# ash_authentication v5.0.0-rc.9 - Table of Contents Authentication extension for the Ash Framework. ## GUIDES - [README](readme.md) - [Change Log](changelog.md) - Start Here - [Get Started](get-started.md) - Tutorials - [API Keys](api-keys.md) - [Audit Log](audit-log.md) - [Auth0](auth0.md) - [Confirmation](confirmation.md) - [Dynamic OIDC](dynamic-oidc.md) - [GitHub](github.md) - [Google](google.md) - [Magic Link](magic-links.md) - [Microsoft](microsoft.md) - [Okta](okta.md) - [One Time Password](otp.md) - [Password](password.md) - [Recovery Codes](recovery-codes.md) - [Remember Me](remember-me.md) - [Slack](slack.md) - [Time-based One Time Password](totp.md) - Topics - [Auto Sign-out](auto-signout.md) - [Custom Strategies](custom-strategy.md) - [Policies](policies-on-authentication-resources.md) - [Testing](testing.md) - [Recovery Code Security](recovery-code-security.md) - [Tokens](tokens.md) - [Upgrading](upgrading.md) - Reference - [AshAuthentication](dsl-ashauthentication.md) - [AshAuthentication.AddOn.AuditLog](dsl-ashauthentication-addon-auditlog.md) - [AshAuthentication.AddOn.Confirmation](dsl-ashauthentication-addon-confirmation.md) - [AshAuthentication.AddOn.LogOutEverywhere](dsl-ashauthentication-addon-logouteverywhere.md) - [AshAuthentication.Strategy.ApiKey](dsl-ashauthentication-strategy-apikey.md) - [AshAuthentication.Strategy.Apple](dsl-ashauthentication-strategy-apple.md) - [AshAuthentication.Strategy.Auth0](dsl-ashauthentication-strategy-auth0.md) - [AshAuthentication.Strategy.DynamicOidc](dsl-ashauthentication-strategy-dynamicoidc.md) - [AshAuthentication.Strategy.Github](dsl-ashauthentication-strategy-github.md) - [AshAuthentication.Strategy.Google](dsl-ashauthentication-strategy-google.md) - [AshAuthentication.Strategy.MagicLink](dsl-ashauthentication-strategy-magiclink.md) - [AshAuthentication.Strategy.Microsoft](dsl-ashauthentication-strategy-microsoft.md) - [AshAuthentication.Strategy.OAuth2](dsl-ashauthentication-strategy-oauth2.md) - [AshAuthentication.Strategy.Oidc](dsl-ashauthentication-strategy-oidc.md) - [AshAuthentication.Strategy.Okta](dsl-ashauthentication-strategy-okta.md) - [AshAuthentication.Strategy.Otp](dsl-ashauthentication-strategy-otp.md) - [AshAuthentication.Strategy.Password](dsl-ashauthentication-strategy-password.md) - [AshAuthentication.Strategy.RecoveryCode](dsl-ashauthentication-strategy-recoverycode.md) - [AshAuthentication.Strategy.RememberMe](dsl-ashauthentication-strategy-rememberme.md) - [AshAuthentication.Strategy.Slack](dsl-ashauthentication-strategy-slack.md) - [AshAuthentication.Strategy.Totp](dsl-ashauthentication-strategy-totp.md) - [AshAuthentication.Strategy.WebAuthn](dsl-ashauthentication-strategy-webauthn.md) - [AshAuthentication.AuditLogResource](dsl-ashauthentication-auditlogresource.md) - [AshAuthentication.OidcConnection](dsl-ashauthentication-oidcconnection.md) - [AshAuthentication.TokenResource](dsl-ashauthentication-tokenresource.md) - [AshAuthentication.UserIdentity](dsl-ashauthentication-useridentity.md) ## Modules - Extensions - [AshAuthentication](AshAuthentication.md): AshAuthentication provides a turn-key authentication solution for folks using [Ash](https://www.ash-hq.org/). - [AshAuthentication.AuditLogResource](AshAuthentication.AuditLogResource.md): This is an Ash resource extension which generates the default audit log resource. - [AshAuthentication.OidcConnection](AshAuthentication.OidcConnection.md): An Ash extension for resources that store dynamic OIDC connection configuration — used by `AshAuthentication.Strategy.DynamicOidc` to look up the OIDC client config at request time instead of pinning it at compile time. - [AshAuthentication.TokenResource](AshAuthentication.TokenResource.md): This is an Ash resource extension which generates the default token resource. - [AshAuthentication.UserIdentity](AshAuthentication.UserIdentity.md): An Ash extension which generates the default user identities resource. - Strategies - [AshAuthentication.AddOn.AuditLog](AshAuthentication.AddOn.AuditLog.md): Audit logging support. - [AshAuthentication.AddOn.Confirmation](AshAuthentication.AddOn.Confirmation.md): Confirmation support. - [AshAuthentication.AddOn.LogOutEverywhere](AshAuthentication.AddOn.LogOutEverywhere.md): Log out everywhere support. - [AshAuthentication.Strategy](AshAuthentication.Strategy.md): The protocol used for interacting with authentication strategies. - [AshAuthentication.Strategy.ApiKey](AshAuthentication.Strategy.ApiKey.md): Strategy for authenticating using an API key. - [AshAuthentication.Strategy.Apple](AshAuthentication.Strategy.Apple.md): Strategy for authenticating using [Apple Sign In](https://developer.apple.com/sign-in-with-apple/) - [AshAuthentication.Strategy.Auth0](AshAuthentication.Strategy.Auth0.md): Strategy