View Source Change Log

All notable changes to this project will be documented in this file. See Conventional Commits for commit guidelines.

v4.0.4 (2024-09-01)

Bug Fixes:

• update types and formatter

• add secret values to config

• sort new fields

• sort new types

• properly set allow_nil for apple secrets

• credo and sobelow warnings

Improvements:

• add apple strategy (#750)

• add apple strategy

v4.0.3 (2024-08-22)

Bug Fixes:

• allow overriding strategy defaults (#766)

• bug where nil is not allowed but is returned from secret functions.

• add back in accidentally removed debug errors code (#768)

• set options earlier in magic link/oauth2

Improvements:

• avoid warning about comparison with nil

• set context in addition to tenant

• use no_depend_modules for better compile dependencies

• enable custom http_adapters (#760)

v4.0.2 (2024-08-05)

Bug Fixes:

• only pass the "token" parameter to reset with token action (#748)

• handle case where action.accept is nil

Improvements:

• validate that tokens are enabled when password resets are enabled. (#758)

• compile-time check to make sure that the configured token_resource is an Ash.Resource (#749)

• Tokens: improved compile-time validation of the token_resource option of the tokens DSL by checking that the passed value is an Ash.Resource.

• Tokens: removed unnecessary stuff from the test file.

• Tokens: fixed credo warning and changed some things after PR feedback

v4.0.1 (2024-06-11)

Bug Fixes:

• no need to allow_nil_input for an unaccepted field

• correctly generate sign-in tokens when requested.

• ensure tenant is set when revoking tokens and on changeset for updating

• broken links in readme (#692)

• broken links

• bug in tokens required verifier.

4.0.0 (2024-05-10)

Breaking Changes:

• Sign in tokens are enabled by default for the password strategy.

• Tokens are now enabled by default.

Bug Fixes:

• Jwt: Include authentication interaction context when storing tokens.

• Strategy.Password: Reset tokens are single use. (#625)

• Confirmation: Only allow the confirmation token to be used once. (#623)

Improvements:

• Only require tokens to be enabled when using a strategy which needs them.

• OIDC: Adjust dsl of OIDC reflect assent requirements (#538)

• Use Ash functions instead of generated domain functions.

v4.0.0-rc.7 (2024-05-10)

Bug Fixes:

• Jwt: Include authentication interaction context when storing tokens.

Improvements:

• Only require tokens to be enabled when using a strategy which needs them.

v4.0.0-rc.6 (2024-04-11)

Improvements:

• OIDC: Adjust dsl of OIDC reflect assent requirements (#538)

v4.0.0-rc.5 (2024-04-10)

Breaking Changes:

• Sign in tokens are enabled by default for the password strategy.

• Tokens are now enabled by default.

Bug Fixes:

• Strategy.Password: Reset tokens are single use. (#625)

v4.0.0-rc.4 (2024-04-09)

Improvements:

• Use Ash functions instead of generated domain functions.

v4.0.0-rc.3 (2024-04-08)

Bug Fixes:

• Confirmation: Only allow the confirmation token to be used once. (#623)

v4.0.0-rc.2 (2024-04-02)

Breaking Changes:

• Update to support Ash 3.0. (#599)

Bug Fixes:

• allow future versions of ash rc

• Jwt: Ignore pre-release versions verifying token versions.

Improvements:

• re-integrate ash_graphql and ash_json_api RCs.

v4.0.0-rc.1 (2024-04-01)

Improvements:

• re-integrate ash_graphql and ash_json_api RCs.

v4.0.0-rc.0 (2024-03-28)

Breaking Changes:

• Update to support Ash 3.0. (#599)

Bug Fixes:

• Jwt: Ignore pre-release versions verifying token versions.

v3.12.4 (2024-03-11)

Improvements:

• infer api from a resource

v3.12.3 (2024-02-20)

v3.12.2 (2024-01-30)

Bug Fixes:

• deps: mark ash_postgres as optional

Improvements:

• support atom keys for uid in addition to strings (#556)

v3.12.1 (2024-01-25)

Improvements:

• support atom keys for uid in addition to strings (#556)

v3.12.0 (2023-11-21)

Features:

• Add Google strategy (#474)

• Add Google strategy

Bug Fixes:

