View Source Change Log
All notable changes to this project will be documented in this file. See Conventional Commits for commit guidelines.
v4.3.6 (2024-12-20)
Improvements:
make igniter optional
store all tokens by default in generators
v4.3.5 (2024-12-12)
Bug Fixes:
ensure that
auto_confirm_actions
does not overrideinclude tenant when checking identity conflicts
handle tokens without a primary key encoded in sub, using
identity
Improvements:
- allow setting identity field to allow nil with password
v4.3.4 (2024-12-02)
Bug Fixes:
ensure tenant is passed through on password reset request
invalidate magic link sign in on invalid token
pass opts to confirm action invocations
Improvements:
add primary read action to users resource for atomic upgrade
auto confirm on sign in with magic link in generators
Add opts to retrieve funs of AshAuthentication.Plug.Helpers (#847)
v4.3.3 (2024-11-14)
Bug Fixes:
- Use correct typespec for
AshAuthentication.Sender.send/3
callback (#836)
v4.3.2 (2024-11-13)
Bug Fixes:
- The documentation says that we ignore sender returns, so we need to ignore them. (#838)
v4.3.1 (2024-11-12)
Bug Fixes:
RequestPasswordReset: fails when action called directly. (#833)
ash_authentication.add_strategy: Generated password reset action names did not match the defaults. (#834)
confirmation warning 'changeset has already been validated for action'
v4.3.0 (2024-11-05)
Features:
Strategy.Slack: Add direct support for Slack strategy. (#825)
Strategy.Slack: Add direct support for Slack strategy.
Bug Fixes:
handle igniter/rewrite upgrades
set sign_in_with_token action name properly
v4.2.7 (2024-11-01)
Bug Fixes:
- changeattribute -> force* to eliminate waring
v4.2.6 (2024-10-31)
Improvements:
- run codegen after adding an auth strategy
v4.2.5 (2024-10-23)
Bug Fixes:
- proper error instead of match error on not found user
v4.2.4 (2024-10-23)
Bug Fixes:
- generate link using
confirm
instead oftoken
in the generators
v4.2.3 (2024-10-19)
Bug Fixes:
respond to
--auth-strategy
option in installerissues with OIDC strategy (#800)
v4.2.2 (2024-10-15)
Improvements:
support registration via magic link (#796)
support registration via magic link
prevent account takeover hijacking by protecting against upserts against unconfirmed records
add confirmation add on when identity_field is email
implement our own identity checking instead of relying on eager_check
v4.2.1 (2024-10-14)
Improvements:
- update igniter
v4.2.0 (2024-10-07)
Features:
- add_strategy task (#794)
Improvements:
add
ash_authentication.add_strategy
taskadd atomic implementations for various changes/validations
support
--auth-strategy
option when installing
v4.1.0 (2024-10-06)
Features:
- Add AshAuthentication igniter installer (#782)
Bug Fixes:
handle options properly for subect to user (#786)
setup options properly for ash 3.0 (#785)
Improvements:
- igniter installer for user & user token resources
v4.0.4 (2024-09-01)
Bug Fixes:
update types and formatter
add secret values to config
sort new fields
sort new types
properly set allow_nil for apple secrets
credo and sobelow warnings
Improvements:
add apple strategy (#750)
add apple strategy
v4.0.3 (2024-08-22)
Bug Fixes:
allow overriding strategy defaults (#766)
bug where
nil
is not allowed but is returned from secret functions.add back in accidentally removed debug errors code (#768)
set options earlier in magic link/oauth2
Improvements:
avoid warning about comparison with
nil
set context in addition to tenant
use
no_depend_modules
for better compile dependenciesenable custom
http_adapters
(#760)
v4.0.2 (2024-08-05)
Bug Fixes:
only pass the "token" parameter to reset with token action (#748)
handle case where
action.accept
isnil
Improvements:
validate that tokens are enabled when password resets are enabled. (#758)
compile-time check to make sure that the configured
token_resource
is an Ash.Resource (#749)Tokens: improved compile-time validation of the token_resource option of the tokens DSL by checking that the passed value is an Ash.Resource.
