| Name | -Type | -Default | -Docs | -|
|---|---|---|---|---|
| - - - name - - - * - - | -
- atom
- |
- - - | -- Uniquely identifies the add-on. - - | -|
| Name | -Type | -Default | -Docs | -|
|---|---|---|---|---|
| - - - monitor_fields - - - * - - | -
- list(atom)
- |
- - - | -- A list of fields to monitor for changes (eg `[:email, :phone_number]`). -The confirmation will only be sent when one of these fields are changed. - - | -|
| - - - sender - - - * - - | -
- (any, any, any -> any) | module
- |
- - - | -- How to send the confirmation instructions to the user. -Allows you to glue sending of confirmation instructions to -[swoosh](https://hex.pm/packages/swoosh), -[ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification -system is appropriate for your application. -Accepts a module, module and opts, or a function that takes a record, -reset token and options. -The options will be a keyword list containing the original -changeset, before any changes were inhibited. This allows you -to send an email to the user's new email address if it is being -changed for example. -See `AshAuthentication.Sender` for more information. - - | -|
| - - - token_lifetime - - - - | -
- pos_integer | {pos_integer, :days | :hours | :minutes | :seconds}
- |
-
- {3, :days}
- |
- - How long should the confirmation token be valid. -If no unit is provided, then hours is assumed. - -Defaults to 3 days. - - | -|
| - - - confirmed_at_field - - - - | -
- atom
- |
-
- :confirmed_at
- |
- - The name of a field to store the time that the last confirmation took -place. -This attribute will be dynamically added to the resource if not already -present. - - | -|
| - - - confirm_on_create? - - - - | -
- boolean
- |
-
- true
- |
- - Generate and send a confirmation token when a new resource is created? -Will only trigger when a create action is executed _and_ one of the -monitored fields is being set. - - | -|
| - - - confirm_on_update? - - - - | -
- boolean
- |
-
- true
- |
- - Generate and send a confirmation token when a resource is changed? -Will only trigger when an update action is executed _and_ one of the -monitored fields is being set. - - | -|
| - - - inhibit_updates? - - - - | -
- boolean
- |
-
- true
- |
- - Wait until confirmation is received before actually changing a monitored -field? -If a change to a monitored field is detected, then the change is stored -in the token resource and the changeset updated to not make the -requested change. When the token is confirmed, the change will be -applied. -This could be potentially weird for your users, but useful in the case -of a user changing their email address or phone number where you want -to verify that the new contact details are reachable. - - | -|
| - - - confirm_action_name - - - - | -
- atom
- |
-
- :confirm
- |
- - The name of the action to use when performing confirmation. -If this action is not already present on the resource, it will be -created for you. - - | -|
| Name | -Type | -Default | -Docs | -|
|---|---|---|---|---|
| - - - name - - - * - - | -
- atom
- |
- - - | -- Uniquely identifies the strategy. - - | -|
| Name | -Type | -Default | -Docs | -|
|---|---|---|---|---|
| - - - client_id - - - * - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The OAuth2 client ID. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -client_id fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_client_id) -end -``` - - | -|
| - - - authorize_url - - - * - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The API url to the OAuth2 authorize endpoint. - -Relative to the value of `site`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end -``` - - | -|
| - - - token_url - - - * - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The API url to access the token endpoint. - -Relative to the value of `site`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end -``` - - | -|
| - - - user_url - - - * - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The API url to access the user endpoint. - -Relative to the value of `site`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end -``` - - | -|
| - - - redirect_uri - - - * - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The callback URI base. - -Not the whole URI back to the callback endpoint, but the URI to your -`AuthPlug`. We can generate the rest. - -Whilst not particularly secret, it seemed prudent to allow this to be -configured dynamically so that you can use different URIs for -different environments. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - - | -|
| - - - base_url - - - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The base URL of the OAuth2 server - including the leading protocol -(ie `https://`). - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -base_url fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) -end -``` - - | -|
| - - - site - - - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- Deprecated: Use `base_url` instead. - | -|
| - - - auth_method - - - - | -
- nil | :client_secret_basic | :client_secret_post | :client_secret_jwt | :private_key_jwt
- |
-
- :client_secret_post
- |
- - The authentication strategy used, optional. If not set, no -authentication will be used during the access token request. The -value may be one of the following: - -* `:client_secret_basic` -* `:client_secret_post` -* `:client_secret_jwt` -* `:private_key_jwt` - - | -|
| - - - client_secret - - - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The OAuth2 client secret. - -Required if :auth_method is `:client_secret_basic`, -`:client_secret_post` or `:client_secret_jwt`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -site fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) -end -``` - - | -|