for authenticating using [Auth0](https://auth0.com). - [AshAuthentication.Strategy.Custom](AshAuthentication.Strategy.Custom.md): Define your own custom authentication strategy. - [AshAuthentication.Strategy.DynamicOidc](AshAuthentication.Strategy.DynamicOidc.md): Strategy for authenticating against arbitrary OpenID Connect providers whose configuration lives in a database table rather than in your application's compile-time DSL. - [AshAuthentication.Strategy.Github](AshAuthentication.Strategy.Github.md): Strategy for authenticating using [GitHub](https://github.com) - [AshAuthentication.Strategy.Google](AshAuthentication.Strategy.Google.md): Strategy for authenticating using [Google](https://google.com) - [AshAuthentication.Strategy.MagicLink](AshAuthentication.Strategy.MagicLink.md): Strategy for authentication using a magic link. - [AshAuthentication.Strategy.Microsoft](AshAuthentication.Strategy.Microsoft.md): Strategy for authenticating using [Microsoft](https://microsoft.com) - [AshAuthentication.Strategy.OAuth2](AshAuthentication.Strategy.OAuth2.md): Strategy for authenticating using any OAuth 2.0 server as the source of truth. - [AshAuthentication.Strategy.Oidc](AshAuthentication.Strategy.Oidc.md): Strategy for authentication using an [OpenID Connect](https://openid.net/connect/) compatible server as the source of truth. - [AshAuthentication.Strategy.Okta](AshAuthentication.Strategy.Okta.md): Strategy for authenticating using [Okta](https://okta.com). - [AshAuthentication.Strategy.Otp](AshAuthentication.Strategy.Otp.md): Strategy for authentication using a one-time password (OTP). - [AshAuthentication.Strategy.Password](AshAuthentication.Strategy.Password.md): Strategy for authenticating using local resources as the source of truth. - [AshAuthentication.Strategy.RecoveryCode](AshAuthentication.Strategy.RecoveryCode.md): Strategy for recovery code authentication. - [AshAuthentication.Strategy.RememberMe](AshAuthentication.Strategy.RememberMe.md): Strategy for authenticating using a remember me token that has a configurable token_lifetime and is typically valid longer than a session token. Remember me tokens are generated by other strategies (e.g. MagicLink) to allow for authentication to continue beyond the scope of the current session. - [AshAuthentication.Strategy.Slack](AshAuthentication.Strategy.Slack.md): Strategy for authenticating using [Slack](https://slack.com) - [AshAuthentication.Strategy.Totp](AshAuthentication.Strategy.Totp.md): Strategy for Time-based One-Time Password (TOTP) authentication. - [AshAuthentication.Strategy.WebAuthn](AshAuthentication.Strategy.WebAuthn.md): Strategy for authenticating using [WebAuthn/FIDO2](https://webauthn.io/) hardware security keys and passkeys. - Cryptography - [AshAuthentication.BcryptProvider](AshAuthentication.BcryptProvider.md): Provides the default implementation of `AshAuthentication.HashProvider` using `Bcrypt`. - [AshAuthentication.HashProvider](AshAuthentication.HashProvider.md): A behaviour providing password hashing. - [AshAuthentication.Jwt](AshAuthentication.Jwt.md): Uses the excellent `joken` hex package to generate and sign Json Web Tokens. - Introspection - [AshAuthentication.AuditLogResource.Info](AshAuthentication.AuditLogResource.Info.md): Introspection functions for the `AshAuthentication.AuditLogResource` Ash extension. - [AshAuthentication.Info](AshAuthentication.Info.md): Generated configuration functions based on a resource's DSL configuration. - [AshAuthentication.OidcConnection.Info](AshAuthentication.OidcConnection.Info.md): Introspection functions for the `AshAuthentication.OidcConnection` Ash extension. - [AshAuthentication.TokenResource.Info](AshAuthentication.TokenResource.Info.md): Introspection functions for the `AshAuthentication.TokenResource` Ash extension. - [AshAuthentication.UserIdentity.Info](AshAuthentication.UserIdentity.Info.md): Introspection functions for the `AshAuthentication.UserIdentity` Ash extension. - Utilities - [AshAuthentication.Debug](AshAuthentication.Debug.md): Allows you to debug authentication failures in development. - [AshAuthentication.Secret](AshAuthentication.Secret.md): A module to implement retrieving of secrets. - [AshAuthentication.Sender](AshAuthentication.Sender.md): A module to implement sending of a token to a user. - [AshAuthentication.Supervisor](AshAuthentication.Supervisor.md): Starts and manages any processes required by AshAuthentication. - Plugs - [AshAuthentication.Plug](AshAuthentication.Plug.md): Generate an authentication plug. - [AshAuthentication.Plug.Helpers](AshAuthentication.Plug.Helpers.md): Authentication helpers for use in your router, etc. - Reusable Components - [AshAuthentication.Checks.AshAuthenticationInteraction](AshAuthentication.Checks.AshAuthenticationInteraction.md): This check is true if the context `private.ash_authentication?