From be413052d0c50afc17b60f2ea54d2715895cd62a Mon Sep 17 00:00:00 2001 From: Stephan Hug Date: Wed, 6 Dec 2023 22:06:27 +0100 Subject: [PATCH 01/30] fix(deps): mark ash_postgres as optional --- mix.exs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mix.exs b/mix.exs index 74f8dbbc..a41f8790 100644 --- a/mix.exs +++ b/mix.exs @@ -228,7 +228,7 @@ defmodule AshAuthentication.MixProject do {:absinthe_plug, "~> 1.5", only: [:dev, :test]}, {:ash_graphql, "~> 0.21", only: [:dev, :test]}, {:ash_json_api, "~> 0.30", only: [:dev, :test]}, - {:ash_postgres, "~> 1.3.1", only: [:dev, :test]}, + {:ash_postgres, "~> 1.3.64", optional: true}, {:credo, "~> 1.6", only: [:dev, :test], runtime: false}, {:dialyxir, "~> 1.2", only: [:dev, :test], runtime: false}, {:doctor, "~> 0.18", only: [:dev, :test]}, From b0274cdd1ea6ad3b7cf4a841f9b191ed6a17f7fc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 7 Dec 2023 09:50:56 +1300 Subject: [PATCH 02/30] chore(deps): Bump ash from 2.17.7 to 2.17.8 (#516) Bumps [ash](https://github.com/ash-project/ash) from 2.17.7 to 2.17.8. - [Release notes](https://github.com/ash-project/ash/releases) - [Changelog](https://github.com/ash-project/ash/blob/main/CHANGELOG.md) - [Commits](https://github.com/ash-project/ash/compare/v2.17.7...v2.17.8) --- updated-dependencies: - dependency-name: ash dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- mix.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mix.lock b/mix.lock index 4ace30d3..eb403608 100644 --- a/mix.lock +++ b/mix.lock @@ -1,7 +1,7 @@ %{ "absinthe": {:hex, :absinthe, "1.7.6", "0b897365f98d068cfcb4533c0200a8e58825a4aeeae6ec33633ebed6de11773b", [:mix], [{:dataloader, "~> 1.0.0 or ~> 2.0", [hex: :dataloader, repo: "hexpm", optional: true]}, {:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}, {:nimble_parsec, "~> 1.2.2 or ~> 1.3", [hex: :nimble_parsec, repo: "hexpm", optional: false]}, {:opentelemetry_process_propagator, "~> 0.2.1", [hex: :opentelemetry_process_propagator, repo: "hexpm", optional: true]}, {:telemetry, "~> 1.0 or ~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "e7626951ca5eec627da960615b51009f3a774765406ff02722b1d818f17e5778"}, "absinthe_plug": {:hex, :absinthe_plug, "1.5.8", "38d230641ba9dca8f72f1fed2dfc8abd53b3907d1996363da32434ab6ee5d6ab", [:mix], [{:absinthe, "~> 1.5", [hex: :absinthe, repo: "hexpm", optional: false]}, {:plug, "~> 1.4", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "bbb04176647b735828861e7b2705465e53e2cf54ccf5a73ddd1ebd855f996e5a"}, - "ash": {:hex, :ash, "2.17.7", "8d8f359db61b8ed8245347d836f8a981e69fea769759c69468b5331b342f2308", [:mix], [{:comparable, "~> 1.0", [hex: :comparable, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: false]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:spark, "~> 1.1 and >= 1.1.50", [hex: :spark, repo: "hexpm", optional: false]}, {:stream_data, "~> 0.6", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "dd18cf96a245fed88b7bc1d715ab380aafb502e05bf7bc02e7f8200770d4335d"}, + "ash": {:hex, :ash, "2.17.8", "272f31ee485b8d6a301d8b98c27e0ebed517caa60c7f0ce8e3192ff764d1f23c", [:mix], [{:comparable, "~> 1.0", [hex: :comparable, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: false]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:spark, "~> 1.1 and >= 1.1.50", [hex: :spark, repo: "hexpm", optional: false]}, {:stream_data, "~> 0.6", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "616848d473d23ae4874c05a0f1e564dccc83e09077c0e4eea4a25f7dc6450327"}, "ash_graphql": {:hex, :ash_graphql, "0.26.8", "ca0af0d267d3cb8e7d1cf006b132f7120f7635b54187c7e150c373a652bff09f", [:mix], [{:absinthe, "~> 1.7", [hex: :absinthe, repo: "hexpm", optional: false]}, {:absinthe_plug, "~> 1.4", [hex: :absinthe_plug, repo: "hexpm", optional: false]}, {:ash, "~> 2.17", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.2", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "dfb0a6b9840715b77fce4b95e0e820133706de76c6b1f9bafc16fa9889e7e739"}, "ash_json_api": {:hex, :ash_json_api, "0.34.0", "f11b21c322cead92d0a886c2f9640a35c5866e5024c4744ad1869996aeb3b123", [:mix], [{:ash, "~> 2.3 and >= 2.9.24", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:json_xema, "~> 0.4.0", [hex: :json_xema, repo: "hexpm", optional: false]}, {:open_api_spex, "~> 3.16", [hex: :open_api_spex, repo: "hexpm", optional: true]}, {:plug, "~> 1.11", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "192d805447e2ed506751a2ae6f58f564741f68a9e8cba1a71a2f6f3928e182f1"}, "ash_postgres": {:hex, :ash_postgres, "1.3.64", "7d7b66c482ffc934a93d9872649d22da0b832cbcb9f3a14b858a3e830100302a", [:mix], [{:ash, "~> 2.17 and >= 2.17.7", [hex: :ash, repo: "hexpm", optional: false]}, {:ecto, "~> 3.9", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.9", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, ">= 0.0.0", [hex: :postgrex, repo: "hexpm", optional: false]}], "hexpm", "22a40de58746ceae628b89e48317ab8bd4cf6b9cdf88c1e3a006773c4c606cd0"}, From 6d5397eaf9a95a330c5dd9c3feeb0a80f92cde9b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 8 Dec 2023 07:29:39 +1300 Subject: [PATCH 03/30] chore(deps): Bump ash from 2.17.8 to 2.17.9 (#519) --- mix.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mix.lock b/mix.lock index eb403608..605e138d 100644 --- a/mix.lock +++ b/mix.lock @@ -1,7 +1,7 @@ %{ "absinthe": {:hex, :absinthe, "1.7.6", "0b897365f98d068cfcb4533c0200a8e58825a4aeeae6ec33633ebed6de11773b", [:mix], [{:dataloader, "~> 1.0.0 or ~> 2.0", [hex: :dataloader, repo: "hexpm", optional: true]}, {:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}, {:nimble_parsec, "~> 1.2.2 or ~> 1.3", [hex: :nimble_parsec, repo: "hexpm", optional: false]}, {:opentelemetry_process_propagator, "~> 0.2.1", [hex: :opentelemetry_process_propagator, repo: "hexpm", optional: true]}, {:telemetry, "~> 1.0 or ~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "e7626951ca5eec627da960615b51009f3a774765406ff02722b1d818f17e5778"}, "absinthe_plug": {:hex, :absinthe_plug, "1.5.8", "38d230641ba9dca8f72f1fed2dfc8abd53b3907d1996363da32434ab6ee5d6ab", [:mix], [{:absinthe, "~> 1.5", [hex: :absinthe, repo: "hexpm", optional: false]}, {:plug, "~> 1.4", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "bbb04176647b735828861e7b2705465e53e2cf54ccf5a73ddd1ebd855f996e5a"}, - "ash": {:hex, :ash, "2.17.8", "272f31ee485b8d6a301d8b98c27e0ebed517caa60c7f0ce8e3192ff764d1f23c", [:mix], [{:comparable, "~> 1.0", [hex: :comparable, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: false]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:spark, "~> 1.1 and >= 1.1.50", [hex: :spark, repo: "hexpm", optional: false]}, {:stream_data, "~> 0.6", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "616848d473d23ae4874c05a0f1e564dccc83e09077c0e4eea4a25f7dc6450327"}, + "ash": {:hex, :ash, "2.17.9", "194d1bd5facdc0059ab315dc023ffafd871b1cfbe2febdac7f7858f4323be1b1", [:mix], [{:comparable, "~> 1.0", [hex: :comparable, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: false]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:spark, "~> 1.1 and >= 1.1.50", [hex: :spark, repo: "hexpm", optional: false]}, {:stream_data, "~> 0.6", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "855472c7cce9cd96987bf3905d2d9fee0a1f080bafbb0eb2697fc80fb21bdbe4"}, "ash_graphql": {:hex, :ash_graphql, "0.26.8", "ca0af0d267d3cb8e7d1cf006b132f7120f7635b54187c7e150c373a652bff09f", [:mix], [{:absinthe, "~> 1.7", [hex: :absinthe, repo: "hexpm", optional: false]}, {:absinthe_plug, "~> 1.4", [hex: :absinthe_plug, repo: "hexpm", optional: false]}, {:ash, "~> 