# `Sftpd.Auth`
[🔗](https://github.com/elixir-ssh/sftpd/blob/v0.1.1/lib/sftpd/auth.ex#L1)

Behaviour and helpers for SFTP authentication.

Applications can pass `auth: {Module, opts}` to `Sftpd.start_server/1` or
`Sftpd.child_spec/1`. The callbacks return an opaque session map that is
threaded into backend operations for the authenticated SSH connection.

# `session`

```elixir
@type session() :: map()
```

Opaque session context returned by application auth callbacks.

# `authenticate_password`

```elixir
@callback authenticate_password(
  username :: String.t(),
  password :: String.t(),
  peer :: term(),
  opts :: term()
) :: {:ok, session()} | :error | {:error, term()} | :disconnect
```

# `authorize_public_key`

```elixir
@callback authorize_public_key(
  username :: String.t(),
  public_key :: term(),
  opts :: term()
) :: {:ok, session()} | :error | {:error, term()}
```

# `decode_authorized_key`

```elixir
@spec decode_authorized_key(binary()) :: {:ok, term()} | {:error, term()}
```

Decode one OpenSSH authorized-key line into an Erlang public key.

# `fingerprint`

```elixir
@spec fingerprint(term(), atom()) :: String.t()
```

Return an OpenSSH-style public-key fingerprint.

SHA256 fingerprints are formatted as `SHA256:<base64-no-padding>`. MD5
fingerprints are formatted as `MD5:<colon-separated-hex>`.

---

*Consult [api-reference.md](api-reference.md) for complete listing*