| - - - private_key - - - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The private key to use if `:auth_method` is `:private_key_jwt` - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - - | -|
| - - - authorization_params - - - - | -
- Keyword.t
- |
-
- []
- |
- - Any additional parameters to encode in the request phase. - -eg: `authorization_params scope: "openid profile email"` - - | -|
| - - - registration_enabled? - - - - | -
- boolean
- |
-
- true
- |
- - Is registration enabled for this provider? - -If this option is enabled, then new users will be able to register for -your site when authenticating and not already present. - -If not, then only existing users will be able to authenticate. - - | -|
| - - - register_action_name - - - - | -
- atom
- |
- - - | -- The name of the action to use to register a user. - -Only needed if `registration_enabled?` is `true`. - -Because we we don't know the response format of the server, you must -implement your own registration action of the same name. - -See the "Registration and Sign-in" section of the module -documentation for more information. - -The default is computed from the strategy name eg: -`register_with_#{name}`. - - | -|
| - - - sign_in_action_name - - - - | -
- atom
- |
- - - | -- The name of the action to use to sign in an existing user. - -Only needed if `registration_enabled?` is `false`. - -Because we don't know the response format of the server, you must -implement your own sign-in action of the same name. - -See the "Registration and Sign-in" section of the module -documentation for more information. - -The default is computed from the strategy name, eg: -`sign_in_with_#{name}`. - - | -|
| - - - identity_resource - - - - | -
- module | false
- |
-
- false
- |
- - The resource used to store user identities. - -Given that a user can be signed into multiple different -authentication providers at once we use the -`AshAuthentication.UserIdentity` resource to build a mapping -between users, providers and that provider's uid. - -See the Identities section of the module documentation for more -information. - -Set to `false` to disable. - - | -|
| - - - identity_relationship_name - - - - | -
- atom
- |
-
- :identities
- |
- - Name of the relationship to the provider identities resource - | -|
| - - - identity_relationship_user_id_attribute - - - - | -
- atom
- |
-
- :user_id
- |
- - The name of the destination (user_id) attribute on your provider -identity resource. - -The only reason to change this would be if you changed the -`user_id_attribute_name` option of the provider identity. - - | -|
| - - - icon - - - - | -
- atom
- |
-
- :oauth2
- |
- - The name of an icon to use in any potential UI. - -This is a *hint* for UI generators to use, and not in any way canonical. - - | -|
| Name | -Type | -Default | -Docs | -|
|---|---|---|---|---|
| - - - name - - - * - - | -
- atom
- |
- - - | -- Uniquely identifies the strategy. - - | -|
| Name | -Type | -Default | -Docs | -|
|---|---|---|---|---|
| - - - client_id - - - * - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The OAuth2 client ID. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -client_id fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_client_id) -end -``` - - | -|
| - - - authorize_url - - - * - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The API url to the OAuth2 authorize endpoint. - -Relative to the value of `site`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end -``` - - | -|
| - - - token_url - - - * - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The API url to access the token endpoint. - -Relative to the value of `site`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end -``` - - | -|
| - - - user_url - - - * - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The API url to access the user endpoint. - -Relative to the value of `site`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end -``` - - | -|
| - - - redirect_uri - - - * - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The callback URI base. - -Not the whole URI back to the callback endpoint, but the URI to your -`AuthPlug`. We can generate the rest. - -Whilst not particularly secret, it seemed prudent to allow this to be -configured dynamically so that you can use different URIs for -different environments. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - - | -|
| - - - base_url - - - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The base URL of the OAuth2 server - including the leading protocol -(ie `https://`). - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -base_url fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) -end -``` - - | -|
| - - - site - - - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- Deprecated: Use `base_url` instead. - | -|
| - - - auth_method - - - - | -
- nil | :client_secret_basic | :client_secret_post | :client_secret_jwt | :private_key_jwt
- |
-
- :client_secret_post
- |
- - The authentication strategy used, optional. If not set, no -authentication will be used during the access token request. The -value may be one of the following: - -* `:client_secret_basic` -* `:client_secret_post` -* `:client_secret_jwt` -* `:private_key_jwt` - - | -|
| - - - client_secret - - - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The OAuth2 client secret. - -Required if :auth_method is `:client_secret_basic`, -`:client_secret_post` or `:client_secret_jwt`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -site fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) -end -``` - - | -|
| - - - private_key - - - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The private key to use if `:auth_method` is `:private_key_jwt` - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - - | -|