Tokens: removed unnecessary stuff from the test file.
Tokens: fixed credo warning and changed some things after PR feedback
v4.0.1 (2024-06-11)
Bug Fixes:
no need to
allow_nil_input
for an unaccepted fieldcorrectly generate sign-in tokens when requested.
ensure tenant is set when revoking tokens and on changeset for updating
broken links in readme (#692)
broken links
bug in tokens required verifier.
4.0.0 (2024-05-10)
Breaking Changes:
Sign in tokens are enabled by default for the password strategy.
Tokens are now enabled by default.
Bug Fixes:
Jwt: Include authentication interaction context when storing tokens.
Strategy.Password: Reset tokens are single use. (#625)
Confirmation: Only allow the confirmation token to be used once. (#623)
Improvements:
Only require tokens to be enabled when using a strategy which needs them.
OIDC: Adjust dsl of OIDC reflect assent requirements (#538)
Use
Ash
functions instead of generated domain functions.
v4.0.0-rc.7 (2024-05-10)
Bug Fixes:
- Jwt: Include authentication interaction context when storing tokens.
Improvements:
- Only require tokens to be enabled when using a strategy which needs them.
v4.0.0-rc.6 (2024-04-11)
Improvements:
- OIDC: Adjust dsl of OIDC reflect assent requirements (#538)
v4.0.0-rc.5 (2024-04-10)
Breaking Changes:
Sign in tokens are enabled by default for the password strategy.
Tokens are now enabled by default.
Bug Fixes:
- Strategy.Password: Reset tokens are single use. (#625)
v4.0.0-rc.4 (2024-04-09)
Improvements:
- Use
Ash
functions instead of generated domain functions.
v4.0.0-rc.3 (2024-04-08)
Bug Fixes:
- Confirmation: Only allow the confirmation token to be used once. (#623)
v4.0.0-rc.2 (2024-04-02)
Breaking Changes:
- Update to support Ash 3.0. (#599)
Bug Fixes:
allow future versions of ash rc
Jwt: Ignore pre-release versions verifying token versions.
Improvements:
- re-integrate ash_graphql and ash_json_api RCs.
v4.0.0-rc.1 (2024-04-01)
Improvements:
- re-integrate ash_graphql and ash_json_api RCs.
v4.0.0-rc.0 (2024-03-28)
Breaking Changes:
- Update to support Ash 3.0. (#599)
Bug Fixes:
- Jwt: Ignore pre-release versions verifying token versions.
v3.12.4 (2024-03-11)
Improvements:
- infer
api
from a resource
v3.12.3 (2024-02-20)
v3.12.2 (2024-01-30)
Bug Fixes:
- deps: mark ash_postgres as optional
Improvements:
- support atom keys for uid in addition to strings (#556)
v3.12.1 (2024-01-25)
Improvements:
- support atom keys for uid in addition to strings (#556)
v3.12.0 (2023-11-21)
Features:
Add Google strategy (#474)
Add Google strategy
Bug Fixes:
include Google strategy cheat sheet
Add documentation grouping for Google strategy
Improvements:
- Change redirect_uri secret to be more flexible (#473)
v3.11.16 (2023-10-25)
Bug Fixes:
- Change overwriting of refresh_token to not overwrite them with nil (#483)
Improvements:
- Add id as an option for sourcing uid for UserIdentity (#481)
v3.11.15 (2023-09-22)
Bug Fixes:
- ensure we aren't calling
Map.take
onnil
v3.11.14 (2023-09-22)
Bug Fixes:
- TokenResource: don't silently drop notifications about token removal. (#432)
v3.11.13 (2023-09-22)
Improvements:
- Allow all token lifetimes to be specified with a time unit.
v3.11.12 (2023-09-21)
Bug Fixes:
include
finch
in the dependencies.deprecated mint httpadapter (#425)
v3.11.11 (2023-09-21)
Bug Fixes:
include
finch
in the dependencies.deprecated mint httpadapter (#425)
v3.11.10 (2023-09-18)
Bug Fixes:
- only use sign in token expiration for sign in tokens (#424)
v3.11.9 (2023-09-17)
Bug Fixes:
- support generating tokens for other strategies.
