AshAuthentication.AddOn.LogOutEverywhere
View SourceLog out everywhere support.
Sometimes it's necessary to be able to invalidate all of a user's sessions with a single action. This add-on provides this functionality.
In order to use this feature the following features must be enabled:
- Tokens must be enabled.
- The
authentication.tokens.store_all_tokens?
option is enabled. - The
authentication.tokens.require_token_presence_for_authentication?
option is enabled. - For the
apply_on_password_change?
option, at least one password strategy must be enabled.
Example
defmodule MyApp.Accounts.User do
use Ash.Resource,
extensions: [AshAuthentication],
domain: MyApp.Accounts
authentication do
tokens do
enabled? true
store_all_tokens? true
require_token_presence_for_authentication? true
end
add_ons do
log_out_everywhere do
apply_on_password_change? true
end
end
Actions
By default the add-on will add a log_out_everywhere
action which reverts all
the existing non-expired tokens for the user in question.
Example
iex> strategy = Info.strategy!(Example.User, :log_out_everywhere)
...> {:ok, user} = Strategy.action(strategy, :log_out_everywhere, %{"user_id" => user_id()})
...> user.id == user_id()
true
authentication.add_ons.log_out_everywhere
log_out_everywhere name \\ :log_out_everywhere
Log out everywhere add-on
Arguments
Name | Type | Default | Docs |
---|---|---|---|
name | atom | Uniquely identifies the add-on |
Options
Name | Type | Default | Docs |
---|---|---|---|
action_name | atom | :log_out_everywhere | The name of the action to generate. |
argument_name | atom | :user | The name of the user argument to the :log_out_everywhere action. |
include_purposes | list(String.t) | Limit the list of token purposes for which tokens will be revoked to those in this list, except those in exclude_token_purposes . | |
exclude_purposes | list(String.t) | ["revocation"] | Don't revoke tokens with these purposes when logging a user out everywhere. |
apply_on_password_change? | boolean | false | Automatically log out all active sessions whenever a password is changed. |