• include Google strategy cheat sheet

• Add documentation grouping for Google strategy

Improvements:

• Change redirect_uri secret to be more flexible (#473)

v3.11.16 (2023-10-25)

Bug Fixes:

• Change overwriting of refresh_token to not overwrite them with nil (#483)

Improvements:

• Add id as an option for sourcing uid for UserIdentity (#481)

v3.11.15 (2023-09-22)

Bug Fixes:

• ensure we aren't calling Map.take on nil

v3.11.14 (2023-09-22)

Bug Fixes:

• TokenResource: don't silently drop notifications about token removal. (#432)

v3.11.13 (2023-09-22)

Improvements:

• Allow all token lifetimes to be specified with a time unit.

v3.11.12 (2023-09-21)

Bug Fixes:

• include finch in the dependencies.

• deprecated mint httpadapter (#425)

v3.11.11 (2023-09-21)

Bug Fixes:

• include finch in the dependencies.

• deprecated mint httpadapter (#425)

v3.11.10 (2023-09-18)

Bug Fixes:

• only use sign in token expiration for sign in tokens (#424)

v3.11.9 (2023-09-17)

Bug Fixes:

• support generating tokens for other strategies.

Improvements:

• support generating sign in tokens on register (#421)

• support generating sign in tokens on register

v3.11.8 (2023-08-16)

Bug Fixes:

• correct spec for Jwt.token_for_user (#389)

v3.11.7 (2023-07-14)

Bug Fixes:

• ensure that the current_ atom exists at compile time. (#359)

v3.11.6 (2023-06-23)

Bug Fixes:

• fix Logger deprecations for elixir 1.15 (#343)

v3.11.5 (2023-06-18)

Bug Fixes:

• ConfirmationHookChange: use Info.find_strategy/2..3 rather than a hard coded strategy name. (#336)

v3.11.4 (2023-06-15)

Bug Fixes:

• primary keys are implicitly uniquely constrained. (#333)

v3.11.3 (2023-05-31)

Bug Fixes:

• duplicate mime type for "json".

v3.11.2 (2023-05-28)

Bug Fixes:

• Strategy.Password: Preparations should allow strategy to be passed in. (#314)

v3.11.1 (2023-05-04)

Bug Fixes:

• correct oauth2 and getting started typos (#267)

v3.11.0 (2023-05-04)

Features:

• OpenID Connect Strategy (#197)

• AshAuthentication.Strategy.Oidc: Add OpenID Connect strategy.

v3.10.8 (2023-04-28)

Bug Fixes:

• PasswordValidation should associate errors with the field being … (#279)

v3.10.7 (2023-04-28)

Improvements:

• run CI on pull requests

v3.10.6 (2023-04-09)

Improvements:

• require spark ~> 1.0 (#261)

v3.10.5 (2023-04-06)

Improvements:

• add sign in tokens to password strategy (#252)

• add sign in tokens to password strategy

• convert sign_in_with_token into an action.

v3.10.4 (2023-04-03)

Improvements:

• update spark (#254)

• update spark

v3.10.3 (2023-04-03)

Improvements:

• update spark (#254)

• update spark

v3.10.2 (2023-03-06)

Bug Fixes:

• respect identity_relationship_user_id_attribute on Strategy.OAuth2.IdentityChange (#213)

v3.10.1 (2023-03-06)

Bug Fixes:

• fix failing JWT tests because of bad version regex.

v3.10.0 (2023-03-04)

Breaking Changes:

• Configure accepted fields on register (#219)

v3.9.6 (2023-03-01)

Improvements:

• allow registration and sign in to be disabled on password strategies. (#218)

v3.9.5 (2023-02-23)

Improvements:

• support multiple otp apps w/resources (#209)

v3.9.4 (2023-02-22)

Improvements:

• PasswordConfirmationValidation: allow strategy_name to be passed as an option. (#208)

v3.9.3 (2023-02-19)

Bug Fixes:

• sign in preparation without identity resource (#198)

v3.9.2 (2023-02-12)

Bug Fixes:

• Password.Transformer: don't force users to define a hashed_password argument to the register action. (#192)

v3.9.1 (2023-02-12)

Bug Fixes:

• select hashed_password on sign in preparation

• don't allow special purpose tokens to be used for sign in. (#191)