` is set to true. - [AshAuthentication.GenerateTokenChange](AshAuthentication.GenerateTokenChange.md): Given a successful registration or sign-in, generate a token. - [AshAuthentication.Strategy.Password.HashPasswordChange](AshAuthentication.Strategy.Password.HashPasswordChange.md): Set the hash based on the password input. - [AshAuthentication.Strategy.Password.PasswordConfirmationValidation](AshAuthentication.Strategy.Password.PasswordConfirmationValidation.md): Validate that the password and password confirmation match. - [AshAuthentication.Strategy.Password.PasswordValidation](AshAuthentication.Strategy.Password.PasswordValidation.md): A convenience validation that checks that the password argument against the hashed password stored in the record. - [AshAuthentication.Validations](AshAuthentication.Validations.md): Common validations shared by several transformers. - [AshAuthentication.Validations.Action](AshAuthentication.Validations.Action.md): Validation helpers for Resource actions. - [AshAuthentication.Validations.Attribute](AshAuthentication.Validations.Attribute.md): Validation helpers for Resource attributes. - Errors - [AshAuthentication.Errors.AuthenticationFailed](AshAuthentication.Errors.AuthenticationFailed.md): A generic, authentication failed error. - [AshAuthentication.Errors.CannotConfirmUnconfirmedUser](AshAuthentication.Errors.CannotConfirmUnconfirmedUser.md): An unconfirmed user cannot be confirmed outside of explicit actions. - [AshAuthentication.Errors.InvalidSecret](AshAuthentication.Errors.InvalidSecret.md): A secret returned an invalid value. - [AshAuthentication.Errors.InvalidToken](AshAuthentication.Errors.InvalidToken.md): An invalid token was presented. - [AshAuthentication.Errors.MissingSecret](AshAuthentication.Errors.MissingSecret.md): A secret is now missing. - [AshAuthentication.Errors.SenderFailed](AshAuthentication.Errors.SenderFailed.md): A sender failed to deliver a token. - [AshAuthentication.Errors.UnconfirmedUser](AshAuthentication.Errors.UnconfirmedUser.md): The user is unconfirmed and so the operation cannot be executed. - Internals - [AshAuthentication.AddOn.AuditLog.Auditor](AshAuthentication.AddOn.AuditLog.Auditor.md): Provides common audit logging behaviour for Ash actions. - [AshAuthentication.AddOn.AuditLog.Auditor.Change](AshAuthentication.AddOn.AuditLog.Auditor.Change.md): Implements the `Ash.Resource.Change` behaviour for audit logging - [AshAuthentication.AddOn.AuditLog.Auditor.Preparation](AshAuthentication.AddOn.AuditLog.Auditor.Preparation.md): Implements the `Ash.Resource.Preparation` behaviour for audit logging - [AshAuthentication.AddOn.AuditLog.BruteForceHelpers](AshAuthentication.AddOn.AuditLog.BruteForceHelpers.md): Helpers for audit log-based brute force protection. - [AshAuthentication.AddOn.AuditLog.BruteForcePreparation](AshAuthentication.AddOn.AuditLog.BruteForcePreparation.md): Preparation that checks the audit log for failed authentication attempts. - [AshAuthentication.AddOn.AuditLog.Dsl](AshAuthentication.AddOn.AuditLog.Dsl.md): Defines the Spark DSL entity for this add on. - [AshAuthentication.AddOn.AuditLog.IdentityBruteForcePreparation](AshAuthentication.AddOn.AuditLog.IdentityBruteForcePreparation.md): Preparation that rejects an action when the audit log shows too many recent failed attempts for the submitted identity. - [AshAuthentication.AddOn.AuditLog.IpPrivacy](AshAuthentication.AddOn.AuditLog.IpPrivacy.md): Provides IP address privacy transformations for audit logging. - [AshAuthentication.AddOn.AuditLog.Verifier](AshAuthentication.AddOn.AuditLog.Verifier.md): Provides configuration validation for the AuditLog add-on. - [AshAuthentication.AddOn.AuditLog.VerifierHelpers](AshAuthentication.AddOn.AuditLog.VerifierHelpers.md): Helpers for strategy verifiers that need to validate a `brute_force_strategy {:audit_log, :name}` configuration against the audit-log add-on on the resource. - [AshAuthentication.AddOn.Confirmation.Actions](AshAuthentication.AddOn.Confirmation.Actions.md): Actions for the confirmation add-on. - [AshAuthentication.AddOn.Confirmation.ConfirmChange](AshAuthentication.AddOn.Confirmation.ConfirmChange.md): Performs a change based on the contents of a confirmation token. - [AshAuthentication.AddOn.Confirmation.ConfirmationHookChange](AshAuthentication.AddOn.Confirmation.ConfirmationHookChange.md): Triggers a confirmation flow when one of the monitored fields is changed. - [AshAuthentication.AddOn.Confirmation.Dsl](AshAuthentication.AddOn.Confirmation.Dsl.md): Defines the Spark DSL entity for this add on. - [AshAuthentication.AddOn.Confirmation.Plug](AshAuthentication.AddOn.Confirmation.Plug.md): Handlers for incoming OAuth2 HTTP