AshAuthentication.AddOn.LogOutEverywhere

View Source

Log out everywhere support.

Sometimes it's necessary to be able to invalidate all of a user's sessions with a single action. This add-on provides this functionality.

In order to use this feature the following features must be enabled:

  1. Tokens must be enabled.
  2. The authentication.tokens.store_all_tokens? option is enabled.
  3. The authentication.tokens.require_token_presence_for_authentication? option is enabled.
  4. For the apply_on_password_change? option, at least one password strategy must be enabled.

Example

defmodule MyApp.Accounts.User do
  use Ash.Resource,
    extensions: [AshAuthentication],
    domain: MyApp.Accounts

  authentication do
    tokens do
      enabled? true
      store_all_tokens? true
      require_token_presence_for_authentication? true
    end

    add_ons do
      log_out_everywhere do
        apply_on_password_change? true
      end
    end

Actions

By default the add-on will add a log_out_everywhere action which reverts all the existing non-expired tokens for the user in question.

Example

iex> strategy = Info.strategy!(Example.User, :log_out_everywhere)
...> {:ok, user} = Strategy.action(strategy, :log_out_everywhere, %{"user_id" => user_id()})
...> user.id == user_id()
true

authentication.add_ons.log_out_everywhere

log_out_everywhere name \\ :log_out_everywhere

Log out everywhere add-on

Arguments

NameTypeDefaultDocs
nameatomUniquely identifies the add-on

Options

NameTypeDefaultDocs
action_nameatom:log_out_everywhereThe name of the action to generate.
argument_nameatom:userThe name of the user argument to the :log_out_everywhere action.
include_purposeslist(String.t)Limit the list of token purposes for which tokens will be revoked to those in this list, except those in exclude_token_purposes.
exclude_purposeslist(String.t)["revocation"]Don't revoke tokens with these purposes when logging a user out everywhere.
apply_on_password_change?booleanfalseAutomatically log out all active sessions whenever a password is changed.

Introspection

Target: AshAuthentication.AddOn.LogOutEverywhere