View Source DSL: AshAuthentication.Strategy.Apple
Strategy for authenticating using Apple Sign In
This strategy builds on-top of AshAuthentication.Strategy.Oidc
and
assent
.
In order to use Apple Sign In you need to provide the following minimum configuration:
client_id
team_id
private_key_id
private_key_path
redirect_uri
More documentation:
authentication.strategies.apple
apple name \\ :apple
Provides a pre-configured authentication strategy for Apple Sign In.
This strategy is built using the :oidc
strategy, and thus provides all the same
configuration options should you need them.
More documentation:
Strategy defaults:
The following defaults are applied:
:base_url
is set to"https://appleid.apple.com"
.:openid_configuration
is set to%{"authorization_endpoint" => "https://appleid.apple.com/auth/authorize", "issuer" => "https://appleid.apple.com", "jwks_uri" => "https://appleid.apple.com/auth/keys", "token_endpoint" => "https://appleid.apple.com/auth/token", "token_endpoint_auth_methods_supported" => ["client_secret_post"]}
.:authorization_params
is set to[scope: "email", response_mode: "form_post"]
.:client_authentication_method
is set to"client_secret_post"
.:openid_default_scope
is set to""
.
Arguments
Name | Type | Default | Docs |
---|---|---|---|
name | atom | Uniquely identifies the strategy. |
Options
Name | Type | Default | Docs |
---|---|---|---|
client_id | (any, any -> any) | module | String.t | The OAuth2 client ID. Takes either a module which implements the AshAuthentication.Secret behaviour, a 2 arity anonymous function or a string. | |
redirect_uri | (any, any -> any) | module | String.t | The callback URI base. Not the whole URI back to the callback endpoint, but the URI to your AuthPlug . Takes either a module which implements the AshAuthentication.Secret behaviour, a 2 arity anonymous function or a string. | |
team_id | (any, any -> any) | module | String.t | The Apple team ID associated with the application. | |
private_key_id | (any, any -> any) | module | String.t | The private key ID used for signing the JWT token. | |
private_key_path | (any, any -> any) | module | String.t | The path to the private key file used for signing the JWT token. | |
site | (any, any -> any) | module | String.t | Deprecated: Use base_url instead. | |
prevent_hijacking? | boolean | true | Requires a confirmation add_on to be present if the password strategy is used with the same identity_field. |
auth_method | nil | :client_secret_basic | :client_secret_post | :client_secret_jwt | :private_key_jwt | :client_secret_post | The authentication strategy used, optional. If not set, no authentication will be used during the access token request. |
client_secret | (any, any -> any) | module | String.t | The OAuth2 client secret. Required if :auth_method is :client_secret_basic , :client_secret_post or :client_secret_jwt . Takes either a module which implements the AshAuthentication.Secret behaviour, a 2 arity anonymous function or a string. | |
trusted_audiences | (any, any -> any) | module | list(any) | nil | A list of audiences which are trusted. Takes either a module which implements the AshAuthentication.Secret behaviour, a 2 arity anonymous function or a string. | |
private_key | (any, any -> any) | module | String.t | The private key to use if :auth_method is :private_key_jwt . Takes either a module which implements the AshAuthentication.Secret behaviour, a 2 arity anonymous function or a string. | |
registration_enabled? | boolean | true | If enabled, new users will be able to register for your site when authenticating and not already present. If not, only existing users will be able to authenticate. |
register_action_name | atom | The name of the action to use to register a user, if registration_enabled? is true . Defaults to register_with_<name> See the "Registration and Sign-in" section of the strategy docs for more. | |
sign_in_action_name | atom | The name of the action to use to sign in an existing user, if sign_in_enabled? is true . Defaults to sign_in_with_<strategy> , which is generated for you by default. See the "Registration and Sign-in" section of the strategy docs for more information. | |
identity_resource | module | false | false | The resource used to store user identities, or false to disable. See the User Identities section of the strategy docs for more. |
identity_relationship_name | atom | :identities | Name of the relationship to the provider identities resource |
identity_relationship_user_id_attribute | atom | :user_id | The name of the destination (user_id) attribute on your provider identity resource. Only necessary if you've changed the user_id_attribute_name option of the provider identity. |
openid_configuration_uri | String.t | "/.well-known/openid-configuration" | The URI for the OpenID provider |
id_token_signed_response_alg | "HS256" | "HS384" | "HS512" | "RS256" | "RS384" | "RS512" | "ES256" | "ES384" | "ES512" | "PS256" | "PS384" | "PS512" | "Ed25519" | "Ed25519ph" | "Ed448" | "Ed448ph" | "EdDSA" | "RS256" | The id_token_signed_response_alg parameter sent by the Client during Registration. |
id_token_ttl_seconds | nil | pos_integer | The number of seconds from iat that an ID Token will be considered valid. | |
nonce | boolean | (any, any -> any) | module | String.t | true | A function for generating the session nonce, true to automatically generate it with AshAuthentication.Strategy.Oidc.NonceGenerator , or false to disable. |