requests. - [AshAuthentication.AddOn.Confirmation.Transformer](AshAuthentication.AddOn.Confirmation.Transformer.md): DSL transformer for confirmation add-on. - [AshAuthentication.AddOn.Confirmation.Verifier](AshAuthentication.AddOn.Confirmation.Verifier.md): DSL verifier for confirmation add-on. - [AshAuthentication.AddOn.LogOutEverywhere.Action](AshAuthentication.AddOn.LogOutEverywhere.Action.md): Revokes all tokens for the specified user. - [AshAuthentication.AddOn.LogOutEverywhere.Dsl](AshAuthentication.AddOn.LogOutEverywhere.Dsl.md): Defines the Spark DSL entity for this add on. - [AshAuthentication.AddOn.LogOutEverywhere.OnPasswordChange](AshAuthentication.AddOn.LogOutEverywhere.OnPasswordChange.md): Logs a user out from everywhere by revoking all stored tokens. - [AshAuthentication.AddOn.LogOutEverywhere.Transformer](AshAuthentication.AddOn.LogOutEverywhere.Transformer.md): DSL transformer the the log-out-everywhere add-on. - [AshAuthentication.AddOn.LogOutEverywhere.Verifier](AshAuthentication.AddOn.LogOutEverywhere.Verifier.md): DSL verifier for the log-out-everywhere add-on. - [AshAuthentication.Argon2Provider](AshAuthentication.Argon2Provider.md): Provides an implementation of `AshAuthentication.HashProvider` using `Argon2`. - [AshAuthentication.AuditLogResource.Batcher](AshAuthentication.AuditLogResource.Batcher.md): A `GenServer` which batches up writes to the audit log to reduce write pressure in busy environments. - [AshAuthentication.AuditLogResource.Expunger](AshAuthentication.AuditLogResource.Expunger.md): A `GenServer` which removes old audit log entries once they're no longer relevant. - [AshAuthentication.AuditLogResource.Verifier](AshAuthentication.AuditLogResource.Verifier.md): Compile-time checks for the audit log resource. - [AshAuthentication.Checks.UsingApiKey](AshAuthentication.Checks.UsingApiKey.md): This check is true if `user.__metadata__[:using_api_key?]` is set to true. - [AshAuthentication.Igniter](AshAuthentication.Igniter.md): Codemods for working with AshAuthentication - [AshAuthentication.Jwt.Config](AshAuthentication.Jwt.Config.md): Implementation details JWT generation and validation. - [AshAuthentication.OidcConnection.Transformer](AshAuthentication.OidcConnection.Transformer.md): Sets up default attributes and actions for resources extended with `AshAuthentication.OidcConnection`. - [AshAuthentication.Plug.Defaults](AshAuthentication.Plug.Defaults.md): Provides the default implementations of `handle_success/3` and `handle_failure/2` used in generated authentication plugs. - [AshAuthentication.Plug.Dispatcher](AshAuthentication.Plug.Dispatcher.md): Route requests and callbacks to the correct provider plugs. - [AshAuthentication.Plug.Macros](AshAuthentication.Plug.Macros.md): Generators used within `use AshAuthentication.Plug`. - [AshAuthentication.Plug.Router](AshAuthentication.Plug.Router.md): Dynamically generates the authentication router for the authentication requests and callbacks. - [AshAuthentication.Preparations.FilterBySubject](AshAuthentication.Preparations.FilterBySubject.md): Filters a user by the identifier in the subject of a JWT. - [AshAuthentication.SHA256Provider](AshAuthentication.SHA256Provider.md): Provides an implementation of `AshAuthentication.HashProvider` using SHA-256. - [AshAuthentication.SecretFunction](AshAuthentication.SecretFunction.md): Implements `AshAuthentication.Secret` for functions that are provided to the DSL instead of modules. - [AshAuthentication.SenderFunction](AshAuthentication.SenderFunction.md): Implements `AshAuthentication.Sender` for functions that are provided to the DSL instead of modules. - [AshAuthentication.Strategy.ApiKey.Actions](AshAuthentication.Strategy.ApiKey.Actions.md): Actions for the API key strategy. - [AshAuthentication.Strategy.ApiKey.GenerateApiKey](AshAuthentication.Strategy.ApiKey.GenerateApiKey.md): Generates a random API key for a user. - [AshAuthentication.Strategy.ApiKey.Plug](AshAuthentication.Strategy.ApiKey.Plug.md): Plug for authenticating using API keys. - [AshAuthentication.Strategy.ApiKey.SignInPreparation](AshAuthentication.Strategy.ApiKey.SignInPreparation.md): Prepare a query for sign in. - [AshAuthentication.Strategy.ApiKey.Transformer](AshAuthentication.Strategy.ApiKey.Transformer.md): DSL transformer for API keys. - [AshAuthentication.Strategy.ApiKey.Verifier](AshAuthentication.Strategy.ApiKey.Verifier.md): DSL verifier for API key authentication. - [AshAuthentication.Strategy.Apple.Verifier](AshAuthentication.Strategy.Apple.Verifier.md): DSL verifier for Apple strategy. - [AshAuthentication.Strategy.Custom.Helpers](AshAuthentication.Strategy.Custom.Helpers.md): Helpers for use within custom strategies. - [AshAuthentication.Strategy.Custom.Transformer](AshAuthentication.Strategy.Custom.Transformer.md): Transformer