Improvements:
support generating sign in tokens on register (#421)
support generating sign in tokens on register
v3.11.8 (2023-08-16)
Bug Fixes:
- correct spec for
Jwt.token_for_user
(#389)
v3.11.7 (2023-07-14)
Bug Fixes:
- ensure that the
current_
atom exists at compile time. (#359)
v3.11.6 (2023-06-23)
Bug Fixes:
- fix Logger deprecations for elixir 1.15 (#343)
v3.11.5 (2023-06-18)
Bug Fixes:
- ConfirmationHookChange: use
Info.find_strategy/2..3
rather than a hard coded strategy name. (#336)
v3.11.4 (2023-06-15)
Bug Fixes:
- primary keys are implicitly uniquely constrained. (#333)
v3.11.3 (2023-05-31)
Bug Fixes:
- duplicate mime type for "json".
v3.11.2 (2023-05-28)
Bug Fixes:
- Strategy.Password: Preparations should allow strategy to be passed in. (#314)
v3.11.1 (2023-05-04)
Bug Fixes:
- correct oauth2 and getting started typos (#267)
v3.11.0 (2023-05-04)
Features:
OpenID Connect Strategy (#197)
AshAuthentication.Strategy.Oidc: Add OpenID Connect strategy.
v3.10.8 (2023-04-28)
Bug Fixes:
- PasswordValidation should associate errors with the field being ⦠(#279)
v3.10.7 (2023-04-28)
Improvements:
- run CI on pull requests
v3.10.6 (2023-04-09)
Improvements:
- require spark ~> 1.0 (#261)
v3.10.5 (2023-04-06)
Improvements:
add sign in tokens to password strategy (#252)
add sign in tokens to password strategy
convert
sign_in_with_token
into an action.
v3.10.4 (2023-04-03)
Improvements:
update spark (#254)
update spark
v3.10.3 (2023-04-03)
Improvements:
update spark (#254)
update spark
v3.10.2 (2023-03-06)
Bug Fixes:
- respect
identity_relationship_user_id_attribute
onStrategy.OAuth2.IdentityChange
(#213)
v3.10.1 (2023-03-06)
Bug Fixes:
- fix failing JWT tests because of bad version regex.
v3.10.0 (2023-03-04)
Breaking Changes:
- Configure accepted fields on register (#219)
v3.9.6 (2023-03-01)
Improvements:
- allow registration and sign in to be disabled on password strategies. (#218)
v3.9.5 (2023-02-23)
Improvements:
- support multiple otp apps w/resources (#209)
v3.9.4 (2023-02-22)
Improvements:
- PasswordConfirmationValidation: allow
strategy_name
to be passed as an option. (#208)
v3.9.3 (2023-02-19)
Bug Fixes:
- sign in preparation without identity resource (#198)
v3.9.2 (2023-02-12)
Bug Fixes:
- Password.Transformer: don't force users to define a
hashed_password
argument to the register action. (#192)
v3.9.1 (2023-02-12)
Bug Fixes:
select
hashed_password
on sign in preparationdon't allow special purpose tokens to be used for sign in. (#191)
Improvements:
add select_for_senders (#189)
add select_for_senders
include metadata declaration on register action
v3.9.0 (2023-02-09)
Features:
- Add new "magic link" authentication strategy. (#184)
Bug Fixes:
validate uniqueness of strategy names. (#185)
resources can appear in multiple apis, so we need to uniq them here (#169)
put_add_on/2 was putting into strategies
Improvements:
Strategy.Custom: handle custom strategies as extensions. (#183)
improve error message for badly formed token secrets (#181)
add metadata declarations to actions that have a
token
(#164)validate signing secret is a string (#163)