| - - - authorization_params - - - - | -
- Keyword.t
- |
-
- []
- |
- - Any additional parameters to encode in the request phase. - -eg: `authorization_params scope: "openid profile email"` - - | -|
| - - - registration_enabled? - - - - | -
- boolean
- |
-
- true
- |
- - Is registration enabled for this provider? - -If this option is enabled, then new users will be able to register for -your site when authenticating and not already present. - -If not, then only existing users will be able to authenticate. - - | -|
| - - - register_action_name - - - - | -
- atom
- |
- - - | -- The name of the action to use to register a user. - -Only needed if `registration_enabled?` is `true`. - -Because we we don't know the response format of the server, you must -implement your own registration action of the same name. - -See the "Registration and Sign-in" section of the module -documentation for more information. - -The default is computed from the strategy name eg: -`register_with_#{name}`. - - | -|
| - - - sign_in_action_name - - - - | -
- atom
- |
- - - | -- The name of the action to use to sign in an existing user. - -Only needed if `registration_enabled?` is `false`. - -Because we don't know the response format of the server, you must -implement your own sign-in action of the same name. - -See the "Registration and Sign-in" section of the module -documentation for more information. - -The default is computed from the strategy name, eg: -`sign_in_with_#{name}`. - - | -|
| - - - identity_resource - - - - | -
- module | false
- |
-
- false
- |
- - The resource used to store user identities. - -Given that a user can be signed into multiple different -authentication providers at once we use the -`AshAuthentication.UserIdentity` resource to build a mapping -between users, providers and that provider's uid. - -See the Identities section of the module documentation for more -information. - -Set to `false` to disable. - - | -|
| - - - identity_relationship_name - - - - | -
- atom
- |
-
- :identities
- |
- - Name of the relationship to the provider identities resource - | -|
| - - - identity_relationship_user_id_attribute - - - - | -
- atom
- |
-
- :user_id
- |
- - The name of the destination (user_id) attribute on your provider -identity resource. - -The only reason to change this would be if you changed the -`user_id_attribute_name` option of the provider identity. - - | -|
| - - - icon - - - - | -
- atom
- |
-
- :oauth2
- |
- - The name of an icon to use in any potential UI. - -This is a *hint* for UI generators to use, and not in any way canonical. - - | -|
| Name | -Type | -Default | -Docs | -|
|---|---|---|---|---|
| - - - name - - - * - - | -
- atom
- |
- - - | -- Uniquely identifies the strategy. - - | -|
| Name | -Type | -Default | -Docs | -|
|---|---|---|---|---|
| - - - client_id - - - * - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The OAuth2 client ID. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -client_id fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_client_id) -end -``` - - | -|
| - - - authorize_url - - - * - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The API url to the OAuth2 authorize endpoint. - -Relative to the value of `site`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end -``` - - | -|
| - - - token_url - - - * - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The API url to access the token endpoint. - -Relative to the value of `site`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end -``` - - | -|
| - - - user_url - - - * - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The API url to access the user endpoint. - -Relative to the value of `site`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end -``` - - | -|
| - - - redirect_uri - - - * - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The callback URI base. - -Not the whole URI back to the callback endpoint, but the URI to your -`AuthPlug`. We can generate the rest. - -Whilst not particularly secret, it seemed prudent to allow this to be -configured dynamically so that you can use different URIs for -different environments. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - - | -|
| - - - base_url - - - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The base URL of the OAuth2 server - including the leading protocol -(ie `https://`). - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -base_url fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) -end -``` - - | -|
| - - - site - - - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- Deprecated: Use `base_url` instead. - | -|
| - - - auth_method - - - - | -
- nil | :client_secret_basic | :client_secret_post | :client_secret_jwt | :private_key_jwt
- |
-
- :client_secret_post
- |
- - The authentication strategy used, optional. If not set, no -authentication will be used during the access token request. The -value may be one of the following: - -* `:client_secret_basic` -* `:client_secret_post` -* `:client_secret_jwt` -* `:private_key_jwt` - - | -|
| - - - client_secret - - - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The OAuth2 client secret. - -Required if :auth_method is `:client_secret_basic`, -`:client_secret_post` or `:client_secret_jwt`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -site fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) -end -``` - - | -|
| - - - private_key - - - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The private key to use if `:auth_method` is `:private_key_jwt` - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - - | -|
| - - - authorization_params - - - - | -
- Keyword.t