used by custom strategies. - [AshAuthentication.Strategy.Custom.Verifier](AshAuthentication.Strategy.Custom.Verifier.md): Verifier used by custom strategies. - [AshAuthentication.Strategy.DynamicOidc.IdentityChange](AshAuthentication.Strategy.DynamicOidc.IdentityChange.md): Updates the identity resource when a user is registered through a `dynamic_oidc` strategy, namespacing the `strategy` field with the matched connection id so the `{user_id, uid, strategy}` unique constraint disambiguates between IdPs that may issue colliding `sub` claims. - [AshAuthentication.Strategy.DynamicOidc.Plug](AshAuthentication.Strategy.DynamicOidc.Plug.md): Handlers for `dynamic_oidc` HTTP requests. - [AshAuthentication.Strategy.DynamicOidc.Transformer](AshAuthentication.Strategy.DynamicOidc.Transformer.md): DSL transformer for `dynamic_oidc` strategies. - [AshAuthentication.Strategy.DynamicOidc.Verifier](AshAuthentication.Strategy.DynamicOidc.Verifier.md): DSL verifier for `dynamic_oidc` strategies. - [AshAuthentication.Strategy.MagicLink.Actions](AshAuthentication.Strategy.MagicLink.Actions.md): Actions for the magic link strategy. - [AshAuthentication.Strategy.MagicLink.Plug](AshAuthentication.Strategy.MagicLink.Plug.md): Plugs for the magic link strategy. - [AshAuthentication.Strategy.MagicLink.Request](AshAuthentication.Strategy.MagicLink.Request.md): Requests a magic link for the given identity field. - [AshAuthentication.Strategy.MagicLink.SignInChange](AshAuthentication.Strategy.MagicLink.SignInChange.md): Set up a create action for magic link sign in. - [AshAuthentication.Strategy.MagicLink.SignInPreparation](AshAuthentication.Strategy.MagicLink.SignInPreparation.md): Prepare a query for sign in. - [AshAuthentication.Strategy.MagicLink.Transformer](AshAuthentication.Strategy.MagicLink.Transformer.md): DSL transformer for magic links. - [AshAuthentication.Strategy.MagicLink.Verifier](AshAuthentication.Strategy.MagicLink.Verifier.md): DSL verifier for magic links. - [AshAuthentication.Strategy.Microsoft.AzureADMultitenant](AshAuthentication.Strategy.Microsoft.AzureADMultitenant.md): When using Microsoft's `/common` or `/organizations` OIDC endpoints, the discovery document returns a templated issuer - [AshAuthentication.Strategy.OAuth2.Actions](AshAuthentication.Strategy.OAuth2.Actions.md): Actions for the oauth2 strategy. - [AshAuthentication.Strategy.OAuth2.Dsl](AshAuthentication.Strategy.OAuth2.Dsl.md): Defines the Spark DSL entity for this strategy. - [AshAuthentication.Strategy.OAuth2.IdentityChange](AshAuthentication.Strategy.OAuth2.IdentityChange.md): Updates the identity resource when a user is registered. - [AshAuthentication.Strategy.OAuth2.Plug](AshAuthentication.Strategy.OAuth2.Plug.md): Handlers for incoming OAuth2 HTTP requests. - [AshAuthentication.Strategy.OAuth2.SignInPreparation](AshAuthentication.Strategy.OAuth2.SignInPreparation.md): Prepare a query for sign in - [AshAuthentication.Strategy.OAuth2.Transformer](AshAuthentication.Strategy.OAuth2.Transformer.md): DSL transformer for oauth2 strategies. - [AshAuthentication.Strategy.OAuth2.UserInfoToAttributes](AshAuthentication.Strategy.OAuth2.UserInfoToAttributes.md): Sets resource attributes from the `user_info` argument provided by an OAuth2 callback. - [AshAuthentication.Strategy.OAuth2.Verifier](AshAuthentication.Strategy.OAuth2.Verifier.md): DSL verifier for oauth2 strategies. - [AshAuthentication.Strategy.Oidc.NonceGenerator](AshAuthentication.Strategy.Oidc.NonceGenerator.md): An implmentation of `AshAuthentication.Secret` that generates nonces for OpenID Connect strategies. - [AshAuthentication.Strategy.Oidc.Transformer](AshAuthentication.Strategy.Oidc.Transformer.md): DSL transformer for oidc strategies. - [AshAuthentication.Strategy.Oidc.Verifier](AshAuthentication.Strategy.Oidc.Verifier.md): DSL verifier for OpenID Connect strategy. - [AshAuthentication.Strategy.Otp.Actions](AshAuthentication.Strategy.Otp.Actions.md): Actions for the OTP strategy. - [AshAuthentication.Strategy.Otp.DefaultGenerator](AshAuthentication.Strategy.Otp.DefaultGenerator.md): Default OTP code generator. - [AshAuthentication.Strategy.Otp.Plug](AshAuthentication.Strategy.Otp.Plug.md): Plugs for the OTP strategy. - [AshAuthentication.Strategy.Otp.Request](AshAuthentication.Strategy.Otp.Request.md): Implementation of the OTP request action. - [AshAuthentication.Strategy.Otp.SignInChange](AshAuthentication.Strategy.Otp.SignInChange.md): Change for OTP sign-in when registration is enabled. - [AshAuthentication.Strategy.Otp.SignInPreparation](AshAuthentication.Strategy.Otp.SignInPreparation.md): Prepare a query for OTP sign in. - [AshAuthentication.Strategy.Otp.Transformer](AshAuthentication.Strategy.Otp.Transformer.md): DSL transformer for OTP