Modules
Comprehensive authentication library for Phoenix 1.8+.
Core API token operations: creation, verification, revocation, and scope checks.
Scope validation and registry for API tokens.
Account lifecycle orchestrator.
Account deletion lifecycle: schedule, cancel, execute.
Email change lifecycle: request, confirm, cancel.
Password change lifecycle: change, set for OAuth users, force change.
Stable CSV encoding for admin audit evidence exports.
Shared scope-safe list orchestration for admin audit explorer routes.
Shared scope-safe CSV export orchestration for admin audit explorer routes.
Canonical operator-facing audit row presentation helpers.
Admin-owned audit query wrapper for shared explorer and export semantics.
Whitelist-first normalization for admin audit explorer and export filters.
Direct-path admin authorization helpers for exports, mutations, and queries.
Global and organization-scoped audit explorer.
Per-user admin audit explorer for global and organization-scoped routes.
Foundation global admin entry LiveView.
Foundation organization-scoped admin entry LiveView.
Admin user detail surface with scope-safe session controls.
Admin user index for global and organization-scoped user operations.
Behaviour for host-owned admin access decisions.
Request-local resolved admin scope derived from the host's current scope.
Scope-aware admin mutations for the user detail surface.
Default no-op implementation for Sigra.Admin.Users.Hooks.
Scope-safe loader for the admin user detail surface.
Host-owned customization hooks for admin user surfaces.
Canonical query contract for the admin user list surface.
OTP application callback for Sigra.
Structured audit logging for Sigra.
Plain-function helpers for asserting on persisted audit rows in tests.
Changeset validators for audit events.
Base64URL cursor encoding for audit log pagination (D-13).
Composable Ecto query builder for audit_events.
Core authentication orchestrator.
Configuration for Sigra authentication.
Password hashing, verification, and hash upgrade operations.
Behaviour for exporting user data.
Email delivery orchestration.
Custom Ecto type for storing lists as comma-separated strings.
Email normalization and format validation.
Behaviour for generated email template modules.
Release-safe Mix environment detection.
Error types and safe message mapping for Sigra authentication.
Raised when an account is temporarily locked due to failed attempts.
Raised when a user's email is already confirmed.
Raised when a valid token lacks required scopes.
Raised when authentication fails due to wrong email or password.
Raised when an MFA operation fails.
Raised when JWT login requires MFA verification.
Raised when an OAuth operation fails.
Raised when a rate limit has been exceeded.
Raised when a token has exceeded its time-to-live.
Raised when a token is malformed, tampered, or otherwise invalid.
Raised when a revoked API token or JWT refresh token is used.
Raised when an unconfirmed user attempts a restricted action.
Behaviour for IP geolocation lookups.
Behaviour for password hashing implementations.
Argon2id password hasher implementation.
Bcrypt password hasher for migration from bcrypt to Argon2id.
Lifecycle hook execution engine.
Library struct representing an OAuth identity (provider account linked to a user).
Library-owned impersonation orchestration over real Sigra sessions.
Behaviour that every mix sigra.install feature module implements.
Sigra.Install.Feature implementation for the admin feature.
Sigra.Install.Feature implementation for v1.0's core authentication
scaffold: users, sessions, tokens, MFA, sudo, reset password, confirmation,
audit events, and (optionally) API token, JWT, and LiveView UI.
Sigra.Install.Feature implementation for the organizations feature:
multi-tenant organization support with memberships and invitations.
Sigra.Install.Feature implementation for the passkeys feature.
Structured injection descriptor for Sigra.Install.Injector.
Idempotent code injection for Sigra install generator.
Deterministic slot-based timestamp allocator for installer migrations (GEN-07).
Record-as-you-go accumulator for installer decisions, rendered as a 4-column post-install summary (GEN-05).
Generic walker over a [Sigra.Install.Feature] list. Feature-agnostic:
adding Features.Organizations, Features.Passkeys, or Features.Admin
in a later phase requires ZERO edits to this module — only a new entry
in the caller's feature list.
JWT access token generation, verification, and refresh token management.
Behaviour for adding custom claims to JWT access tokens.
Refresh token management with family-based reuse detection.
JWT key loading and signer creation.
LiveView on_mount parity for admin scope enforcement.
LiveView on_mount parallel of Sigra.Plug.LoadOrganizationFromSlug
(Phase 16 D-03, D-04).
Account lockout logic for brute force prevention.
Core MFA orchestrator module.
Backup code generation, hashing, and atomic consumption.
Library struct representing an MFA credential (e.g., TOTP enrollment).