- |
-
- []
- |
- - Any additional parameters to encode in the request phase. - -eg: `authorization_params scope: "openid profile email"` - - | -|
| - - - registration_enabled? - - - - | -
- boolean
- |
-
- true
- |
- - Is registration enabled for this provider? - -If this option is enabled, then new users will be able to register for -your site when authenticating and not already present. - -If not, then only existing users will be able to authenticate. - - | -|
| - - - register_action_name - - - - | -
- atom
- |
- - - | -- The name of the action to use to register a user. - -Only needed if `registration_enabled?` is `true`. - -Because we we don't know the response format of the server, you must -implement your own registration action of the same name. - -See the "Registration and Sign-in" section of the module -documentation for more information. - -The default is computed from the strategy name eg: -`register_with_#{name}`. - - | -|
| - - - sign_in_action_name - - - - | -
- atom
- |
- - - | -- The name of the action to use to sign in an existing user. - -Only needed if `registration_enabled?` is `false`. - -Because we don't know the response format of the server, you must -implement your own sign-in action of the same name. - -See the "Registration and Sign-in" section of the module -documentation for more information. - -The default is computed from the strategy name, eg: -`sign_in_with_#{name}`. - - | -|
| - - - identity_resource - - - - | -
- module | false
- |
-
- false
- |
- - The resource used to store user identities. - -Given that a user can be signed into multiple different -authentication providers at once we use the -`AshAuthentication.UserIdentity` resource to build a mapping -between users, providers and that provider's uid. - -See the Identities section of the module documentation for more -information. - -Set to `false` to disable. - - | -|
| - - - identity_relationship_name - - - - | -
- atom
- |
-
- :identities
- |
- - Name of the relationship to the provider identities resource - | -|
| - - - identity_relationship_user_id_attribute - - - - | -
- atom
- |
-
- :user_id
- |
- - The name of the destination (user_id) attribute on your provider -identity resource. - -The only reason to change this would be if you changed the -`user_id_attribute_name` option of the provider identity. - - | -|
| - - - icon - - - - | -
- atom
- |
-
- :oauth2
- |
- - The name of an icon to use in any potential UI. - -This is a *hint* for UI generators to use, and not in any way canonical. - - | -|
| Name | -Type | -Default | -Docs | -|
|---|---|---|---|---|
| - - - sender - - - * - - | -
- (any, any, any -> any) | module
- |
- - - | -- How to send the magic link to the user. - -Allows you to glue sending of magic links to [swoosh](https://hex.pm/packages/swoosh), [ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification system is appropriate for your application. - -Accepts a module, module and opts, or a function that takes a record, reset token and options. - -See `AshAuthentication.Sender` for more information. - - | -|
| - - - identity_field - - - - | -
- atom
- |
-
- :username
- |
- - The name of the attribute which uniquely identifies the user. - -Usually something like `username` or `email_address`. - - | -|
| - - - token_lifetime - - - - | -
- pos_integer | {pos_integer, :days | :hours | :minutes | :seconds}
- |
-
- {10, :minutes}
- |
- - How long the sign in token is valid. - -If no unit is provided, then `minutes` is assumed. - - | -|
| - - - request_action_name - - - - | -
- atom
- |
- - - | -- The name to use for the request action. - -If not present it will be generated by prepending the strategy name -with `request_`. - - | -|
| - - - single_use_token? - - - - | -
- boolean
- |
-
- true
- |
- - Automatically revoke the token once it's been used for sign in. - - | -|
| - - - sign_in_action_name - - - - | -
- atom
- |
- - - | -- The name to use for the sign in action. - -If not present it will be generated by prepending the strategy name -with `sign_in_with_`. - - | -|
| - - - token_param_name - - - - | -
- atom
- |
-
- :token
- |
- - The name of the token parameter in the incoming sign-in request. - - | -|
| Name | -Type | -Default | -Docs | -|
|---|---|---|---|---|
| - - - name - - - * - - | -
- atom
- |
- - - | -- Uniquely identifies the strategy. - - | -|
| Name | -Type | -Default | -Docs | -|
|---|---|---|---|---|
| - - - client_id - - - * - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The OAuth2 client ID. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -client_id fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_client_id) -end -``` - - | -|
| - - - authorize_url - - - * - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The API url to the OAuth2 authorize endpoint. - -Relative to the value of `site`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end -``` - - | -|
| - - - token_url - - - * - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The API url to access the token endpoint. - -Relative to the value of `site`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end -``` - - | -|
| - - - user_url - - - * - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The API url to access the user endpoint. - -Relative to the value of `site`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end -``` - - | -|
| - - - redirect_uri - - - * - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The callback URI base. - -Not the whole URI back to the callback endpoint, but the URI to your -`AuthPlug`. We can generate the rest. - -Whilst not particularly secret, it seemed prudent to allow this to be -configured dynamically so that you can use different URIs for -different environments. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - - | -|