strategy. - [AshAuthentication.Strategy.Otp.Verifier](AshAuthentication.Strategy.Otp.Verifier.md): DSL verifier for OTP strategy. - [AshAuthentication.Strategy.Password.Actions](AshAuthentication.Strategy.Password.Actions.md): Actions for the password strategy - [AshAuthentication.Strategy.Password.Dsl](AshAuthentication.Strategy.Password.Dsl.md): Defines the Spark DSL entity for this strategy. - [AshAuthentication.Strategy.Password.Plug](AshAuthentication.Strategy.Password.Plug.md): Plugs for the password strategy. - [AshAuthentication.Strategy.Password.RequestPasswordReset](AshAuthentication.Strategy.Password.RequestPasswordReset.md): Requests a password reset. - [AshAuthentication.Strategy.Password.ResetTokenValidation](AshAuthentication.Strategy.Password.ResetTokenValidation.md): Validate that the token is a valid password reset request token. - [AshAuthentication.Strategy.Password.Resettable](AshAuthentication.Strategy.Password.Resettable.md): The entity used to store password reset information. - [AshAuthentication.Strategy.Password.SignInPreparation](AshAuthentication.Strategy.Password.SignInPreparation.md): Prepare a query for sign in - [AshAuthentication.Strategy.Password.SignInWithTokenPreparation](AshAuthentication.Strategy.Password.SignInWithTokenPreparation.md): Prepare a query for sign in via token. - [AshAuthentication.Strategy.Password.Transformer](AshAuthentication.Strategy.Password.Transformer.md): DSL transformer for the password strategy. - [AshAuthentication.Strategy.Password.Verifier](AshAuthentication.Strategy.Password.Verifier.md): DSL verifier for the password strategy. - [AshAuthentication.Strategy.RecoveryCode.Actions](AshAuthentication.Strategy.RecoveryCode.Actions.md): Actions for the recovery code strategy. - [AshAuthentication.Strategy.RecoveryCode.Dsl](AshAuthentication.Strategy.RecoveryCode.Dsl.md): Defines the Spark DSL entity for the recovery code strategy. - [AshAuthentication.Strategy.RecoveryCode.HashRecoveryCodesChange](AshAuthentication.Strategy.RecoveryCode.HashRecoveryCodesChange.md): Change that hashes recovery codes before storage. - [AshAuthentication.Strategy.RecoveryCode.Plug](AshAuthentication.Strategy.RecoveryCode.Plug.md): Plugs for the recovery code strategy. - [AshAuthentication.Strategy.RecoveryCode.Transformer](AshAuthentication.Strategy.RecoveryCode.Transformer.md): DSL transformer for the recovery_code strategy. - [AshAuthentication.Strategy.RecoveryCode.Verifier](AshAuthentication.Strategy.RecoveryCode.Verifier.md): DSL verifier for the recovery_code strategy. - [AshAuthentication.Strategy.RecoveryCode.VerifyAction](AshAuthentication.Strategy.RecoveryCode.VerifyAction.md): Implementation of the recovery code verify action. - [AshAuthentication.Strategy.RememberMe.Dsl](AshAuthentication.Strategy.RememberMe.Dsl.md): Defines the Spark DSL entity for the RememberMe strategy. - [AshAuthentication.Strategy.RememberMe.MaybeGenerateTokenChange](AshAuthentication.Strategy.RememberMe.MaybeGenerateTokenChange.md): Maybe generate a remember me token and put it in the metadata of the resource to later be dropped as a cookie. - [AshAuthentication.Strategy.RememberMe.MaybeGenerateTokenPreparation](AshAuthentication.Strategy.RememberMe.MaybeGenerateTokenPreparation.md): Maybe generate a remember me token and put it in the metadata of the resource to later be dropped as a cookie. - [AshAuthentication.Strategy.RememberMe.Plug.Helpers](AshAuthentication.Strategy.RememberMe.Plug.Helpers.md): Plug for signing in with remember me token in cookies. - [AshAuthentication.Strategy.RememberMe.SignInPreparation](AshAuthentication.Strategy.RememberMe.SignInPreparation.md): Prepare a query for sign in via the remember me token. - [AshAuthentication.Strategy.RememberMe.Token.Helpers](AshAuthentication.Strategy.RememberMe.Token.Helpers.md): Helpers for remember me tokens. - [AshAuthentication.Strategy.RememberMe.Transformer](AshAuthentication.Strategy.RememberMe.Transformer.md): DSL transformer for the remember me strategy. - [AshAuthentication.Strategy.RememberMe.Verifier](AshAuthentication.Strategy.RememberMe.Verifier.md): DSL verifier for the remember me strategy. - [AshAuthentication.Strategy.Slack.Verifier](AshAuthentication.Strategy.Slack.Verifier.md): DSL verifier for Slack strategy. - [AshAuthentication.Strategy.Totp.Actions](AshAuthentication.Strategy.Totp.Actions.md): Actions for the TOTP strategy. - [AshAuthentication.Strategy.Totp.AuditLogChange](AshAuthentication.Strategy.Totp.AuditLogChange.md): Change that checks the audit log for failed TOTP attempts before update actions. - [AshAuthentication.Strategy.Totp.AuditLogHelpers](AshAuthentication.Strategy.Totp.AuditLogHelpers.md): Delegates to `AshAuthentication.AddOn.AuditLog.BruteForceHelpers`. - [AshAuthentication.Strategy.Totp.AuditLogPreparation](AshAuthentication.Strategy.Totp.AuditLogPreparation.md): Preparation