2.17", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.2", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "dfb0a6b9840715b77fce4b95e0e820133706de76c6b1f9bafc16fa9889e7e739"}, "ash_json_api": {:hex, :ash_json_api, "0.34.0", "f11b21c322cead92d0a886c2f9640a35c5866e5024c4744ad1869996aeb3b123", [:mix], [{:ash, "~> 2.3 and >= 2.9.24", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:json_xema, "~> 0.4.0", [hex: :json_xema, repo: "hexpm", optional: false]}, {:open_api_spex, "~> 3.16", [hex: :open_api_spex, repo: "hexpm", optional: true]}, {:plug, "~> 1.11", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "192d805447e2ed506751a2ae6f58f564741f68a9e8cba1a71a2f6f3928e182f1"}, "ash_postgres": {:hex, :ash_postgres, "1.3.64", "7d7b66c482ffc934a93d9872649d22da0b832cbcb9f3a14b858a3e830100302a", [:mix], [{:ash, "~> 2.17 and >= 2.17.7", [hex: :ash, repo: "hexpm", optional: false]}, {:ecto, "~> 3.9", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.9", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, ">= 0.0.0", [hex: :postgrex, repo: "hexpm", optional: false]}], "hexpm", "22a40de58746ceae628b89e48317ab8bd4cf6b9cdf88c1e3a006773c4c606cd0"}, @@ -22,7 +22,7 @@ "doctor": {:hex, :doctor, "0.21.0", "20ef89355c67778e206225fe74913e96141c4d001cb04efdeba1a2a9704f1ab5", [:mix], [{:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}], "hexpm", "a227831daa79784eb24cdeedfa403c46a4cb7d0eab0e31232ec654314447e4e0"}, "earmark": {:hex, :earmark, "1.4.46", "8c7287bd3137e99d26ae4643e5b7ef2129a260e3dcf41f251750cb4563c8fb81", [:mix], [], "hexpm", "798d86db3d79964e759ddc0c077d5eb254968ed426399fbf5a62de2b5ff8910a"}, "earmark_parser": {:hex, :earmark_parser, "1.4.36", "487ea8ef9bdc659f085e6e654f3c3feea1d36ac3943edf9d2ef6c98de9174c13", [:mix], [], "hexpm", "a524e395634bdcf60a616efe77fd79561bec2e930d8b82745df06ab4e844400a"}, - "ecto": {:hex, :ecto, "3.11.0", "ff8614b4e70a774f9d39af809c426def80852048440e8785d93a6e91f48fec00", [:mix], [{:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "7769dad267ef967310d6e988e92d772659b11b09a0c015f101ce0fff81ce1f81"}, + "ecto": {:hex, :ecto, "3.11.1", "4b4972b717e7ca83d30121b12998f5fcdc62ba0ed4f20fd390f16f3270d85c3e", [:mix], [{:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "ebd3d3772cd0dfcd8d772659e41ed527c28b2a8bde4b00fe03e0463da0f1983b"}, "ecto_sql": {:hex, :ecto_sql, "3.11.0", "c787b24b224942b69c9ff7ab9107f258ecdc68326be04815c6cce2941b6fad1c", [:mix], [{:db_connection, "~> 2.5 or ~> 2.4.1", [hex: :db_connection, repo: "hexpm", optional: false]}, {:ecto, "~> 3.11.0", [hex: :ecto, repo: "hexpm", optional: false]}, {:myxql, "~> 0.6.0", [hex: :myxql, repo: "hexpm", optional: true]}, {:postgrex, "~> 0.16.0 or ~> 0.17.0 or ~> 1.0", [hex: :postgrex, repo: "hexpm", optional: true]}, {:tds, "~> 2.1.1 or ~> 2.2", [hex: :tds, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4.0 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "77aa3677169f55c2714dda7352d563002d180eb33c0dc29cd36d39c0a1a971f5"}, "elixir_make": {:hex, :elixir_make, "0.7.7", "7128c60c2476019ed978210c245badf08b03dbec4f24d05790ef791da11aa17c", [:mix], [{:castore, "~> 0.1 or ~> 1.0", [hex: :castore, repo: "hexpm", optional: true]}], "hexpm", "5bc19fff950fad52bbe5f211b12db9ec82c6b34a9647da0c2224b8b8464c7e6c"}, "erlex": {:hex, :erlex, "0.2.6", "c7987d15e899c7a2f34f5420d2a2ea0d659682c06ac607572df55a43753aa12e", [:mix], [], "hexpm", "2ed2e25711feb44d52b17d2780eabf998452f6efda104877a3881c2f8c0c0c75"}, From 6cbee07afa797f8b5b0320415181f08555f1cb49 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Dec 2023 10:19:35 +1300 Subject: [PATCH 04/30] chore(deps): Bump ash from 2.17.9 to 2.17.10 (#520) Bumps [ash](https://github.com/ash-project/ash) from 2.17.9 to 2.17.10. - [Release notes](https://github.com/ash-project/ash/releases) - [Changelog](https://github.com/ash-project/ash/blob/main/CHANGELOG.md) - [Commits](https://github.com/ash-project/ash/compare/v2.17.9...v2.17.10) --- updated-dependencies: - dependency-name: ash dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- mix.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mix.lock b/mix.lock index 605e138d..5e0a67a5 100644 --- a/mix.lock +++ b/mix.lock @@ -1,7 +1,7 @@ %{ "absinthe": {:hex, :absinthe, "1.7.6", "0b897365f98d068cfcb4533c0200a8e58825a4aeeae6ec33633ebed6de11773b", [:mix], [{:dataloader, "~> 1.0.0 or ~> 2.0", [hex: :dataloader, repo: "hexpm", optional: true]}, {:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}, {:nimble_parsec, "~> 1.2.2 or ~> 1.3", [hex: :nimble_parsec, repo: "hexpm", optional: false]}, {:opentelemetry_process_propagator, "~> 0.2.1", [hex: :opentelemetry_process_propagator, repo: "hexpm", optional: true]}, {:telemetry, "~> 1.0 or ~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "e7626951ca5eec627da960615b51009f3a774765406ff02722b1d818f17e5778"}, "absinthe_plug": {:hex, :absinthe_plug, "1.5.8", "38d230641ba9dca8f72f1fed2dfc8abd53b3907d1996363da32434ab6ee5d6ab", [:mix], [{:absinthe, "~> 1.5", [hex: :absinthe, repo: "hexpm", optional: false]}, {:plug, "~> 1.4", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "bbb04176647b735828861e7b2705465e53e2cf54ccf5a73ddd1ebd855f996e5a"}, - "ash": {:hex, :ash, "2.17.9", "194d1bd5facdc0059ab315dc023ffafd871b1cfbe2febdac7f7858f4323be1b1", [:mix], [{:comparable, "~> 1.0", [hex: :comparable, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: false]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:spark, "~> 1.1 and >= 1.1.50", [hex: :spark, repo: "hexpm", optional: false]}, {:stream_data, "~> 0.6", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "855472c7cce9cd96987bf3905d2d9fee0a1f080bafbb0eb2697fc80fb21bdbe4"}, + "ash": {:hex, :ash, "2.17.10", "5fc4a5bb239ca824fd259276b4b8529dd330cca31c588656f099483aa34ebdc0", [:mix], [{:comparable, "~> 1.0", [hex: :comparable, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: false]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:spark, "~> 1.1 and >= 1.1.50", [hex: :spark, repo: "hexpm", optional: false]}, {:stream_data, "~> 0.6", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "263ebecb61480fa0c5106376cb4b0b25735e88372a29615fcc5abf4fe797221f"}, "ash_graphql": {:hex, :ash_graphql, "0.26.8", "ca0af0d267d3cb8e7d1cf006b132f7120f7635b54187c7e150c373a652bff09f", [:mix], [{:absinthe, "~> 1.7", [hex: :absinthe, repo: "hexpm", optional: false]}, {:absinthe_plug, "~> 1.4", [hex: :absinthe_plug, repo: "hexpm", optional: false]}, {:ash, "~> 2.17", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.2", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "dfb0a6b9840715b77fce4b95e0e820133706de76c6b1f9bafc16fa9889e7e739"}, "ash_json_api": {:hex, :ash_json_api, "0.34.0", "f11b21c322cead92d0a886c2f9640a35c5866e5024c4744ad1869996aeb3b123", [:mix], [{:ash, "~> 2.3 and >= 2.9.24", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:json_xema, "~> 0.4.0", [hex: :json_xema, repo: "hexpm", optional: false]}, {:open_api_spex, "~> 3.16", [hex: :open_api_spex, repo: "hexpm", optional: true]}, {:plug, "~> 1.11", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "192d805447e2ed506751a2ae6f58f564741f68a9e8cba1a71a2f6f3928e182f1"}, "ash_postgres": {:hex, :ash_postgres, "1.3.64", "7d7b66c482ffc934a93d9872649d22da0b832cbcb9f3a14b858a3e830100302a", [:mix], [{:ash, "~> 2.17 and >= 2.17.7", [hex: :ash, repo: "hexpm", optional: false]}, {:ecto, "~> 3.9", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.9", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, ">= 0.0.0", [hex: :postgrex, repo: "hexpm", optional: false]}], "hexpm", "22a40de58746ceae628b89e48317ab8bd4cf6b9cdf88c1e3a006773c4c606cd0"}, From b05526908e370aafbea0f3a8f0897179323c62e5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 15 Dec 2023 09:07:32 +1300 Subject: [PATCH 05/30] chore(deps): Bump ash from 2.17.10 to 2.17.12 (#524) * chore(deps): Bump ash from 2.17.10 to 2.17.12 Bumps [ash](https://github.com/ash-project/ash) from 2.17.10 to 2.17.12. - [Release notes](https://github.com/ash-project/ash/releases) - [Changelog](https://github.com/ash-project/ash/blob/main/CHANGELOG.md) - [Commits](https://github.com/ash-project/ash/compare/v2.17.10...v2.17.12) --- updated-dependencies: - dependency-name: ash dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] * docs: Update Spark DSL docs. --------- Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: James Harton --- ...hAuthentication.AddOn.Confirmation.cheatmd | 428 ------- ...L:-AshAuthentication.AddOn.Confirmation.md | 195 ++++ ...:-AshAuthentication.Strategy.Auth0.cheatmd | 860 -------------- .../DSL:-AshAuthentication.Strategy.Auth0.md | 285 +++++ ...