| - - - base_url - - - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The base URL of the OAuth2 server - including the leading protocol -(ie `https://`). - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -base_url fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) -end -``` - - | -|
| - - - site - - - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- Deprecated: Use `base_url` instead. - | -|
| - - - auth_method - - - - | -
- nil | :client_secret_basic | :client_secret_post | :client_secret_jwt | :private_key_jwt
- |
-
- :client_secret_post
- |
- - The authentication strategy used, optional. If not set, no -authentication will be used during the access token request. The -value may be one of the following: - -* `:client_secret_basic` -* `:client_secret_post` -* `:client_secret_jwt` -* `:private_key_jwt` - - | -|
| - - - client_secret - - - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The OAuth2 client secret. - -Required if :auth_method is `:client_secret_basic`, -`:client_secret_post` or `:client_secret_jwt`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -site fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) -end -``` - - | -|
| - - - private_key - - - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The private key to use if `:auth_method` is `:private_key_jwt` - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - - | -|
| - - - authorization_params - - - - | -
- Keyword.t
- |
-
- []
- |
- - Any additional parameters to encode in the request phase. - -eg: `authorization_params scope: "openid profile email"` - - | -|
| - - - registration_enabled? - - - - | -
- boolean
- |
-
- true
- |
- - Is registration enabled for this provider? - -If this option is enabled, then new users will be able to register for -your site when authenticating and not already present. - -If not, then only existing users will be able to authenticate. - - | -|
| - - - register_action_name - - - - | -
- atom
- |
- - - | -- The name of the action to use to register a user. - -Only needed if `registration_enabled?` is `true`. - -Because we we don't know the response format of the server, you must -implement your own registration action of the same name. - -See the "Registration and Sign-in" section of the module -documentation for more information. - -The default is computed from the strategy name eg: -`register_with_#{name}`. - - | -|
| - - - sign_in_action_name - - - - | -
- atom
- |
- - - | -- The name of the action to use to sign in an existing user. - -Only needed if `registration_enabled?` is `false`. - -Because we don't know the response format of the server, you must -implement your own sign-in action of the same name. - -See the "Registration and Sign-in" section of the module -documentation for more information. - -The default is computed from the strategy name, eg: -`sign_in_with_#{name}`. - - | -|
| - - - identity_resource - - - - | -
- module | false
- |
-
- false
- |
- - The resource used to store user identities. - -Given that a user can be signed into multiple different -authentication providers at once we use the -`AshAuthentication.UserIdentity` resource to build a mapping -between users, providers and that provider's uid. - -See the Identities section of the module documentation for more -information. - -Set to `false` to disable. - - | -|
| - - - identity_relationship_name - - - - | -
- atom
- |
-
- :identities
- |
- - Name of the relationship to the provider identities resource - | -|
| - - - identity_relationship_user_id_attribute - - - - | -
- atom
- |
-
- :user_id
- |
- - The name of the destination (user_id) attribute on your provider -identity resource. - -The only reason to change this would be if you changed the -`user_id_attribute_name` option of the provider identity. - - | -|
| - - - icon - - - - | -
- atom
- |
-
- :oauth2
- |
- - The name of an icon to use in any potential UI. - -This is a *hint* for UI generators to use, and not in any way canonical. - - | -|
| Name | -Type | -Default | -Docs | -|
|---|---|---|---|---|
| - - - name - - - * - - | -
- atom
- |
- - - | -- Uniquely identifies the strategy. - - | -|
| Name | -Type | -Default | -Docs | -|
|---|---|---|---|---|
| - - - client_id - - - * - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The OAuth2 client ID. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -client_id fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_client_id) -end -``` - - | -|
| - - - authorize_url - - - * - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The API url to the OAuth2 authorize endpoint. - -Relative to the value of `site`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end -``` - - | -|
| - - - token_url - - - * - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The API url to access the token endpoint. - -Relative to the value of `site`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end -``` - - | -|
| - - - redirect_uri - - - * - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The callback URI base. - -Not the whole URI back to the callback endpoint, but the URI to your -`AuthPlug`. We can generate the rest. - -Whilst not particularly secret, it seemed prudent to allow this to be -configured dynamically so that you can use different URIs for -different environments. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - - | -|
| - - - base_url - - - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The base URL of the OAuth2 server - including the leading protocol -(ie `https://`). - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -base_url fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) -end -``` - - | -|