Improvements:

• add select_for_senders (#189)

• add select_for_senders

• include metadata declaration on register action

v3.9.0 (2023-02-09)

Features:

• Add new "magic link" authentication strategy. (#184)

Bug Fixes:

• validate uniqueness of strategy names. (#185)

• resources can appear in multiple apis, so we need to uniq them here (#169)

• put_add_on/2 was putting into strategies

Improvements:

• Strategy.Custom: handle custom strategies as extensions. (#183)

• improve error message for badly formed token secrets (#181)

• add metadata declarations to actions that have a token (#164)

• validate signing secret is a string (#163)

v3.8.0 (2023-02-09)

Features:

• Add new "magic link" authentication strategy. (#184)

Bug Fixes:

• validate uniqueness of strategy names. (#185)

• resources can appear in multiple apis, so we need to uniq them here (#169)

• put_add_on/2 was putting into strategies

Improvements:

• Strategy.Custom: handle custom strategies as extensions. (#183)

• improve error message for badly formed token secrets (#181)

• add metadata declarations to actions that have a token (#164)

• validate signing secret is a string (#163)

v3.7.9 (2023-02-09)

Bug Fixes:

• validate uniqueness of strategy names. (#185)

• resources can appear in multiple apis, so we need to uniq them here (#169)

• put_add_on/2 was putting into strategies

Improvements:

• Strategy.Custom: handle custom strategies as extensions. (#183)

• improve error message for badly formed token secrets (#181)

• add metadata declarations to actions that have a token (#164)

• validate signing secret is a string (#163)

v3.7.8 (2023-02-08)

Bug Fixes:

• resources can appear in multiple apis, so we need to uniq them here (#169)

• put_add_on/2 was putting into strategies

Improvements:

• Strategy.Custom: handle custom strategies as extensions. (#183)

• improve error message for badly formed token secrets (#181)

• add metadata declarations to actions that have a token (#164)

• validate signing secret is a string (#163)

v3.7.7 (2023-02-06)

Bug Fixes:

• resources can appear in multiple apis, so we need to uniq them here (#169)

• put_add_on/2 was putting into strategies

Improvements:

• improve error message for badly formed token secrets (#181)

• add metadata declarations to actions that have a token (#164)

• validate signing secret is a string (#163)

v3.7.6 (2023-01-30)

Bug Fixes:

• resources can appear in multiple apis, so we need to uniq them here (#169)

• put_add_on/2 was putting into strategies

Improvements:

• add metadata declarations to actions that have a token (#164)

• validate signing secret is a string (#163)

v3.7.5 (2023-01-30)

Improvements:

• add metadata declarations to actions that have a token (#164)

• validate signing secret is a string (#163)

v3.7.4 (2023-01-30)

Improvements:

• validate signing secret is a string (#163)

v3.7.3 (2023-01-18)

Bug Fixes:

• Password: validate fields using both methods of allowing nil input. (#151)

v3.7.2 (2023-01-18)

Improvements:

• AuthenticationFailed: store a caused_by value in authentication failures. (#145)

v3.7.1 (2023-01-18)

Improvements:

• update ash & switch to new docs patterns (#146)

v3.7.0 (2023-01-18)

Features:

• PasswordValidation: Add a validation which can check a password. (#144)

v3.6.1 (2023-01-15)

Bug Fixes:

• don't call hash_provider.valid? on nil values (#135)

• use configured hashed_password_field

Improvements:

• set confirmed field to nil, for reconfirmation (#136)

• set confirmed field to nil, for reconfirmation

• only change confirmed_at_field if its not changing, and only on updates

v3.6.0 (2023-01-13)

Breaking Changes:

• TokenResource: Store the token subject in the token resource. (#133)

• TokenResource: Store the token subject in the token resource.