that checks the audit log for failed TOTP attempts. - [AshAuthentication.Strategy.Totp.ConfirmSetupChange](AshAuthentication.Strategy.Totp.ConfirmSetupChange.md): Confirms a pending TOTP setup by verifying a code and storing the secret. - [AshAuthentication.Strategy.Totp.Dsl](AshAuthentication.Strategy.Totp.Dsl.md): Defines the Spark DSL entity for this strategy. - [AshAuthentication.Strategy.Totp.GeneratePendingSetupChange](AshAuthentication.Strategy.Totp.GeneratePendingSetupChange.md): Generates a pending TOTP setup for two-step confirmation. - [AshAuthentication.Strategy.Totp.GenerateSecretChange](AshAuthentication.Strategy.Totp.GenerateSecretChange.md): Generates a new TOTP secret for a user. - [AshAuthentication.Strategy.Totp.Plug](AshAuthentication.Strategy.Totp.Plug.md): Plugs for the TOTP strategy. - [AshAuthentication.Strategy.Totp.SignInPreparation](AshAuthentication.Strategy.Totp.SignInPreparation.md): Preparation for the TOTP sign-in action. - [AshAuthentication.Strategy.Totp.TotpUrlCalculation](AshAuthentication.Strategy.Totp.TotpUrlCalculation.md): Calculates the TOTP URL for a user record. - [AshAuthentication.Strategy.Totp.Transformer](AshAuthentication.Strategy.Totp.Transformer.md): DSL transformer for the totp strategy. - [AshAuthentication.Strategy.Totp.Verifier](AshAuthentication.Strategy.Totp.Verifier.md): DSL verifier for the totp strategy. - [AshAuthentication.Strategy.Totp.VerifyAction](AshAuthentication.Strategy.Totp.VerifyAction.md): Implementation of the TOTP verify action. - [AshAuthentication.Strategy.WebAuthn.Actions](AshAuthentication.Strategy.WebAuthn.Actions.md): Core action implementations for the WebAuthn strategy. - [AshAuthentication.Strategy.WebAuthn.CoseKey](AshAuthentication.Strategy.WebAuthn.CoseKey.md): An Ash type for storing COSE public keys using CBOR encoding. - [AshAuthentication.Strategy.WebAuthn.Dsl](AshAuthentication.Strategy.WebAuthn.Dsl.md): Defines the Spark DSL entity for the WebAuthn strategy. - [AshAuthentication.Strategy.WebAuthn.Helpers](AshAuthentication.Strategy.WebAuthn.Helpers.md): Helper functions for the WebAuthn strategy. - [AshAuthentication.Strategy.WebAuthn.Plug](AshAuthentication.Strategy.WebAuthn.Plug.md): Plug handlers for the WebAuthn strategy. - [AshAuthentication.Strategy.WebAuthn.SignInPreparation](AshAuthentication.Strategy.WebAuthn.SignInPreparation.md): Prepare a query for WebAuthn sign in. - [AshAuthentication.Strategy.WebAuthn.SignInWithTokenPreparation](AshAuthentication.Strategy.WebAuthn.SignInWithTokenPreparation.md): Prepare a query for sign in via short-lived token after a WebAuthn ceremony. - [AshAuthentication.Strategy.WebAuthn.Transformer](AshAuthentication.Strategy.WebAuthn.Transformer.md): DSL transformer for the WebAuthn strategy. - [AshAuthentication.Strategy.WebAuthn.Verifier](AshAuthentication.Strategy.WebAuthn.Verifier.md): DSL verifier for the WebAuthn strategy. - [AshAuthentication.Test.WebAuthnFixtures](AshAuthentication.Test.WebAuthnFixtures.md): Generates valid WebAuthn registration and authentication fixture data using programmatic EC key pairs and CBOR encoding. - [AshAuthentication.TokenResource.Actions](AshAuthentication.TokenResource.Actions.md): The code interface for interacting with the token resource. - [AshAuthentication.TokenResource.Expunger](AshAuthentication.TokenResource.Expunger.md): A `GenServer` which periodically removes expired token revocations. - [AshAuthentication.TokenResource.GetConfirmationChangesPreparation](AshAuthentication.TokenResource.GetConfirmationChangesPreparation.md): Constrains a query to only records which are confirmations that match the jti argument. - [AshAuthentication.TokenResource.GetTokenPreparation](AshAuthentication.TokenResource.GetTokenPreparation.md): Constrains a query to only records which match the `jti` or `token` argument and optionally by the `purpose` argument. - [AshAuthentication.TokenResource.IsRevoked](AshAuthentication.TokenResource.IsRevoked.md): Checks for the existence of a revocation token for the provided token revocation token for the provided token. - [AshAuthentication.TokenResource.RevokeAllStoredForSubjectChange](AshAuthentication.TokenResource.RevokeAllStoredForSubjectChange.md): Updates all tokens for a given subject to have the purpose revocation - [AshAuthentication.TokenResource.RevokeJtiChange](AshAuthentication.TokenResource.RevokeJtiChange.md): Generates a revocation record for a given token. - [AshAuthentication.TokenResource.RevokeTokenChange](AshAuthentication.TokenResource.RevokeTokenChange.md): Generates a revocation record for a given token. - [AshAuthentication.TokenResource.StoreConfirmationChangesChange](AshAuthentication.TokenResource.StoreConfirmationChangesChange.md): Populates