-AshAuthentication.Strategy.Github.cheatmd | 863 -------------- .../DSL:-AshAuthentication.Strategy.Github.md | 288 +++++ ...-AshAuthentication.Strategy.Google.cheatmd | 862 -------------- .../DSL:-AshAuthentication.Strategy.Google.md | 287 +++++ ...hAuthentication.Strategy.MagicLink.cheatmd | 337 ------ ...L:-AshAuthentication.Strategy.MagicLink.md | 172 +++ ...-AshAuthentication.Strategy.OAuth2.cheatmd | 1020 ----------------- .../DSL:-AshAuthentication.Strategy.OAuth2.md | 445 +++++++ ...L:-AshAuthentication.Strategy.Oidc.cheatmd | 1015 ---------------- .../DSL:-AshAuthentication.Strategy.Oidc.md | 315 +++++ ...shAuthentication.Strategy.Password.cheatmd | 682 ----------- ...SL:-AshAuthentication.Strategy.Password.md | 280 +++++ ...L:-AshAuthentication.TokenResource.cheatmd | 359 ------ .../DSL:-AshAuthentication.TokenResource.md | 122 ++ ...SL:-AshAuthentication.UserIdentity.cheatmd | 319 ------ .../DSL:-AshAuthentication.UserIdentity.md | 81 ++ .../dsls/DSL:-AshAuthentication.cheatmd | 446 ------- documentation/dsls/DSL:-AshAuthentication.md | 155 +++ mix.lock | 8 +- 23 files changed, 2629 insertions(+), 7195 deletions(-) delete mode 100644 documentation/dsls/DSL:-AshAuthentication.AddOn.Confirmation.cheatmd create mode 100644 documentation/dsls/DSL:-AshAuthentication.AddOn.Confirmation.md delete mode 100644 documentation/dsls/DSL:-AshAuthentication.Strategy.Auth0.cheatmd create mode 100644 documentation/dsls/DSL:-AshAuthentication.Strategy.Auth0.md delete mode 100644 documentation/dsls/DSL:-AshAuthentication.Strategy.Github.cheatmd create mode 100644 documentation/dsls/DSL:-AshAuthentication.Strategy.Github.md delete mode 100644 documentation/dsls/DSL:-AshAuthentication.Strategy.Google.cheatmd create mode 100644 documentation/dsls/DSL:-AshAuthentication.Strategy.Google.md delete mode 100644 documentation/dsls/DSL:-AshAuthentication.Strategy.MagicLink.cheatmd create mode 100644 documentation/dsls/DSL:-AshAuthentication.Strategy.MagicLink.md delete mode 100644 documentation/dsls/DSL:-AshAuthentication.Strategy.OAuth2.cheatmd create mode 100644 documentation/dsls/DSL:-AshAuthentication.Strategy.OAuth2.md delete mode 100644 documentation/dsls/DSL:-AshAuthentication.Strategy.Oidc.cheatmd create mode 100644 documentation/dsls/DSL:-AshAuthentication.Strategy.Oidc.md delete mode 100644 documentation/dsls/DSL:-AshAuthentication.Strategy.Password.cheatmd create mode 100644 documentation/dsls/DSL:-AshAuthentication.Strategy.Password.md delete mode 100644 documentation/dsls/DSL:-AshAuthentication.TokenResource.cheatmd create mode 100644 documentation/dsls/DSL:-AshAuthentication.TokenResource.md delete mode 100644 documentation/dsls/DSL:-AshAuthentication.UserIdentity.cheatmd create mode 100644 documentation/dsls/DSL:-AshAuthentication.UserIdentity.md delete mode 100644 documentation/dsls/DSL:-AshAuthentication.cheatmd create mode 100644 documentation/dsls/DSL:-AshAuthentication.md diff --git a/documentation/dsls/DSL:-AshAuthentication.AddOn.Confirmation.cheatmd b/documentation/dsls/DSL:-AshAuthentication.AddOn.Confirmation.cheatmd deleted file mode 100644 index 28cb6979..00000000 --- a/documentation/dsls/DSL:-AshAuthentication.AddOn.Confirmation.cheatmd +++ /dev/null @@ -1,428 +0,0 @@ - -# DSL: AshAuthentication.AddOn.Confirmation - -Confirmation support. - -Sometimes when creating a new user, or changing a sensitive attribute (such as -their email address) you may want to wait for the user to confirm by way of -sending them a confirmation token to prove that it was really them that took -the action. - -In order to add confirmation to your resource, it must been the following -minimum requirements: - -1. Have a primary key -2. Have at least one attribute you wish to confirm -3. Tokens must be enabled - -## Example - -```elixir -defmodule MyApp.Accounts.User do - use Ash.Resource, - extensions: [AshAuthentication] - - attributes do - uuid_primary_key :id - attribute :email, :ci_string, allow_nil?: false - end - - authentication do - api MyApp.Accounts - - add_ons do - confirmation :confirm do - monitor_fields [:email] - sender MyApp.ConfirmationSender - end - end - - strategies do - # ... - end - end - - identities do - identity :email, [:email] do - eager_check_with MyApp.Accounts - end - end -end -``` - -## Attributes - -A `confirmed_at` attribute will be added to your resource if it's not already -present (see `confirmed_at_field` in the DSL documentation). - -## Actions - -By default confirmation will add an action which updates the `confirmed_at` -attribute as well as retrieving previously stored changes and applying them to -the resource. - -If you wish to perform the confirm action directly from your code you can do -so via the `AshAuthentication.Strategy` protocol. - -### Example - - iex> strategy = Info.strategy!(Example.User, :confirm) - ...> {:ok, user} = Strategy.action(strategy, :confirm, %{"confirm" => confirmation_token()}) - ...> user.confirmed_at >= one_second_ago() - true - -## Plugs - -Confirmation provides a single endpoint for the `:confirm` phase. If you wish -to interact with the plugs directly, you can do so via the -`AshAuthentication.Strategy` protocol. - -### Example - - iex> strategy = Info.strategy!(Example.User, :confirm) - ...> conn = conn(:get, "/user/confirm", %{"confirm" => confirmation_token()}) - ...> conn = Strategy.plug(strategy, :confirm, conn) - ...> {_conn, {:ok, user}} = Plug.Helpers.get_authentication_result(conn) - ...> user.confirmed_at >= one_second_ago() - true - -## DSL Documentation - -User confirmation flow - - - - - -* `:name` (`t:atom/0`) - Required. Uniquely identifies the add-on. - -* `:token_lifetime` - How long should the confirmation token be valid. - If no unit is provided, then hours is assumed. - Defaults to 3 days. The default value is `{3, :days}`. - -* `:monitor_fields` (list of `t:atom/0`) - Required. A list of fields to monitor for changes (eg `[:email, :phone_number]`). - The confirmation will only be sent when one of these fields are changed. - -* `:confirmed_at_field` (`t:atom/0`) - The name of a field to store the time that the last confirmation took - place. - This attribute will be dynamically added to the resource if not already - present. The default value is `:confirmed_at`. - -* `:confirm_on_create?` (`t:boolean/0`) - Generate and send a confirmation token when a new resource is created? - Will only trigger when a create action is executed _and_ one of the - monitored fields is being set. The default value is `true`. - -* `:confirm_on_update?