AshAuthentication.Phoenix.Controller behaviour (ash_authentication_phoenix v2.12.2)
View SourceThe authentication controller generator.
Since authentication often requires explicit HTTP requests to do things like
set cookies or return Authorization headers, use this module to create an
AuthController in your Phoenix application.
Example
Handling the registration or authentication of a normal web-based user.
defmodule MyAppWeb.AuthController do
use MyAppWeb, :controller
use AshAuthentication.Phoenix.Controller
def success(conn, _activity, user, _token) do
conn
|> store_in_session(user)
|> assign(:current_user, user)
|> redirect(to: Routes.page_path(conn, :index))
end
def failure(conn, _activity, _reason) do
conn
|> put_status(401)
|> render("failure.html")
end
def sign_out(conn, _params) do
conn
|> clear_session(:my_otp_app)
|> render("sign_out.html")
end
@remember_me_cookie_options [
http_only: true, # prevents the cookie from being accessed by JavaScript
secure: true, # only send the cookie over HTTPS
same_site: "Lax" # prevents the cookie from being sent with cross-site requests
]
def put_remember_me_cookie(conn, cookie_name, cookie_value, max_age) do
cookie_options = Keyword.put(@remember_me_cookie_options, :max_age, max_age)
conn
|> put_resp_cookie(cookie_name, cookie_value, cookie_options)
end
def delete_remember_me_cookie(conn, cookie_name) do
cookie_options = Keyword.put(@remember_me_cookie_options, :max_age, 0)
conn
|> delete_resp_cookie(cookie_name, cookie_options)
end
endHandling registration or authentication of an API user.
defmodule MyAppWeb.ApiAuthController do
use MyAppWeb, :controller
use AshAuthentication.Phoenix.Controller
alias AshAuthentication.TokenRevocation
def success(conn, _activity, _user, token) do
conn
|> put_status(200)
|> json(%{
authentication: %{
status: :success,
bearer: token}
})
end
def failure(conn, _activity, _reason) do
conn
|> put_status(401)
|> json(%{
authentication: %{
status: :failed
}
})
end
def sign_out(conn, _params) do
conn
|> revoke_bearer_tokens()
|> json(%{
status: :ok
})
end
endSummary
Callbacks
Called when a request is made to delete a remember me cookie.
Called when authentication fails.
Called when a request is made to set a remember me cookie.
Called when a request to sign out is received.
Called when authentication (or registration, depending on the provider) has been successful.
Functions
Clears the session and revokes bearer and session tokens.
Types
Callbacks
@callback delete_remember_me_cookie(Plug.Conn.t(), String.t()) :: Plug.Conn.t()
Called when a request is made to delete a remember me cookie.
@callback failure(Plug.Conn.t(), activity(), reason :: any()) :: Plug.Conn.t()
Called when authentication fails.
@callback put_remember_me_cookie(Plug.Conn.t(), String.t(), map()) :: Plug.Conn.t()
Called when a request is made to set a remember me cookie.
@callback sign_out(Plug.Conn.t(), params :: map()) :: Plug.Conn.t()
Called when a request to sign out is received.
@callback success(Plug.Conn.t(), activity(), user(), token()) :: Plug.Conn.t()
Called when authentication (or registration, depending on the provider) has been successful.