# `EzAuth.Accounts`
[🔗](https://github.com/thiagomajesk/ez_auth/blob/v0.1.0/lib/ez_auth/accounts.ex#L1)

Public authentication operations for users, identities, sessions, and verifications.

# `create_user_with_email`

Creates a passwordless user with an email identity (used by magic-link / email-OTP request flows).

# `create_user_with_password`

Creates a user from email + password sign-up attributes.

# `create_user_with_phone`

Creates a passwordless user with a phone identity (used by SMS OTP request flow).

# `email_taken?`

# `find_or_create_email_identity`

Returns the user and verified email identity, creating a passwordless user when none exists.

# `find_or_create_phone_identity`

Returns the user and verified phone identity, creating a passwordless user when none exists.

# `generate_user_session_token`

Generates a session token for the user.

# `get_user_by_email`

# `get_user_by_session_token`

Fetches the user for a valid session token.

# `get_user_by_username`

# `get_verified_identity`

Fetches a verified identity by type and value, returning the user it belongs to alongside.

# `issue_identity_verification`

Issues an identity verification token and dispatches it through the configured sender.

# `request_email_verification`

Issues an `:email` verification for the given identity.

# `request_password_recovery`

Issues a recovery code and dispatches it via the configured sender.

Returns `:ok` even when the email is unknown, so callers cannot probe for account existence.

# `revoke_user_session_token`

Revokes a single session token.

# `revoke_user_sessions`

Revokes all session tokens for a user.

# `update_user_profile`

Updates the user's profile fields (name, username, metadata).

# `username_taken?`

# `verify_magic_code`

Verifies a short magic-code and consumes it.

The code is the human-typeable secret sent out-of-band (recovery email,
SMS OTP). Because the code's entropy is low, the lookup is value-scoped
to the identity it was issued for.

# `verify_magic_link`

Verifies a magic-link token and consumes it.

The token is the long random secret embedded in a URL. Used by `:email`
identity verification (post-signup confirm and magic-link sign-in) and
similar link-style flows.

---

*Consult [api-reference.md](api-reference.md) for complete listing*