` (`t:boolean/0`) - Generate and send a confirmation token when a resource is changed? - Will only trigger when an update action is executed _and_ one of the - monitored fields is being set. The default value is `true`. - -* `:inhibit_updates?` (`t:boolean/0`) - Wait until confirmation is received before actually changing a monitored - field? - If a change to a monitored field is detected, then the change is stored - in the token resource and the changeset updated to not make the - requested change. When the token is confirmed, the change will be - applied. - This could be potentially weird for your users, but useful in the case - of a user changing their email address or phone number where you want - to verify that the new contact details are reachable. The default value is `true`. - -* `:sender` - Required. How to send the confirmation instructions to the user. - Allows you to glue sending of confirmation instructions to - [swoosh](https://hex.pm/packages/swoosh), - [ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification - system is appropriate for your application. - Accepts a module, module and opts, or a function that takes a record, - reset token and options. - The options will be a keyword list containing the original - changeset, before any changes were inhibited. This allows you - to send an email to the user's new email address if it is being - changed for example. - See `AshAuthentication.Sender` for more information. - -* `:confirm_action_name` (`t:atom/0`) - The name of the action to use when performing confirmation. - If this action is not already present on the resource, it will be - created for you. The default value is `:confirm`. - - - - - - - - -## authentication.add_ons.confirmation -```elixir -confirmation name \ :confirm -``` - - -User confirmation flow - - - - - -### Arguments - - - - - - - - - - - - - - - - - - - -
NameTypeDefaultDocs
- - - name - - - * - - - atom - - - - Uniquely identifies the add-on. - -
-### Options - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDefaultDocs
- - - monitor_fields - - - * - - - list(atom) - - - - A list of fields to monitor for changes (eg `[:email, :phone_number]`). -The confirmation will only be sent when one of these fields are changed. - -
- - - sender - - - * - - - (any, any, any -> any) | module - - - - How to send the confirmation instructions to the user. -Allows you to glue sending of confirmation instructions to -[swoosh](https://hex.pm/packages/swoosh), -[ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification -system is appropriate for your application. -Accepts a module, module and opts, or a function that takes a record, -reset token and options. -The options will be a keyword list containing the original -changeset, before any changes were inhibited. This allows you -to send an email to the user's new email address if it is being -changed for example. -See `AshAuthentication.Sender` for more information. - -
- - - token_lifetime - - - - - pos_integer | {pos_integer, :days | :hours | :minutes | :seconds} - - {3, :days} - - How long should the confirmation token be valid. -If no unit is provided, then hours is assumed. - -Defaults to 3 days. - -
- - - confirmed_at_field - - - - - atom - - :confirmed_at - - The name of a field to store the time that the last confirmation took -place. -This attribute will be dynamically added to the resource if not already -present. - -
- - - confirm_on_create? - - - - - boolean - - true - - Generate and send a confirmation token when a new resource is created? -Will only trigger when a create action is executed _and_ one of the -monitored fields is being set. - -
- - - confirm_on_update? - - - - - boolean - - true - - Generate and send a confirmation token when a resource is changed? -Will only trigger when an update action is executed _and_ one of the -monitored fields is being set. - -
- - - inhibit_updates? - - - - - boolean - - true - - Wait until confirmation is received before actually changing a monitored -field? -If a change to a monitored field is detected, then the change is stored -in the token resource and the changeset updated to not make the -requested change. When the token is confirmed, the change will be -applied. -This could be potentially weird for your users, but useful in the case -of a user changing their email address or phone number where you want -to verify that the new contact details are reachable. - -
- - - confirm_action_name - - - - - atom - - :confirm - - The name of the action to use when performing confirmation. -If this action is not already present on the resource, it will be -created for you. - -
- - - - - -### Introspection - -Target: `AshAuthentication.AddOn.Confirmation` - - diff --git a/documentation/dsls/DSL:-AshAuthentication.AddOn.Confirmation.md b/documentation/dsls/DSL:-AshAuthentication.AddOn.Confirmation.md new file mode 100644 index 00000000..d4a44878 --- /dev/null +++ b/documentation/dsls/DSL:-AshAuthentication.AddOn.Confirmation.md @@ -0,0 +1,195 @@ + +# DSL: AshAuthentication.AddOn.Confirmation + +Confirmation support. + +Sometimes when creating a new user, or changing a sensitive attribute (such as +their email address) you may want to wait for the user to confirm by way of +sending them a confirmation token to prove that it was really them that took +the action. + +In order to add confirmation to your resource, it must been the following +minimum requirements: + +1. Have a primary key +2. Have at least one attribute you wish to confirm +3. Tokens must be enabled + +## Example + +```elixir +defmodule MyApp.Accounts.User do + use Ash.Resource, + extensions: [AshAuthentication] + + attributes do + uuid_primary_key :id + attribute :email, :ci_string, allow_nil?: false + end + + authentication do + api MyApp.Accounts + + add_ons do + confirmation :confirm do + monitor_fields [:email] + sender MyApp.ConfirmationSender + end + end + + strategies do + # ... + end + end + + identities do + identity :email, [:email] do + eager_check_with MyApp.Accounts + end + end +end +``` + +## Attributes + +A `confirmed_at` attribute will be added to your resource if it's not already +present (see `confirmed_at_field` in the DSL documentation). + +## Actions + +By default confirmation will add an action which updates the `confirmed_at` +attribute as well as retrieving previously stored changes and applying them to +the resource. + +If you wish to perform the confirm action directly from your code you can do +so via the `AshAuthentication.Strategy` protocol. + +### Example + + iex> strategy = Info.strategy!(Example.User, :confirm) + ...> {:ok, user} = Strategy.action(strategy, :confirm, %{"confirm" => confirmation_token()}) + ...> user.confirmed_at >= one_second_ago() + true + +## Plugs + +Confirmation provides a single endpoint for the `:confirm` phase. If you wish +to interact with the plugs directly, you can do so via the +`AshAuthentication.Strategy` protocol. + +### Example + + iex> strategy = Info.strategy!(Example.User, :confirm) + ...> conn = conn(:get, "/user/confirm", %{"confirm" => confirmation_token()}) + ...> conn = Strategy.plug(strategy, :confirm, conn) + ...> {_conn, {:ok, user}} = Plug.Helpers.get_authentication_result(conn) + ...> user.confirmed_at >= one_second_ago() + true + +## DSL Documentation + +User confirmation flow + + + + + +* `:name` (`t:atom/0`) - Required. Uniquely identifies the add-on. + +* `:token_lifetime` - How long should the confirmation token be valid. + If no unit is provided, then hours is assumed. + Defaults to 3 days. The default value is `{3, :days}`. + +* `:monitor_fields` (list of `t:atom/0`) - Required. A list of fields to monitor for changes (eg `[:email, :phone_number]`). + The confirmation will only be sent when one of these fields are changed. + +* `:confirmed_at_field` (`t:atom/0`) - The name of a field to store the time that the last confirmation took + place. + This attribute will be dynamically added to the resource if not already + present. The default value is `:confirmed_at`. + +* `:confirm_on_create?