| - - - site - - - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- Deprecated: Use `base_url` instead. - | -|
| - - - auth_method - - - - | -
- nil | :client_secret_basic | :client_secret_post | :client_secret_jwt | :private_key_jwt
- |
-
- :client_secret_post
- |
- - The authentication strategy used, optional. If not set, no -authentication will be used during the access token request. The -value may be one of the following: - -* `:client_secret_basic` -* `:client_secret_post` -* `:client_secret_jwt` -* `:private_key_jwt` - - | -|
| - - - client_secret - - - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The OAuth2 client secret. - -Required if :auth_method is `:client_secret_basic`, -`:client_secret_post` or `:client_secret_jwt`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -site fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) -end -``` - - | -|
| - - - private_key - - - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The private key to use if `:auth_method` is `:private_key_jwt` - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - - | -|
| - - - authorization_params - - - - | -
- Keyword.t
- |
-
- []
- |
- - Any additional parameters to encode in the request phase. - -eg: `authorization_params scope: "openid profile email"` - - | -|
| - - - registration_enabled? - - - - | -
- boolean
- |
-
- true
- |
- - Is registration enabled for this provider? - -If this option is enabled, then new users will be able to register for -your site when authenticating and not already present. - -If not, then only existing users will be able to authenticate. - - | -|
| - - - register_action_name - - - - | -
- atom
- |
- - - | -- The name of the action to use to register a user. - -Only needed if `registration_enabled?` is `true`. - -Because we we don't know the response format of the server, you must -implement your own registration action of the same name. - -See the "Registration and Sign-in" section of the module -documentation for more information. - -The default is computed from the strategy name eg: -`register_with_#{name}`. - - | -|
| - - - sign_in_action_name - - - - | -
- atom
- |
- - - | -- The name of the action to use to sign in an existing user. - -Only needed if `registration_enabled?` is `false`. - -Because we don't know the response format of the server, you must -implement your own sign-in action of the same name. - -See the "Registration and Sign-in" section of the module -documentation for more information. - -The default is computed from the strategy name, eg: -`sign_in_with_#{name}`. - - | -|
| - - - identity_resource - - - - | -
- module | false
- |
-
- false
- |
- - The resource used to store user identities. - -Given that a user can be signed into multiple different -authentication providers at once we use the -`AshAuthentication.UserIdentity` resource to build a mapping -between users, providers and that provider's uid. - -See the Identities section of the module documentation for more -information. - -Set to `false` to disable. - - | -|
| - - - identity_relationship_name - - - - | -
- atom
- |
-
- :identities
- |
- - Name of the relationship to the provider identities resource - | -|
| - - - identity_relationship_user_id_attribute - - - - | -
- atom
- |
-
- :user_id
- |
- - The name of the destination (user_id) attribute on your provider -identity resource. - -The only reason to change this would be if you changed the -`user_id_attribute_name` option of the provider identity. - - | -|
| - - - icon - - - - | -
- atom
- |
-
- :oauth2
- |
- - The name of an icon to use in any potential UI. - -This is a *hint* for UI generators to use, and not in any way canonical. - - | -|
| - - - openid_configuration_uri - - - - | -
- String.t
- |
-
- "/.well-known/openid-configuration"
- |
- - The URI for the OpenID provider - | -|
| - - - client_authentication_method - - - - | -
- :client_secret_basic | :client_secret_post | :client_secret_jwt | :private_key_jwt
- |
-
- :client_secret_basic
- |
- - The client authentication method to use. - | -|
| - - - openid_configuration - - - - | -
- map
- |
-
- %{}
- |
- - The OpenID configuration. - -If not set, the configuration will be retrieved from `openid_configuration_uri`. - - | -|
| - - - id_token_signed_response_alg - - - - | -
- "HS256" | "HS384" | "HS512" | "RS256" | "RS384" | "RS512" | "ES256" | "ES384" | "ES512" | "PS256" | "PS384" | "PS512" | "Ed25519" | "Ed25519ph" | "Ed448" | "Ed448ph" | "EdDSA"
- |
-
- "RS256"
- |
- - The `id_token_signed_response_alg` parameter sent by the Client during Registration. - - | -|
| - - - id_token_ttl_seconds - - - - | -
- nil | pos_integer
- |
- - - | -- The number of seconds from `iat` that an ID Token will be considered valid. - - | -|
| - - - nonce - - - - | -
- boolean | (any, any -> any) | module | String.t
- |
-
- true
- |
- - A function for generating the session nonce. - -When set to `true` the nonce will be automatically generated using -`AshAuthentication.Strategy.Oidc.NonceGenerator`. Set to `false` -to explicitly disable. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -nonce fn _, _ -> - 16 - |> :crypto.strong_rand_bytes() - |> Base.encode64(padding: false) -end -``` - - | -|
| - - - trusted_audiences - - - - | -
- nil | list(String.t)
- |
- - - | -- A list of audiences which are trusted. - - | -|
| Name | -Type | -Default | -Docs | -|
|---|---|---|---|---|
| - - - identity_field - - - - | -
- atom
- |
-
- :username
- |
- - The name of the attribute which uniquely identifies the user. - -Usually something like `username` or `email_address`. - - | -|
| - - - hashed_password_field - - - - | -
- atom
- |
-
- :hashed_password
- |