Bug Fixes:

• don't call hash_provider.valid? on nil values (#135)

• use configured hashed_password_field

v3.5.3 (2023-01-13)

Bug Fixes:

• Confirmation: send the original changeset to confirmation senders. (#132)

v3.5.2 (2023-01-12)

Improvements:

• add user context when creating tokens (#129)

v3.5.1 (2023-01-12)

Bug Fixes:

• missing icons in OAuth2 strategies. (#126)

v3.5.0 (2023-01-12)

Breaking Changes:

• GitHub: Add GitHub authentication strategy. (#125)

v3.4.2 (2023-01-12)

Bug Fixes:

• improve some error message/validation logic

Improvements:

• add policy utilities and accompanying guide (#119)

• add policy utilities and accompanying guide

• fix build/warnings/dialyzer/format

v3.4.1 (2023-01-12)

Bug Fixes:

• Confirmation: correctly generate confirmation token subjects. (#124)

v3.4.0 (2023-01-11)

Features:

• Add token-required-for-authentication feature. (#116)

v3.3.1 (2023-01-09)

Improvements:

• Set Ash actor and tenant when executing internal plugs. (#115)

v3.3.0 (2023-01-09)

Features:

• Make strategy names optional where possible. (#113)

v3.2.2 (2023-01-08)

Improvements:

• Allow the strategy name to be passed for password validations and changes. (#102)

v3.2.1 (2022-12-16)

Improvements:

• add icon field to OAuth2 strategy. (#100)

v3.2.0 (2022-12-16)

Features:

• Auth0: Add a pre-configured Auth0 strategy. (#99)

v3.1.0 (2022-12-14)

Breaking Changes:

• Jwt: Use token signing secret into the DSL.

Features:

• Add option to store all tokens when they're created. (#91)

Improvements:

• remove the need for a strategy in changeset/query contexts. (#89)

• add transaction reason

• try a simpler way of ensuring module is compiled

v3.0.4 (2022-12-08)

Improvements:

• update to latest ash version

v3.0.3 (2022-12-07)

Bug Fixes:

• break potential compiler dependency loops. (#64)

v3.0.2 (2022-12-05)

Improvements:

• supervisor: require that the user adds the supervisor to their OTP app. (#62)

v3.0.1 (2022-12-05)

Improvements:

• actions: All actions now take optional arguments for the underlying API call. (#61)

v3.0.0 (2022-12-04)

Breaking Changes:

• TokenResource: Move TokenRevocation -> TokenResource.

Improvements:

• Confirmation: Store confirmation changes in the token resource.

v2.0.1 (2022-11-24)

Improvements:

• Confirmation: Confirmation is not a strategy. (#46)

• Confirmation: Confirmation is not a strategy.

• Confirmation: Support more than one confirmation entity.

v2.0.0 (2022-11-22)

Breaking Changes:

• Major redesign of DSL and code structure. (#35)

v1.0.0 (2022-11-15)

Breaking Changes:

• OAuth2Authentication: Make the site option runtime configurable. (#31)

v0.6.1 (2022-11-15)

Bug Fixes:

• OAuth2Authentication: Return the failure reason even if it's not a changeset. (#29)

v0.6.0 (2022-11-10)

Features:

• OAuth2Authentication: Add support for generic OAuth2 endpoints. (#28)

v0.5.0 (2022-11-04)

Features:

• Confirmation: Add extension that allows a user to be confirmed when created or updated. (#27)

v0.4.3 (2022-11-03)

Improvements:

• docs: Improve endpoint docs for PasswordAuthentication and PasswordReset.

v0.4.2 (2022-11-03)

Bug Fixes:

• PasswordReset: Generate the reset token using the target action, not the source action. (#25)

• PasswordReset: Generate the reset token using the target action, not the source action.

Improvements:

• PasswordReset: rework PasswordReset to be a provider in it's own right - this means it has it's own routes, etc.

v0.4.1 (2022-11-03)

Improvements:

• PasswordReset: A reset request is actually a query, not an update. (#23)

v0.4.0 (2022-11-02)

Features:

• PasswordReset: allow users to request and reset their password. (#22)

v0.3.0 (2022-10-31)

Features:

• Ash.PlugHelpers: Support standard actor configuration. (#16)

• Ash.PlugHelpers: Support standard actor configuration.

Improvements:

• docs: change all references to actor to user.

v0.2.1 (2022-10-26)

Bug Fixes:

• deprecation warnings caused by use of Macro.expand_literal/2.

Improvements:

• move subject_name uniqueness validation to compile time.

• remove generated: true from macros.

v0.2.0 (2022-10-24)

Features:

• PasswordAuthentication: Registration and authentication with local credentials (#4)

v0.1.0 (2022-09-27)