` (`t:boolean/0`) - Generate and send a confirmation token when a new resource is created? + Will only trigger when a create action is executed _and_ one of the + monitored fields is being set. The default value is `true`. + +* `:confirm_on_update?` (`t:boolean/0`) - Generate and send a confirmation token when a resource is changed? + Will only trigger when an update action is executed _and_ one of the + monitored fields is being set. The default value is `true`. + +* `:inhibit_updates?` (`t:boolean/0`) - Wait until confirmation is received before actually changing a monitored + field? + If a change to a monitored field is detected, then the change is stored + in the token resource and the changeset updated to not make the + requested change. When the token is confirmed, the change will be + applied. + This could be potentially weird for your users, but useful in the case + of a user changing their email address or phone number where you want + to verify that the new contact details are reachable. The default value is `true`. + +* `:sender` - Required. How to send the confirmation instructions to the user. + Allows you to glue sending of confirmation instructions to + [swoosh](https://hex.pm/packages/swoosh), + [ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification + system is appropriate for your application. + Accepts a module, module and opts, or a function that takes a record, + reset token and options. + The options will be a keyword list containing the original + changeset, before any changes were inhibited. This allows you + to send an email to the user's new email address if it is being + changed for example. + See `AshAuthentication.Sender` for more information. + +* `:confirm_action_name` (`t:atom/0`) - The name of the action to use when performing confirmation. + If this action is not already present on the resource, it will be + created for you. The default value is `:confirm`. + + + + + + + + +## authentication.add_ons.confirmation +```elixir +confirmation name \\ :confirm +``` + + +User confirmation flow + + + + + +### Arguments + +| Name | Type | Default | Docs | +|------|------|---------|------| +| [`name`](#authentication-add_ons-confirmation-name){: #authentication-add_ons-confirmation-name .spark-required} | `atom` | | Uniquely identifies the add-on. | +### Options + +| Name | Type | Default | Docs | +|------|------|---------|------| +| [`monitor_fields`](#authentication-add_ons-confirmation-monitor_fields){: #authentication-add_ons-confirmation-monitor_fields .spark-required} | `list(atom)` | | A list of fields to monitor for changes (eg `[:email, :phone_number]`). The confirmation will only be sent when one of these fields are changed. | +| [`sender`](#authentication-add_ons-confirmation-sender){: #authentication-add_ons-confirmation-sender .spark-required} | `(any, any, any -> any) \| module` | | How to send the confirmation instructions to the user. Allows you to glue sending of confirmation instructions to [swoosh](https://hex.pm/packages/swoosh), [ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification system is appropriate for your application. Accepts a module, module and opts, or a function that takes a record, reset token and options. The options will be a keyword list containing the original changeset, before any changes were inhibited. This allows you to send an email to the user's new email address if it is being changed for example. See `AshAuthentication.Sender` for more information. | +| [`token_lifetime`](#authentication-add_ons-confirmation-token_lifetime){: #authentication-add_ons-confirmation-token_lifetime } | `pos_integer \| {pos_integer, :days \| :hours \| :minutes \| :seconds}` | `{3, :days}` | How long should the confirmation token be valid. If no unit is provided, then hours is assumed. Defaults to 3 days. | +| [`confirmed_at_field`](#authentication-add_ons-confirmation-confirmed_at_field){: #authentication-add_ons-confirmation-confirmed_at_field } | `atom` | `:confirmed_at` | The name of a field to store the time that the last confirmation took place. This attribute will be dynamically added to the resource if not already present. | +| [`confirm_on_create?`](#authentication-add_ons-confirmation-confirm_on_create?){: #authentication-add_ons-confirmation-confirm_on_create? } | `boolean` | `true` | Generate and send a confirmation token when a new resource is created? Will only trigger when a create action is executed _and_ one of the monitored fields is being set. | +| [`confirm_on_update?`](#authentication-add_ons-confirmation-confirm_on_update?){: #authentication-add_ons-confirmation-confirm_on_update? } | `boolean` | `true` | Generate and send a confirmation token when a resource is changed? Will only trigger when an update action is executed _and_ one of the monitored fields is being set. | +| [`inhibit_updates?`](#authentication-add_ons-confirmation-inhibit_updates?){: #authentication-add_ons-confirmation-inhibit_updates? } | `boolean` | `true` | Wait until confirmation is received before actually changing a monitored field? If a change to a monitored field is detected, then the change is stored in the token resource and the changeset updated to not make the requested change. When the token is confirmed, the change will be applied. This could be potentially weird for your users, but useful in the case of a user changing their email address or phone number where you want to verify that the new contact details are reachable. | +| [`confirm_action_name`](#authentication-add_ons-confirmation-confirm_action_name){: #authentication-add_ons-confirmation-confirm_action_name } | `atom` | `:confirm` | The name of the action to use when performing confirmation. If this action is not already present on the resource, it will be created for you. | + + + + + +### Introspection + +Target: `AshAuthentication.AddOn.Confirmation` + + + + diff --git a/documentation/dsls/DSL:-AshAuthentication.Strategy.Auth0.cheatmd b/documentation/dsls/DSL:-AshAuthentication.Strategy.Auth0.cheatmd deleted file mode 100644 index 2ad287bf..00000000 --- a/documentation/dsls/DSL:-AshAuthentication.Strategy.Auth0.cheatmd +++ /dev/null @@ -1,860 +0,0 @@ - -# DSL: AshAuthentication.Strategy.Auth0 - -Strategy for authenticating using [Auth0](https://auth0.com). - -This strategy builds on-top of `AshAuthentication.Strategy.OAuth2` and -[`assent`](https://hex.pm/packages/assent). - -In order to use Auth0 you need to provide the following minimum configuration: - - - `client_id` - - `redirect_uri` - - `client_secret` - - `site` - -See the [Auth0 quickstart guide](/documentation/tutorials/auth0-quickstart.md) -for more information. - -## DSL Documentation - -Provides a pre-configured authentication strategy for [Auth0](https://auth0.com/). - -This strategy is built using the `:oauth2` strategy, and thus provides all the same -configuration options should you need them. - -For more information see the [Auth0 Quick Start Guide](/documentation/tutorials/auth0-quickstart.md) -in our documentation. - -#### Strategy defaults: - -The following defaults are applied: - - * `:authorize_url` is set to `"/authorize"`. - * `:token_url` is set to `"/oauth/token"`. - * `:user_url` is set to `"/userinfo"`. - * `:authorization_params` is set to `[scope: "openid profile email"]`. - * `:auth_method` is set to `:client_secret_post`. - - -#### Schema: - - - - - - -* `:name` (`t:atom/0`) - Required. Uniquely identifies the strategy. - -* `:client_id` - Required. The OAuth2 client ID. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - client_id fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_client_id) - end - ``` - -* `:base_url` - The base URL of the OAuth2 server - including the leading protocol - (ie `https://`). - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - base_url fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) - end - ``` - -* `:site` - Deprecated: Use `base_url` instead. - -* `:auth_method` - The authentication strategy used, optional. If not set, no - authentication will be used during the access token request. The - value may be one of the following: - * `:client_secret_basic` - * `:client_secret_post` - * `:client_secret_jwt` - * `:private_key_jwt` - Valid values are nil, :client_secret_basic, :client_secret_post, :client_secret_jwt, :private_key_jwt The default value is `:client_secret_post`. - -* `:client_secret` - The OAuth2 client secret. - Required if :auth_method is `:client_secret_basic`, - `:client_secret_post` or `:client_secret_jwt`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - site fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) - end - ``` - -* `:authorize_url` - Required. The API url to the OAuth2 authorize endpoint. - Relative to the value of `site`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end - ``` - -* `:token_url` - Required. The API url to access the token endpoint. - Relative to the value of `site`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end - ``` - -* `:user_url` - Required. The API url to access the user endpoint. - Relative to the value of `site`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end - ``` - -* `:private_key` - The private key to use if `:auth_method` is `:private_key_jwt` - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - -* `:redirect_uri` - Required. The callback URI base. - Not the whole URI back to the callback endpoint, but the URI to your - `AuthPlug`. We can generate the rest. - Whilst not particularly secret, it seemed prudent to allow this to be - configured dynamically so that you can use different URIs for - different environments. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - -* `:authorization_params` (`t:keyword/0`) - Any additional parameters to encode in the request phase. - eg: `authorization_params scope: "openid profile email"` The default value is `[]`. - -* `:registration_enabled?` (`t:boolean/0`) - Is registration enabled for this provider? - If this option is enabled, then new users will be able to register for - your site when authenticating and not already present. - If not, then only existing users will be able to authenticate. The default value is `true`. - -* `:register_action_name` (`t:atom/0`) - The name of the action to use to register a user. - Only needed if `registration_enabled?` is `true`. - Because we we don't know the response format of the server, you must - implement your own registration action of the same name. - See the "Registration and Sign-in" section of the module - documentation for more information. - The default is computed from the strategy name eg: - `register_with_#{name}`. - -* `:sign_in_action_name` (`t:atom/0`) - The name of the action to use to sign in an existing user. - Only needed if `registration_enabled?` is `false`. - Because we don't know the response format of the server, you must - implement your own sign-in action of the same name. - See the "Registration and Sign-in" section of the module - documentation for more information. - The default is computed from the strategy name, eg: - `sign_in_with_#{name}`. - -* `:identity_resource` - The resource used to store user identities. - Given that a user can be signed into multiple different - authentication providers at once we use the - `AshAuthentication.UserIdentity` resource to build a mapping - between users, providers and that provider's uid. - See the Identities section of the module documentation for more - information. - Set to `false` to disable. The default value is `false`. - -* `:identity_relationship_name` (`t:atom/0`) - Name of the relationship to the provider identities resource The default value is `:identities`. - -* `:identity_relationship_user_id_attribute` (`t:atom/0`) - The name of the destination (user_id) attribute on your provider - identity resource. - The only reason to change this would be if you changed the - `user_id_attribute_name` option of the provider identity. The default value is `:user_id`. - -* `:icon` (`t:atom/0`) - The name of an icon to use in any potential UI. - This is a *hint* for UI generators to use, and not in any way canonical. The default value is `:oauth2`. - - - - - - - - -## authentication.strategies.auth0 -```elixir -auth0 name \ :auth0 -``` - - -Provides a pre-configured authentication strategy for [Auth0](https://auth0.com/). - -This strategy is built using the `:oauth2` strategy, and thus provides all the same -configuration options should you need them. - -For more information see the [Auth0 Quick Start Guide](/documentation/tutorials/auth0-quickstart.md) -in our documentation. - -###### Strategy defaults: - -The following defaults are applied: - -* `:authorize_url` is set to `"/authorize"`. -* `:token_url` is set to `"/oauth/token"`. -* `:user_url` is set to `"/userinfo"`. -* `:authorization_params` is set to `[scope: "openid profile email"]`. -* `:auth_method` is set to `:client_secret_post`. - - -###### Schema: - - - - - - -### Arguments - - - - - - - - - - - - - - - - - - - -
NameTypeDefaultDocs
- - - name - - - * - - - atom - - - - Uniquely identifies the strategy. - -
-### Options - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDefaultDocs
- - - client_id - - - * - - - (any, any -> any) | module | String.t - - - - The OAuth2 client ID. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -client_id fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_client_id) -end -``` - -
- - - authorize_url - - - * - - - (any, any -> any) | module | String.t - - - - The API url to the OAuth2 authorize endpoint. - -Relative to the value of `site`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end -``` - -
- - - token_url - - - * - - - (any, any -> any) | module | String.t - - - - The API url to access the token endpoint. - -Relative to the value of `site`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end -``` - -
- - - user_url - - - * - - - (any, any -> any) | module | String.t - - - - The API url to access the user endpoint. - -Relative to the value of `site`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end -``` - -
- - - redirect_uri - - - * - - - (any, any -> any) | module | String.t - - - - The callback URI base. - -Not the whole URI back to the callback endpoint, but the URI to your -`AuthPlug`. We can generate the rest. - -Whilst not particularly secret, it seemed prudent to allow this to be -configured dynamically so that you can use different URIs for -different environments. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -
- - - base_url - - - - - (any, any -> any) | module | String.t - - - - The base URL of the OAuth2 server - including the leading protocol -(ie `https://`). - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -base_url fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) -end -``` - -