v3.8.0 (2023-02-09)
Features:
- Add new "magic link" authentication strategy. (#184)
Bug Fixes:
validate uniqueness of strategy names. (#185)
resources can appear in multiple apis, so we need to uniq them here (#169)
put_add_on/2 was putting into strategies
Improvements:
Strategy.Custom: handle custom strategies as extensions. (#183)
improve error message for badly formed token secrets (#181)
add metadata declarations to actions that have a
token
(#164)validate signing secret is a string (#163)
v3.7.9 (2023-02-09)
Bug Fixes:
validate uniqueness of strategy names. (#185)
resources can appear in multiple apis, so we need to uniq them here (#169)
put_add_on/2 was putting into strategies
Improvements:
Strategy.Custom: handle custom strategies as extensions. (#183)
improve error message for badly formed token secrets (#181)
add metadata declarations to actions that have a
token
(#164)validate signing secret is a string (#163)
v3.7.8 (2023-02-08)
Bug Fixes:
resources can appear in multiple apis, so we need to uniq them here (#169)
put_add_on/2 was putting into strategies
Improvements:
Strategy.Custom: handle custom strategies as extensions. (#183)
improve error message for badly formed token secrets (#181)
add metadata declarations to actions that have a
token
(#164)validate signing secret is a string (#163)
v3.7.7 (2023-02-06)
Bug Fixes:
resources can appear in multiple apis, so we need to uniq them here (#169)
put_add_on/2 was putting into strategies
Improvements:
improve error message for badly formed token secrets (#181)
add metadata declarations to actions that have a
token
(#164)validate signing secret is a string (#163)
v3.7.6 (2023-01-30)
Bug Fixes:
resources can appear in multiple apis, so we need to uniq them here (#169)
put_add_on/2 was putting into strategies
Improvements:
add metadata declarations to actions that have a
token
(#164)validate signing secret is a string (#163)
v3.7.5 (2023-01-30)
Improvements:
add metadata declarations to actions that have a
token
(#164)validate signing secret is a string (#163)
v3.7.4 (2023-01-30)
Improvements:
- validate signing secret is a string (#163)
v3.7.3 (2023-01-18)
Bug Fixes:
- Password: validate fields using both methods of allowing nil input. (#151)
v3.7.2 (2023-01-18)
Improvements:
- AuthenticationFailed: store a
caused_by
value in authentication failures. (#145)
v3.7.1 (2023-01-18)
Improvements:
- update ash & switch to new docs patterns (#146)
v3.7.0 (2023-01-18)
Features:
- PasswordValidation: Add a validation which can check a password. (#144)
v3.6.1 (2023-01-15)
Bug Fixes:
don't call
hash_provider.valid?
onnil
values (#135)use configured hashed_password_field
Improvements:
set confirmed field to
nil
, for reconfirmation (#136)set confirmed field to
nil
, for reconfirmationonly change
confirmed_at_field
if its not changing, and only on updates
v3.6.0 (2023-01-13)
Breaking Changes:
TokenResource: Store the token subject in the token resource. (#133)
TokenResource: Store the token subject in the token resource.
Bug Fixes:
don't call
hash_provider.valid?
