API Reference nova_auth v#0.2.0
View SourceModules
Behaviour for nova_auth configuration. Implementing modules define authentication settings (repo, schemas, token lifetimes). Configuration is cached in persistent_term for fast repeated access.
User account operations: authentication, registration, password changes, and identity changes. Uses dummy verification on failed lookups to prevent timing-based user enumeration.
Generic session actor storage. Stores and retrieves actor maps from Nova's ETS session. Both password auth and OIDC write here, providing a unified downstream experience for security callbacks and policies.
OTP application callback for nova_auth. Starts the top-level supervisor.
Claims mapping engine. Transforms provider-specific claims (e.g., OIDC userinfo or JWT claims) into nova_auth actor maps. Supports static key-renaming maps or callback functions for complex transformations.
Email confirmation token management. Generates confirmation tokens and
handles the confirmation flow by setting confirmed_at on the user record.
Password hashing and verification using PBKDF2-SHA256. Includes constant-time comparison and dummy verification to prevent user enumeration via timing attacks.
Policy helpers for nova_resource authorization. Returns policy maps with condition functions that can be evaluated against an actor and context.
Rate limiting Nova plugin backed by Seki.
Short-lived access tokens paired with rotating refresh tokens.
Password reset token management. Generates time-limited reset tokens and handles the reset flow, invalidating all existing tokens on success.
Nova security callback for route-level authentication. Returns closures suitable for use in Nova route security configuration.
Session token lifecycle management. Handles creating, validating, and deleting session tokens backed by the configured Kura repo.
Top-level supervisor for nova_auth.
Cryptographic token generation, hashing, and time-based validation. Tokens are base64-encoded random bytes, hashed with SHA-256 for storage.