- - - site - - - - - (any, any -> any) | module | String.t - - - - Deprecated: Use `base_url` instead. -
- - - auth_method - - - - - nil | :client_secret_basic | :client_secret_post | :client_secret_jwt | :private_key_jwt - - :client_secret_post - - The authentication strategy used, optional. If not set, no -authentication will be used during the access token request. The -value may be one of the following: - -* `:client_secret_basic` -* `:client_secret_post` -* `:client_secret_jwt` -* `:private_key_jwt` - -
- - - client_secret - - - - - (any, any -> any) | module | String.t - - - - The OAuth2 client secret. - -Required if :auth_method is `:client_secret_basic`, -`:client_secret_post` or `:client_secret_jwt`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -site fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) -end -``` - -
- - - private_key - - - - - (any, any -> any) | module | String.t - - - - The private key to use if `:auth_method` is `:private_key_jwt` - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -
- - - authorization_params - - - - - Keyword.t - - [] - - Any additional parameters to encode in the request phase. - -eg: `authorization_params scope: "openid profile email"` - -
- - - registration_enabled? - - - - - boolean - - true - - Is registration enabled for this provider? - -If this option is enabled, then new users will be able to register for -your site when authenticating and not already present. - -If not, then only existing users will be able to authenticate. - -
- - - register_action_name - - - - - atom - - - - The name of the action to use to register a user. - -Only needed if `registration_enabled?` is `true`. - -Because we we don't know the response format of the server, you must -implement your own registration action of the same name. - -See the "Registration and Sign-in" section of the module -documentation for more information. - -The default is computed from the strategy name eg: -`register_with_#{name}`. - -
- - - sign_in_action_name - - - - - atom - - - - The name of the action to use to sign in an existing user. - -Only needed if `registration_enabled?` is `false`. - -Because we don't know the response format of the server, you must -implement your own sign-in action of the same name. - -See the "Registration and Sign-in" section of the module -documentation for more information. - -The default is computed from the strategy name, eg: -`sign_in_with_#{name}`. - -
- - - identity_resource - - - - - module | false - - false - - The resource used to store user identities. - -Given that a user can be signed into multiple different -authentication providers at once we use the -`AshAuthentication.UserIdentity` resource to build a mapping -between users, providers and that provider's uid. - -See the Identities section of the module documentation for more -information. - -Set to `false` to disable. - -
- - - identity_relationship_name - - - - - atom - - :identities - - Name of the relationship to the provider identities resource -
- - - identity_relationship_user_id_attribute - - - - - atom - - :user_id - - The name of the destination (user_id) attribute on your provider -identity resource. - -The only reason to change this would be if you changed the -`user_id_attribute_name` option of the provider identity. - -
- - - icon - - - - - atom - - :oauth2 - - The name of an icon to use in any potential UI. - -This is a *hint* for UI generators to use, and not in any way canonical. - -
- - - - - -### Introspection - -Target: `AshAuthentication.Strategy.OAuth2` - - diff --git a/documentation/dsls/DSL:-AshAuthentication.Strategy.Auth0.md b/documentation/dsls/DSL:-AshAuthentication.Strategy.Auth0.md new file mode 100644 index 00000000..ca3a1b9d --- /dev/null +++ b/documentation/dsls/DSL:-AshAuthentication.Strategy.Auth0.md @@ -0,0 +1,285 @@ + +# DSL: AshAuthentication.Strategy.Auth0 + +Strategy for authenticating using [Auth0](https://auth0.com). + +This strategy builds on-top of `AshAuthentication.Strategy.OAuth2` and +[`assent`](https://hex.pm/packages/assent). + +In order to use Auth0 you need to provide the following minimum configuration: + + - `client_id` + - `redirect_uri` + - `client_secret` + - `site` + +See the [Auth0 quickstart guide](/documentation/tutorials/auth0-quickstart.md) +for more information. + +## DSL Documentation + +Provides a pre-configured authentication strategy for [Auth0](https://auth0.com/). + +This strategy is built using the `:oauth2` strategy, and thus provides all the same +configuration options should you need them. + +For more information see the [Auth0 Quick Start Guide](/documentation/tutorials/auth0-quickstart.md) +in our documentation. + +#### Strategy defaults: + +The following defaults are applied: + + * `:authorize_url` is set to `"/authorize"`. + * `:token_url` is set to `"/oauth/token"`. + * `:user_url` is set to `"/userinfo"`. + * `:authorization_params` is set to `[scope: "openid profile email"]`. + * `:auth_method` is set to `:client_secret_post`. + + +#### Schema: + + + + + + +* `:name` (`t:atom/0`) - Required. Uniquely identifies the strategy. + +* `:client_id` - Required. The OAuth2 client ID. + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + + Example: + ```elixir + client_id fn _, resource -> + :my_app + |> Application.get_env(resource, []) + |> Keyword.fetch(:oauth_client_id) + end + ``` + +* `:base_url` - The base URL of the OAuth2 server - including the leading protocol + (ie `https://`). + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + + Example: + ```elixir + base_url fn _, resource -> + :my_app + |> Application.get_env(resource, []) + |> Keyword.fetch(:oauth_site) + end + ``` + +* `:site` - Deprecated: Use `base_url` instead. + +* `:auth_method` - The authentication strategy used, optional. If not set, no + authentication will be used during the access token request. The + value may be one of the following: + * `:client_secret_basic` + * `:client_secret_post` + * `:client_secret_jwt` + * `:private_key_jwt` + Valid values are nil, :client_secret_basic, :client_secret_post, :client_secret_jwt, :private_key_jwt The default value is `:client_secret_post`. + +* `:client_secret` - The OAuth2 client secret. + Required if :auth_method is `:client_secret_basic`, + `:client_secret_post` or `:client_secret_jwt`. + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + + Example: + ```elixir + site fn _, resource -> + :my_app + |> Application.get_env(resource, []) + |> Keyword.fetch(:oauth_site) + end + ``` + +* `:authorize_url` - Required. The API url to the OAuth2 authorize endpoint. + Relative to the value of `site`. + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + + Example: + ```elixir + authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end + ``` + +* `:token_url` - Required. The API url to access the token endpoint. + Relative to the value of `site`. + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + + Example: + ```elixir + token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end + ``` + +* `:user_url` - Required. The API url to access the user endpoint. + Relative to the value of `site`. + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + + Example: + ```elixir + user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end + ``` + +* `:private_key` - The private key to use if `:auth_method` is `:private_key_jwt` + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + +* `:redirect_uri` - Required. The callback URI base. + Not the whole URI back to the callback endpoint, but the URI to your + `AuthPlug`. We can generate the rest. + Whilst not particularly secret, it seemed prudent to allow this to be + configured dynamically so that you can use different URIs for + different environments. + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + +* `:authorization_params` (`t:keyword/0`) - Any additional parameters to encode in the request phase. + eg: `authorization_params scope: "openid profile email"` The default value is `[]`. + +* `:registration_enabled?