onnil
values (#135)use configured hashed_password_field
v3.5.3 (2023-01-13)
Bug Fixes:
- Confirmation: send the original changeset to confirmation senders. (#132)
v3.5.2 (2023-01-12)
Improvements:
- add user context when creating tokens (#129)
v3.5.1 (2023-01-12)
Bug Fixes:
- missing icons in OAuth2 strategies. (#126)
v3.5.0 (2023-01-12)
Breaking Changes:
- GitHub: Add GitHub authentication strategy. (#125)
v3.4.2 (2023-01-12)
Bug Fixes:
- improve some error message/validation logic
Improvements:
add policy utilities and accompanying guide (#119)
add policy utilities and accompanying guide
fix build/warnings/dialyzer/format
v3.4.1 (2023-01-12)
Bug Fixes:
- Confirmation: correctly generate confirmation token subjects. (#124)
v3.4.0 (2023-01-11)
Features:
- Add token-required-for-authentication feature. (#116)
v3.3.1 (2023-01-09)
Improvements:
- Set Ash actor and tenant when executing internal plugs. (#115)
v3.3.0 (2023-01-09)
Features:
- Make strategy names optional where possible. (#113)
v3.2.2 (2023-01-08)
Improvements:
- Allow the strategy name to be passed for password validations and changes. (#102)
v3.2.1 (2022-12-16)
Improvements:
- add
icon
field to OAuth2 strategy. (#100)
v3.2.0 (2022-12-16)
Features:
- Auth0: Add a pre-configured Auth0 strategy. (#99)
v3.1.0 (2022-12-14)
Breaking Changes:
- Jwt: Use token signing secret into the DSL.
Features:
- Add option to store all tokens when they're created. (#91)
Improvements:
remove the need for a strategy in changeset/query contexts. (#89)
add transaction reason
try a simpler way of ensuring module is compiled
v3.0.4 (2022-12-08)
Improvements:
- update to latest ash version
v3.0.3 (2022-12-07)
Bug Fixes:
- break potential compiler dependency loops. (#64)
v3.0.2 (2022-12-05)
Improvements:
- supervisor: require that the user adds the supervisor to their OTP app. (#62)
v3.0.1 (2022-12-05)
Improvements:
- actions: All actions now take optional arguments for the underlying API call. (#61)
v3.0.0 (2022-12-04)
Breaking Changes:
- TokenResource: Move
TokenRevocation
->TokenResource
.
Improvements:
- Confirmation: Store confirmation changes in the token resource.
v2.0.1 (2022-11-24)
Improvements:
Confirmation: Confirmation is not a strategy. (#46)
Confirmation: Confirmation is not a strategy.
Confirmation: Support more than one confirmation entity.
v2.0.0 (2022-11-22)
Breaking Changes:
- Major redesign of DSL and code structure. (#35)
v1.0.0 (2022-11-15)
Breaking Changes:
- OAuth2Authentication: Make the
site
option runtime configurable. (#31)
v0.6.1 (2022-11-15)
Bug Fixes:
- OAuth2Authentication: Return the failure reason even if it's not a changeset. (#29)
v0.6.0 (2022-11-10)
Features:
- OAuth2Authentication: Add support for generic OAuth2 endpoints. (#28)
v0.5.0 (2022-11-04)
Features:
- Confirmation: Add extension that allows a user to be confirmed when created or updated. (#27)
v0.4.3 (2022-11-03)
Improvements:
- docs: Improve endpoint docs for PasswordAuthentication and PasswordReset.
v0.4.2 (2022-11-03)
Bug Fixes:
PasswordReset: Generate the reset token using the target action, not the source action. (#25)
PasswordReset: Generate the reset token using the target action, not the source action.
Improvements:
- PasswordReset: rework PasswordReset to be a provider in it's own right - this means it has it's own routes, etc.
v0.4.1 (2022-11-03)
Improvements:
- PasswordReset: A reset request is actually a query, not an update. (#23)
v0.4.0 (2022-11-02)
Features:
- PasswordReset: allow users to request and reset their password. (#22)
v0.3.0 (2022-10-31)
Features:
Ash.PlugHelpers: Support standard actor configuration. (#16)
Ash.PlugHelpers: Support standard actor configuration.
Improvements:
- docs: change all references to
actor
touser
.
v0.2.1 (2022-10-26)
Bug Fixes:
- deprecation warnings caused by use of
Macro.expand_literal/2
.
Improvements:
move subject_name uniqueness validation to compile time.
remove
generated: true
from macros.
v0.2.0 (2022-10-24)
Features:
- PasswordAuthentication: Registration and authentication with local credentials (#4)