- - The name of the attribute within which to store the user's password -once it has been hashed. - - | -|
| - - - hash_provider - - - - | -
- module
- |
-
- AshAuthentication.BcryptProvider
- |
- - A module which implements the `AshAuthentication.HashProvider` -behaviour. - -Used to provide cryptographic hashing of passwords. - - | -|
| - - - confirmation_required? - - - - | -
- boolean
- |
-
- true
- |
- - Whether a password confirmation field is required when registering or -changing passwords. - - | -|
| - - - register_action_accept - - - - | -
- list(atom)
- |
-
- []
- |
- - A list of additional fields to be accepted in the register action. - | -|
| - - - password_field - - - - | -
- atom
- |
-
- :password
- |
- - The name of the argument used to collect the user's password in -plaintext when registering, checking or changing passwords. - - | -|
| - - - password_confirmation_field - - - - | -
- atom
- |
-
- :password_confirmation
- |
- - The name of the argument used to confirm the user's password in -plaintext when registering or changing passwords. - - | -|
| - - - register_action_name - - - - | -
- atom
- |
- - - | -- The name to use for the register action. - -If not present it will be generated by prepending the strategy name -with `register_with_`. - - | -|
| - - - registration_enabled? - - - - | -
- boolean
- |
-
- true
- |
- - If you do not want new users to be able to register using this -strategy, set this to false. - - | -|
| - - - sign_in_action_name - - - - | -
- atom
- |
- - - | -- The name to use for the sign in action. - -If not present it will be generated by prepending the strategy name -with `sign_in_with_`. - - | -|
| - - - sign_in_enabled? - - - - | -
- boolean
- |
-
- true
- |
- - If you do not want new users to be able to sign in using this -strategy, set this to false. - - | -|
| - - - sign_in_tokens_enabled? - - - - | -
- boolean
- |
-
- false
- |
- - Whether or not to support generating short lived sign in tokens. Requires the resource to have -tokens enabled. There is no drawback to supporting this, and in the future this default will -change from `false` to `true`. - -Sign in tokens can be generated on request by setting the `:token_type` context to `:sign_in` -when calling the sign in action. You might do this when you need to generate a short lived token -to be exchanged for a real token using the `validate_sign_in_token` route. This is used, for example, -by `ash_authentication_phoenix` (since 1.7) to support signing in in a liveview, and then redirecting -with a valid token to a controller action, allowing the liveview to show invalid username/password errors. - - | -|
| - - - sign_in_token_lifetime - - - - | -
- pos_integer | {pos_integer, :days | :hours | :minutes | :seconds}
- |
-
- {60, :seconds}
- |
- - A lifetime for which a generated sign in token will be valid, if `sign_in_tokens_enabled?`. - -If no unit is specified, defaults to `:seconds`. - - | -|
| Name | -Type | -Default | -Docs | -|
|---|---|---|---|---|
| - - - sender - - - * - - | -
- (any, any, any -> any) | module
- |
- - - | -- How to send the password reset instructions to the user. - -Allows you to glue sending of reset instructions to [swoosh](https://hex.pm/packages/swoosh), [ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification system is appropriate for your application. - -Accepts a module, module and opts, or a function that takes a record, reset token and options. - -See `AshAuthentication.Sender` for more information. - - | -|
| - - - token_lifetime - - - - | -
- pos_integer | {pos_integer, :days | :hours | :minutes | :seconds}
- |
-
- {3, :days}
- |
- - How long should the reset token be valid. - -If no unit is provided `:hours` is assumed. - -Defaults to 3 days. - - | -|
| - - - request_password_reset_action_name - - - - | -
- atom
- |
- - - | -- The name to use for the action which generates a password reset token. - -If not present it will be generated by prepending the strategy name -with `request_password_reset_with_`. - - | -|
| - - - password_reset_action_name - - - - | -
- atom
- |
- - - | -- The name to use for the action which actually resets the user's -password. - -If not present it will be generated by prepending the strategy name -with `password_reset_with_`. - - | -|
| Name | -Type | -Default | -Docs | -|
|---|---|---|---|---|
| - - - api - - - * - - | -
- module
- |
- - - | -- The Ash API to use to access this resource. - - | -|
| - - - expunge_expired_action_name - - - - | -
- atom
- |
-
- :expunge_expired
- |
- - The name of the action used to remove expired tokens. - - | -|
| - - - read_expired_action_name - - - - | -
- atom
- |
-
- :read_expired
- |
- - The name of the action use to find all expired tokens. - -Used internally by the `expunge_expired` action. - - | -|
| - - - expunge_interval - - - - | -
- pos_integer
- |
-
- 12
- |
- - How often to remove expired records. - -How often to scan this resource for records which have expired, and thus can be removed. - - | -|
| - - - store_token_action_name - - - - | -
- atom
- |
-
- :store_token
- |
- - The name of the action to use to store a token. - -Used if `store_all_tokens?` is enabled in your authentication resource. - - | -|
| - - - get_token_action_name - - - - | -
- atom
- |
-
- :get_token
- |
- - The name of the action used to retrieve tokens from the store. - -Used if `require_token_presence_for_authentication?` is enabled in your authentication resource. - - | -|
| Name | -Type | -Default | -Docs | -|
|---|---|---|---|---|
| - - - revoke_token_action_name - - - - | -
- atom
- |
-
- :revoke_token
- |
- - The name of the action used to revoke tokens. - - | -|
| - - - is_revoked_action_name - - - - | -
- atom
- |
-
- :revoked?
