View Source AshAuthentication.Plug.Helpers (ash_authentication v4.0.0)

Authentication helpers for use in your router, etc.

Summary

Functions

Given a list of subjects, turn as many as possible into users.

Validate authorization header(s).

Attempt to retrieve all users from the connections' session.

Revoke all authorization header(s).

Set a subject as the request actor.

Store result in private.

Store the user in the connections' session.

Functions

Link to this function

get_authentication_result(conn)

View Source
Link to this function

load_subjects(subjects, otp_app, opts \\ [])

View Source
@spec load_subjects([AshAuthentication.subject()], module(), opts :: Keyword.t()) ::
  map()

Given a list of subjects, turn as many as possible into users.

Opts are forwarded to AshAuthentication.subject_to_user/2

Link to this function

retrieve_from_bearer(conn, otp_app)

View Source
@spec retrieve_from_bearer(Plug.Conn.t(), module()) :: Plug.Conn.t()

Validate authorization header(s).

Assumes that your clients are sending a bearer-style authorization header with your request. If a valid bearer token is present then the subject is loaded into the assigns under their subject name (with the prefix current_).

If the authentication token is required to be present in the database, it is loaded into the assigns using current_#{subject_name}_token_record

If there is no user present for a resource then the assign is set to nil.

Link to this function

retrieve_from_session(conn, otp_app)

View Source
@spec retrieve_from_session(Plug.Conn.t(), module()) :: Plug.Conn.t()

Attempt to retrieve all users from the connections' session.

Iterates through all configured authentication resources for otp_app and retrieves any users stored in the session, loads them and stores them in the assigns under their subject name (with the prefix current_).

If there is no user present for a resource then the assign is set to nil.

Link to this function

revoke_bearer_tokens(conn, otp_app)

View Source
@spec revoke_bearer_tokens(Plug.Conn.t(), module()) :: Plug.Conn.t()

Revoke all authorization header(s).

Any bearer-style authorization headers will have their tokens revoked.

Link to this function

set_actor(conn, subject_name)

View Source
@spec set_actor(Plug.Conn.t(), subject_name :: atom()) :: Plug.Conn.t()

Set a subject as the request actor.

Presumes that you have already loaded your user resource(s) into the connection's assigns.

Uses Ash.PlugHelpers to streamline integration with AshGraphql and AshJsonApi.

Examples

Setting the actor for a AshGraphql API using Plug.Router.

defmodule MyApp.ApiRouter do
  use Plug.Router
  import MyApp.AuthPlug

  plug :match

  plug :retrieve_from_bearer
  plug :set_actor, :user

  plug :dispatch

  forward "/gql",
    to: Absinthe.Plug,
    init_opts: [schema: MyApp.Schema]
end
Link to this function

store_authentication_result(conn, arg2)

View Source
@spec store_authentication_result(
  Plug.Conn.t(),
  :ok | {:ok, Ash.Resource.record()} | :error | {:error, any()}
) :: Plug.Conn.t()

Store result in private.

This is used by authentication plug handlers to store their result for passing back to the dispatcher.

Link to this function

store_in_session(conn, user)

View Source
@spec store_in_session(Plug.Conn.t(), Ash.Resource.record()) :: Plug.Conn.t()

Store the user in the connections' session.