MFA-specific lockout logic, mirroring Sigra.Lockout pattern.
Trust cookie HMAC signing, verification, and mass revocation.
Behaviour for email delivery implementations.
OAuth orchestrator for Sigra authentication.
Processes OAuth callback data and routes to the appropriate account action.
Resolves provider atoms to their corresponding strategy wrapper modules.
Wraps Assent.Strategy.Apple for Sigra OAuth integration.
Wraps Assent.Strategy.Facebook for Sigra OAuth integration.
Generic fallback strategy wrapper for any Assent strategy (D-13).
Wraps Assent.Strategy.Github for Sigra OAuth integration.
Wraps Assent.Strategy.Google for Sigra OAuth integration.
Context module for organization CRUD operations, membership management, and safety guards.
Behaviour for organization lifecycle hook callbacks.
Phase 17 invitation lifecycle: create/2, revoke/3, list_pending/2,
list_pending_for_user/2. accept/3 and accept_with_signup/3 land
in Plan 17-05.
Tenant-scoping query helpers for organization-aware schemas.
Slug generation and validation for organizations.
Public passkey context for registration and credential management helpers.
WebAuthn authentication ceremony helpers.
Serialize / deserialize COSE public keys (integer-keyed maps returned by
wax_ via Wax.AttestedCredentialData.credential_public_key).
Library struct representing a WebAuthn passkey credential.
Resolves friendly labels for stored passkey credentials.
WebAuthn registration ceremony helpers.
Pure sign-count regression policy machine.
NIST-compliant password validation and strength analysis.
Compile-time embedded common password list for rejection checking.
Behaviour for handling authentication errors in the HTTP pipeline.
Extracts a bearer token from the Authorization header and assigns current_scope.
Fetches the current user session, enforces timeouts, and assigns current_scope.
Blocks sensitive mutations while impersonation is active.
Hydrates scope.active_organization and scope.membership from the caller's
%Sigra.Session{} (read from conn.private[:sigra_session], stashed by
Sigra.Plug.FetchSession).
URL-driven active organization loader (Phase 16 D-03, D-04, D-13).
Plug-edge session adapter for passkey ceremony challenges.
The single authoritative write site for "set the active organization".
IP-based rate limiting plug for auth routes.
Resolves and enforces admin access at the Plug boundary.
Authentication gate plug that halts unauthenticated requests.
MFA session gate plug.
Plug that requires the current user to have MFA enrolled.
Halts the pipeline unless conn.assigns[:current_scope] has a non-nil
active_organization and (optionally) a membership role in the configured
:roles list.
Plug that redirects users who must change their password.
Route-level scope enforcement plug for API token authentication.
Sudo mode gate plug that requires recent re-authentication.
Behaviour for rate limiting implementations.
Hammer 7.x rate limiter implementation.
No-op rate limiter that always allows requests.
Library-side scope helpers. The %Scope{} struct itself is generated
into the host app — this module only provides constructors that work
via struct/2 reflection on the host's module.
Pure scope-hydration contract shared between Sigra.Plug.LoadActiveOrganization
(Plug pipeline) and the generated UserAuth.on_mount callback (LiveView).
Struct representing an authenticated user session.
Behaviour for session persistence implementations.
Ecto-backed session store implementation.
Suspicious login detection. Compares login IP against all active session IPs for the user. Triggers on new IP during explicit login only.
Telemetry integration for Sigra authentication events.
Test assertion helpers for Sigra authentication.
Signed token generation and verification.
Lightweight user-agent string parser.
Orchestrator for mix sigra.upgrade (Phase 18 D-08).
Library-resident backfill logic for mix sigra.upgrade --backfill-personal-orgs.
Behaviour contract for Sigra-aware background workers that require
tenant context. Pure @callback contract — the behaviour itself has
zero compile-time dependency on any background job library.
Oban worker for executing scheduled account deletions.
Optional Oban worker that deletes audit rows older than the configured retention window (D-10 retention cleanup for AUDIT-03).
Optional Oban worker that hard-deletes expired, unaccepted invitation rows past the configured retention window (D-11).
Oban worker for asynchronous email delivery.
Oban cron worker for cleaning up expired tokens.
Mix Tasks
Regenerates the test/fixtures/install_golden/ baseline driven by the
Sigra.Test.InstallFixture harness, then prints a structured delta report
grouped by top-level directory so the operator can review what changed
without eyeballing a 20+ file raw diff.
Generates OAuth support for Sigra authentication.
Generates Sigra authentication scaffold.
Upgrades a Sigra-installed app from an older schema version to the current library version (Phase 18 D-08).