this section Functions

Link to this function

challenge_init(conn, params, user, config)

View Source

Callback implementation for Charon.AuthChallenge.challenge_init/4.

Callback implementation for Charon.AuthChallenge.name/0.

Link to this function

setup_init(conn, params, user, config)

View Source

Callback implementation for Charon.AuthChallenge.setup_init/4.