View Source AshAuthentication.TokenResource (ash_authentication v3.11.10)
This is an Ash resource extension which generates the default token resource.
The token resource is used to store information about tokens that should not be shared with the end user. It does not actually contain any tokens.
For example:
- When an authentication token has been revoked
- When a confirmation token has changes to apply
Storage
The information stored in this resource is essentially ephemeral - all tokens have an expiry date, so it doesn't make sense to keep them after that time has passed. However, if you have any tokens with very long expiry times then we suggest you store this resource in a resilient data-layer such as Postgres.
Usage
There is no need to define any attributes or actions (although you can if you want). The extension will wire up everything that's needed for the token system to function.
defmodule MyApp.Accounts.Token do
use Ash.Resource,
data_layer: AshPostgres.DataLayer,
extensions: [AshAuthentication.TokenResource]
token do
api MyApp.Accounts
end
postgres do
table "tokens"
repo MyApp.Repo
end
endWhilst it is possible to have multiple token resources, there is no need to do so.
Removing expired records
Once a token has expired there's no point in keeping the information it refers
to, so expired tokens can be automatically removed by adding the
AshAuthentication.Supervisor to your application supervision tree. This
will start the AshAuthentication.TokenResource.Expunger GenServer which
periodically scans and removes any expired records.
Dsl
Index
- token
- revocation
- confirmation
Docs
token
Configuration options for this token resource
:api(atom/0) - Required. The Ash API to use to access this resource.:expunge_expired_action_name(atom/0) - The name of the action used to remove expired tokens. The default value is:expunge_expired.:read_expired_action_name(atom/0) - The name of the action use to find all expired tokens.
Used internally by theexpunge_expiredaction. The default value is:read_expired.:expunge_interval(pos_integer/0) - How often to remove expired records.
How often to scan this resource for records which have expired, and thus can be removed. The default value is12.:store_token_action_name(atom/0) - The name of the action to use to store a token.
Used ifstore_all_tokens?is enabled in your authentication resource. The default value is:store_token.:get_token_action_name(atom/0) - The name of the action used to retrieve tokens from the store.
Used ifrequire_token_presence_for_authentication?is enabled in your authentication resource. The default value is:get_token.
revocation
Configuration options for token revocation
:revoke_token_action_name(atom/0) - The name of the action used to revoke tokens. The default value is:revoke_token.:is_revoked_action_name(atom/0) - The name of the action used to check if a token is revoked. The default value is:revoked?.
confirmation
Configuration options for confirmation tokens
Summary
Functions
Remove all expired records.
Has the token been revoked?
Revoke a token.
Has the token been revoked?
Functions
@spec expunge_expired( Ash.Resource.t(), keyword() ) :: :ok | {:error, any()}
Remove all expired records.
@spec jti_revoked?(Ash.Resource.t(), String.t(), keyword()) :: boolean()
Has the token been revoked?
Similar to token-revoked?/2..3 except that rather than extracting the JTI
from the token, assumes that it's being passed in directly.
@spec revoke(Ash.Resource.t(), String.t(), keyword()) :: :ok | {:error, any()}
Revoke a token.
Extracts the JTI from the provided token and uses it to generate a revocation record.
@spec token_revoked?(Ash.Resource.t(), String.t(), keyword()) :: boolean()
Has the token been revoked?
Similar to jti_revoked?/2..3 except that it extracts the JTI from the token,
rather than relying on it to be passed in.