the JTI based on the token argument. - [AshAuthentication.TokenResource.StoreTokenChange](AshAuthentication.TokenResource.StoreTokenChange.md): Stores an arbitrary token. - [AshAuthentication.TokenResource.Transformer](AshAuthentication.TokenResource.Transformer.md): The token resource transformer. - [AshAuthentication.TokenResource.Verifier](AshAuthentication.TokenResource.Verifier.md): The token resource verifier. - [AshAuthentication.Transformer](AshAuthentication.Transformer.md): The Authentication transformer - [AshAuthentication.Transformer.SetSelectForSenders](AshAuthentication.Transformer.SetSelectForSenders.md): Sets the `select_for_senders` options to its default value. - [AshAuthentication.UserIdentity.Actions](AshAuthentication.UserIdentity.Actions.md): Code interface for provider identity actions. - [AshAuthentication.UserIdentity.Transformer](AshAuthentication.UserIdentity.Transformer.md): The user identity transformer. - [AshAuthentication.UserIdentity.UpsertIdentityChange](AshAuthentication.UserIdentity.UpsertIdentityChange.md): A change which upserts a user's identity into the user identity resource. - [AshAuthentication.UserIdentity.Verifier](AshAuthentication.UserIdentity.Verifier.md): The user identity verifier. - [AshAuthentication.Verifier](AshAuthentication.Verifier.md): The Authentication verifier. ## Mix Tasks - Internals - [mix ash_authentication.add_add_on](Mix.Tasks.AshAuthentication.AddAddOn.md): Adds the provided add-on to your user resource - [mix ash_authentication.add_add_on.audit_log](Mix.Tasks.AshAuthentication.AddAddOn.AuditLog.md): Adds an audit log add-on to your user resource - [mix ash_authentication.add_add_on.confirmation](Mix.Tasks.AshAuthentication.AddAddOn.Confirmation.md): Adds email confirmation to your user resource - [mix ash_authentication.add_strategy](Mix.Tasks.AshAuthentication.AddStrategy.md): Adds the provided strategy or strategies to your user resource - [mix ash_authentication.add_strategy.api_key](Mix.Tasks.AshAuthentication.AddStrategy.ApiKey.md): Adds API key authentication to your user resource - [mix ash_authentication.add_strategy.apple](Mix.Tasks.AshAuthentication.AddStrategy.Apple.md): Adds Apple Sign In authentication to your user resource - [mix ash_authentication.add_strategy.auth0](Mix.Tasks.AshAuthentication.AddStrategy.Auth0.md): Adds Auth0 OAuth authentication to your user resource - [mix ash_authentication.add_strategy.dynamic_oidc](Mix.Tasks.AshAuthentication.AddStrategy.DynamicOidc.md): Adds a data-driven OIDC strategy + OidcConnection resource - [mix ash_authentication.add_strategy.github](Mix.Tasks.AshAuthentication.AddStrategy.Github.md): Adds GitHub OAuth authentication to your user resource - [mix ash_authentication.add_strategy.google](Mix.Tasks.AshAuthentication.AddStrategy.Google.md): Adds Google OAuth authentication to your user resource - [mix ash_authentication.add_strategy.magic_link](Mix.Tasks.AshAuthentication.AddStrategy.MagicLink.md): Adds magic link authentication to your user resource - [mix ash_authentication.add_strategy.microsoft](Mix.Tasks.AshAuthentication.AddStrategy.Microsoft.md): Adds Microsoft OAuth authentication to your user resource - [mix ash_authentication.add_strategy.oauth2](Mix.Tasks.AshAuthentication.AddStrategy.Oauth2.md): Adds a generic OAuth2 authentication strategy to your user resource - [mix ash_authentication.add_strategy.oidc](Mix.Tasks.AshAuthentication.AddStrategy.Oidc.md): Adds a generic OpenID Connect authentication strategy to your user resource - [mix ash_authentication.add_strategy.okta](Mix.Tasks.AshAuthentication.AddStrategy.Okta.md): Adds Okta OIDC authentication to your user resource - [mix ash_authentication.add_strategy.otp](Mix.Tasks.AshAuthentication.AddStrategy.Otp.md): Adds one-time password (OTP) authentication to your user resource - [mix ash_authentication.add_strategy.password](Mix.Tasks.AshAuthentication.AddStrategy.Password.md): Adds password authentication to your user resource - [mix ash_authentication.add_strategy.recovery_code](Mix.Tasks.AshAuthentication.AddStrategy.RecoveryCode.md): Adds the recovery code authentication strategy - [mix ash_authentication.add_strategy.slack](Mix.Tasks.AshAuthentication.AddStrategy.Slack.md): Adds Slack OAuth authentication to your user resource - [mix ash_authentication.add_strategy.totp](Mix.Tasks.AshAuthentication.AddStrategy.Totp.md): Adds TOTP authentication to your user resource - [mix ash_authentication.add_strategy.webauthn](Mix.Tasks.AshAuthentication.AddStrategy.Webauthn.md): Adds WebAuthn/Passkey authentication to your user resource - [mix ash_authentication.install](Mix.Tasks.AshAuthentication.Install.md): Installs AshAuthentication. Invoke with `mix igniter.install ash_authentication`