- |
- - The name of the action used to check if a token is revoked. - - | -|
| Name | -Type | -Default | -Docs | -|
|---|---|---|---|---|
| - - - store_changes_action_name - - - - | -
- atom
- |
-
- :store_confirmation_changes
- |
- - The name of the action used to store confirmation changes. - - | -|
| - - - get_changes_action_name - - - - | -
- atom
- |
-
- :get_confirmation_changes
- |
- - The name of the action used to get confirmation changes. - - | -|
| Name | -Type | -Default | -Docs | -|
|---|---|---|---|---|
| - - - api - - - * - - | -
- module
- |
- - - | -- The Ash API to use to access this resource. - | -|
| - - - user_resource - - - * - - | -
- module
- |
- - - | -- The user resource to which these identities belong. - | -|
| - - - uid_attribute_name - - - - | -
- atom
- |
-
- :uid
- |
- - The name of the `uid` attribute on this resource. - | -|
| - - - strategy_attribute_name - - - - | -
- atom
- |
-
- :strategy
- |
- - The name of the `strategy` attribute on this resource. - | -|
| - - - user_id_attribute_name - - - - | -
- atom
- |
-
- :user_id
- |
- - The name of the `user_id` attribute on this resource. - | -|
| - - - access_token_attribute_name - - - - | -
- atom
- |
-
- :access_token
- |
- - The name of the `access_token` attribute on this resource. - | -|
| - - - access_token_expires_at_attribute_name - - - - | -
- atom
- |
-
- :access_token_expires_at
- |
- - The name of the `access_token_expires_at` attribute on this resource. - | -|
| - - - refresh_token_attribute_name - - - - | -
- atom
- |
-
- :refresh_token
- |
- - The name of the `refresh_token` attribute on this resource. - | -|
| - - - upsert_action_name - - - - | -
- atom
- |
-
- :upsert
- |
- - The name of the action used to create and update records. - | -|
| - - - destroy_action_name - - - - | -
- atom
- |
-
- :destroy
- |
- - The name of the action used to destroy records. - | -|
| - - - read_action_name - - - - | -
- atom
- |
-
- :read
- |
- - The name of the action used to query identities. - | -|
| - - - user_relationship_name - - - - | -
- atom
- |
-
- :user
- |
- - The name of the belongs-to relationship between identities and users. - | -|
| Name | -Type | -Default | -Docs | -|
|---|---|---|---|---|
| - - - api - - - * - - | -
- module
- |
- - - | -- The name of the Ash API to use to access this resource when -doing anything authenticaiton related. - - | -|
| - - - subject_name - - - - | -
- atom
- |
- - - | -- The subject name is used anywhere that a short version of your -resource name is needed, eg: - - - generating token claims, - - generating routes, - - form parameter nesting. - -This needs to be unique system-wide and if not set will be inferred -from the resource name (ie `MyApp.Accounts.User` will have a subject -name of `user`). - - | -|
| - - - get_by_subject_action_name - - - - | -
- atom
- |
-
- :get_by_subject
- |
- - The name of the read action used to retrieve records. - -Used internally by `AshAuthentication.subject_to_user/2`. If the -action doesn't exist, one will be generated for you. - - | -|
| - - - select_for_senders - - - - | -
- list(atom)
- |
- - - | -- A list of fields that we will ensure are selected whenever a sender will be invoked. -This is useful if using something like `ash_graphql` which by default only selects -what fields appear in the query, and if you are exposing these actions that way. -Defaults to `[:email]` if there is an `:email` attribute on the resource, and `[]` -otherwise. - - | -|
| Name | -Type | -Default | -Docs | -|
|---|---|---|---|---|
| - - - token_resource - - - * - - | -
- module | false
- |
- - - | -- The resource used to store token information. - -If token generation is enabled for this resource, we need a place to -store information about tokens, such as revocations and in-flight -confirmations. - - | -|
| - - - enabled? - - - - | -
- boolean
- |
-
- false
- |
- - Should JWTs be generated by this resource? - - | -|
| - - - store_all_tokens? - - - - | -
- boolean
- |
-
- false
- |
- - Store all tokens in the `token_resource`? - -Some applications need to keep track of all tokens issued to -any user. This is optional behaviour with `ash_authentication` -in order to preserve as much performance as possible. - - | -|
| - - - require_token_presence_for_authentication? - - - - | -
- boolean
- |
-
- false
- |
- - Require a locally-stored token for authentication? - -This inverts the token validation behaviour from requiring that -tokens are not revoked to requiring any token presented by a -client to be present in the token resource to be considered -valid. - -Requires `store_all_tokens?` to be `true`. - - | -|
| - - - signing_algorithm - - - - | -
- String.t
- |
-
- "HS256"
- |
- - The algorithm to use for token signing. - -Available signing algorithms are; -EdDSA, Ed448ph, Ed448, Ed25519ph, Ed25519, PS512, PS384, PS256, ES512, ES384, ES256, RS512, RS384, RS256, HS512, HS384 and HS256. - - | -|
| - - - token_lifetime - - - - | -
- pos_integer | {pos_integer, :days | :hours | :minutes | :seconds}
- |
-
- {14, :days}
- |
- - How long a token should be valid. - -Since refresh tokens are not yet supported, you should -probably set this to a reasonably long time to ensure -a good user experience. - -You can either provide a tuple with a time unit, or a positive -integer, in which case the unit is assumed to be hours. - -Defaults to 14 days. - - | -|
| - - - signing_secret - - - - | -
- (any, any -> any) | module | String.t
- |
- - - | -- The secret used to sign tokens. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - - | -|