View Source AshAuthentication.Info (ash_authentication v3.11.15)
Generated configuration functions based on a resource's DSL configuration.
Summary
Functions
authentication.add_ons DSL entities
The name of the Ash API to use to access this resource when doing anything authenticaiton related.
The name of the Ash API to use to access this resource when doing anything authenticaiton related.
The name of the read action used to retrieve records.
The name of the read action used to retrieve records.
authentication DSL options
A list of fields that we will ensure are selected whenever a sender will be invoked.
This is useful if using something like ash_graphql
which by default only selects
what fields appear in the query, and if you are exposing these actions that way.
Defaults to [:email]
if there is an :email
attribute on the resource, and []
otherwise.
A list of fields that we will ensure are selected whenever a sender will be invoked.
This is useful if using something like ash_graphql
which by default only selects
what fields appear in the query, and if you are exposing these actions that way.
Defaults to [:email]
if there is an :email
attribute on the resource, and []
otherwise.
authentication.strategies DSL entities
The subject name is used anywhere that a short version of your resource name is needed, eg
The subject name is used anywhere that a short version of your resource name is needed, eg
Should JWTs be generated by this resource?
authentication.tokens DSL options
Require a locally-stored token for authentication?
The algorithm to use for token signing.
The algorithm to use for token signing.
The secret used to sign tokens.
The secret used to sign tokens.
Store all tokens in the token_resource
?
How long a token should be valid.
How long a token should be valid.
The resource used to store token information.
The resource used to store token information.
Find the underlying strategy that required a change/preparation to be used.
Retrieve a named strategy from a resource.
Retrieve a named strategy from a resource (raising version).
Given an action name, retrieve the strategy it is for from the DSL configuration.
Given an action name, retrieve the strategy it is for from the DSL configuration.
Types
Functions
authentication.add_ons DSL entities
The name of the Ash API to use to access this resource when doing anything authenticaiton related.
The name of the Ash API to use to access this resource when doing anything authenticaiton related.
@spec authentication_get_by_subject_action_name(dsl_or_extended :: module() | map()) :: {:ok, atom()} | :error
The name of the read action used to retrieve records.
Used internally by AshAuthentication.subject_to_user/2
. If the
action doesn't exist, one will be generated for you.
@spec authentication_get_by_subject_action_name!(dsl_or_extended :: module() | map()) :: atom() | no_return()
The name of the read action used to retrieve records.
Used internally by AshAuthentication.subject_to_user/2
. If the
action doesn't exist, one will be generated for you.
authentication DSL options
Returns a map containing the and any configured or default values.
@spec authentication_select_for_senders(dsl_or_extended :: module() | map()) :: {:ok, [atom()]} | :error
A list of fields that we will ensure are selected whenever a sender will be invoked.
This is useful if using something like ash_graphql
which by default only selects
what fields appear in the query, and if you are exposing these actions that way.
Defaults to [:email]
if there is an :email
attribute on the resource, and []
otherwise.
@spec authentication_select_for_senders!(dsl_or_extended :: module() | map()) :: [atom()] | no_return()
A list of fields that we will ensure are selected whenever a sender will be invoked.
This is useful if using something like ash_graphql
which by default only selects
what fields appear in the query, and if you are exposing these actions that way.
Defaults to [:email]
if there is an :email
attribute on the resource, and []
otherwise.
authentication.strategies DSL entities
The subject name is used anywhere that a short version of your resource name is needed, eg:
- generating token claims,
- generating routes,
- form parameter nesting.
This needs to be unique system-wide and if not set will be inferred
from the resource name (ie MyApp.Accounts.User
will have a subject
name of user
).
The subject name is used anywhere that a short version of your resource name is needed, eg:
- generating token claims,
- generating routes,
- form parameter nesting.
This needs to be unique system-wide and if not set will be inferred
from the resource name (ie MyApp.Accounts.User
will have a subject
name of user
).
Should JWTs be generated by this resource?
@spec authentication_tokens_options(dsl_or_extended :: module() | map()) :: %{ required(atom()) => any() }
authentication.tokens DSL options
Returns a map containing the and any configured or default values.
authentication_tokens_require_token_presence_for_authentication?(dsl_or_extended)
View Source@spec authentication_tokens_require_token_presence_for_authentication?( dsl_or_extended :: module() | map() ) :: boolean()
Require a locally-stored token for authentication?
This inverts the token validation behaviour from requiring that tokens are not revoked to requiring any token presented by a client to be present in the token resource to be considered valid.
Requires store_all_tokens?
to be true
.
@spec authentication_tokens_signing_algorithm(dsl_or_extended :: module() | map()) :: {:ok, String.t()} | :error
The algorithm to use for token signing.
Available signing algorithms are; EdDSA, Ed448ph, Ed448, Ed25519ph, Ed25519, PS512, PS384, PS256, ES512, ES384, ES256, RS512, RS384, RS256, HS512, HS384 and HS256.
@spec authentication_tokens_signing_algorithm!(dsl_or_extended :: module() | map()) :: String.t() | no_return()
The algorithm to use for token signing.
Available signing algorithms are; EdDSA, Ed448ph, Ed448, Ed25519ph, Ed25519, PS512, PS384, PS256, ES512, ES384, ES256, RS512, RS384, RS256, HS512, HS384 and HS256.
@spec authentication_tokens_signing_secret(dsl_or_extended :: module() | map()) :: {:ok, (module() | {module(), keyword()} | (any(), any() -> any())) | String.t()} | :error
The secret used to sign tokens.
Takes either a module which implements the AshAuthentication.Secret
behaviour, a 2 arity anonymous function or a string.
See the module documentation for AshAuthentication.Secret
for more
information.
@spec authentication_tokens_signing_secret!(dsl_or_extended :: module() | map()) :: ((module() | {module(), keyword()} | (any(), any() -> any())) | String.t()) | no_return()
The secret used to sign tokens.
Takes either a module which implements the AshAuthentication.Secret
behaviour, a 2 arity anonymous function or a string.
See the module documentation for AshAuthentication.Secret
for more
information.
Store all tokens in the token_resource
?
Some applications need to keep track of all tokens issued to
any user. This is optional behaviour with ash_authentication
in order to preserve as much performance as possible.
@spec authentication_tokens_token_lifetime(dsl_or_extended :: module() | map()) :: {:ok, pos_integer() | {pos_integer(), :seconds | :minutes | :hours | :days}} | :error
How long a token should be valid.
Since refresh tokens are not yet supported, you should probably set this to a reasonably long time to ensure a good user experience.
You can either provide a tuple with a time unit, or a positive integer, in which case the unit is assumed to be hours.
Defaults to 14 days.
@spec authentication_tokens_token_lifetime!(dsl_or_extended :: module() | map()) :: (pos_integer() | {pos_integer(), :seconds | :minutes | :hours | :days}) | no_return()
How long a token should be valid.
Since refresh tokens are not yet supported, you should probably set this to a reasonably long time to ensure a good user experience.
You can either provide a tuple with a time unit, or a positive integer, in which case the unit is assumed to be hours.
Defaults to 14 days.
@spec authentication_tokens_token_resource(dsl_or_extended :: module() | map()) :: {:ok, module() | false} | :error
The resource used to store token information.
If token generation is enabled for this resource, we need a place to store information about tokens, such as revocations and in-flight confirmations.
@spec authentication_tokens_token_resource!(dsl_or_extended :: module() | map()) :: (module() | false) | no_return()
The resource used to store token information.
If token generation is enabled for this resource, we need a place to store information about tokens, such as revocations and in-flight confirmations.
@spec find_strategy(Ash.Query.t() | Ash.Changeset.t(), context, options) :: {:ok, AshAuthentication.Strategy.t()} | :error when context: map(), options: Keyword.t()
Find the underlying strategy that required a change/preparation to be used.
This is because the strategy_name
can be passed on the change options, eg:
change {AshAuthentication.Strategy.Password.HashPasswordChange, strategy_name: :banana_custard}
Or via the action context, eg:
prepare set_context(%{strategy_name: :banana_custard})
prepare AshAuthentication.Strategy.Password.SignInPreparation
Or via the passed-in context on calling the action.
@spec strategy(dsl_or_resource() | module(), atom()) :: {:ok, strategy} | :error when strategy: struct()
Retrieve a named strategy from a resource.
@spec strategy!(dsl_or_resource() | module(), atom()) :: strategy | no_return() when strategy: struct()
Retrieve a named strategy from a resource (raising version).
@spec strategy_for_action(dsl_or_resource(), atom()) :: {:ok, AshAuthentication.Strategy.t()} | :error
Given an action name, retrieve the strategy it is for from the DSL configuration.
@spec strategy_for_action!(dsl_or_resource(), atom()) :: AshAuthentication.Strategy.t() | no_return()
Given an action name, retrieve the strategy it is for from the DSL configuration.