` (`t:boolean/0`) - Is registration enabled for this provider? + If this option is enabled, then new users will be able to register for + your site when authenticating and not already present. + If not, then only existing users will be able to authenticate. The default value is `true`. + +* `:register_action_name` (`t:atom/0`) - The name of the action to use to register a user. + Only needed if `registration_enabled?` is `true`. + Because we we don't know the response format of the server, you must + implement your own registration action of the same name. + See the "Registration and Sign-in" section of the module + documentation for more information. + The default is computed from the strategy name eg: + `register_with_#{name}`. + +* `:sign_in_action_name` (`t:atom/0`) - The name of the action to use to sign in an existing user. + Only needed if `registration_enabled?` is `false`. + Because we don't know the response format of the server, you must + implement your own sign-in action of the same name. + See the "Registration and Sign-in" section of the module + documentation for more information. + The default is computed from the strategy name, eg: + `sign_in_with_#{name}`. + +* `:identity_resource` - The resource used to store user identities. + Given that a user can be signed into multiple different + authentication providers at once we use the + `AshAuthentication.UserIdentity` resource to build a mapping + between users, providers and that provider's uid. + See the Identities section of the module documentation for more + information. + Set to `false` to disable. The default value is `false`. + +* `:identity_relationship_name` (`t:atom/0`) - Name of the relationship to the provider identities resource The default value is `:identities`. + +* `:identity_relationship_user_id_attribute` (`t:atom/0`) - The name of the destination (user_id) attribute on your provider + identity resource. + The only reason to change this would be if you changed the + `user_id_attribute_name` option of the provider identity. The default value is `:user_id`. + +* `:icon` (`t:atom/0`) - The name of an icon to use in any potential UI. + This is a *hint* for UI generators to use, and not in any way canonical. The default value is `:oauth2`. + + + + + + + + +## authentication.strategies.auth0 +```elixir +auth0 name \\ :auth0 +``` + + +Provides a pre-configured authentication strategy for [Auth0](https://auth0.com/). + +This strategy is built using the `:oauth2` strategy, and thus provides all the same +configuration options should you need them. + +For more information see the [Auth0 Quick Start Guide](/documentation/tutorials/auth0-quickstart.md) +in our documentation. + +###### Strategy defaults: + +The following defaults are applied: + +* `:authorize_url` is set to `"/authorize"`. +* `:token_url` is set to `"/oauth/token"`. +* `:user_url` is set to `"/userinfo"`. +* `:authorization_params` is set to `[scope: "openid profile email"]`. +* `:auth_method` is set to `:client_secret_post`. + + +###### Schema: + + + + + + +### Arguments + +| Name | Type | Default | Docs | +|------|------|---------|------| +| [`name`](#authentication-strategies-auth0-name){: #authentication-strategies-auth0-name .spark-required} | `atom` | | Uniquely identifies the strategy. | +### Options + +| Name | Type | Default | Docs | +|------|------|---------|------| +| [`client_id`](#authentication-strategies-auth0-client_id){: #authentication-strategies-auth0-client_id .spark-required} | `(any, any -> any) \| module \| String.t` | | The OAuth2 client ID. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir client_id fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_client_id) end ``` | +| [`authorize_url`](#authentication-strategies-auth0-authorize_url){: #authentication-strategies-auth0-authorize_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to the OAuth2 authorize endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end ``` | +| [`token_url`](#authentication-strategies-auth0-token_url){: #authentication-strategies-auth0-token_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the token endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end ``` | +| [`user_url`](#authentication-strategies-auth0-user_url){: #authentication-strategies-auth0-user_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the user endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end ``` | +| [`redirect_uri`](#authentication-strategies-auth0-redirect_uri){: #authentication-strategies-auth0-redirect_uri .spark-required} | `(any, any -> any) \| module \| String.t` | | The callback URI base. Not the whole URI back to the callback endpoint, but the URI to your `AuthPlug`. We can generate the rest. Whilst not particularly secret, it seemed prudent to allow this to be configured dynamically so that you can use different URIs for different environments. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. | +| [`base_url`](#authentication-strategies-auth0-base_url){: #authentication-strategies-auth0-base_url } | `(any, any -> any) \| module \| String.t` | | The base URL of the OAuth2 server - including the leading protocol (ie `https://`). Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir base_url fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_site) end ``` | +| [`site`](#authentication-strategies-auth0-site){: #authentication-strategies-auth0-site } | `(any, any -> any) \| module \| String.t` | | Deprecated: Use `base_url` instead. | +| [`auth_method`](#authentication-strategies-auth0-auth_method){: #authentication-strategies-auth0-auth_method } | `nil \| :client_secret_basic \| :client_secret_post \| :client_secret_jwt \| :private_key_jwt` | `:client_secret_post` | The authentication strategy used, optional. If not set, no authentication will be used during the access token request. The value may be one of the following: * `:client_secret_basic` * `:client_secret_post` * `:client_secret_jwt` * `:private_key_jwt` | +| [`client_secret`](#authentication-strategies-auth0-client_secret){: #authentication-strategies-auth0-client_secret } | `(any, any -> any) \| module \| String.t` | | The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir site fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_site) end ``` | +| [`private_key`](#authentication-strategies-auth0-private_key){: #authentication-strategies-auth0-private_key } | `(any, any -> any) \| module \| String.t` | | The private key to use if `:auth_method` is `:private_key_jwt` Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. | +| [`authorization_params`](#authentication-strategies-auth0-authorization_params){: #authentication-strategies-auth0-authorization_params } | `Keyword.t` | `[]` | Any additional parameters to encode in the request phase. eg: `authorization_params scope: "openid profile email"` | +| [`registration_enabled?`](#authentication-strategies-auth0-registration_enabled?){: #authentication-strategies-auth0-registration_enabled? } | `boolean` | `true` | Is registration enabled for this provider? If this option is enabled, then new users will be able to register for your site when authenticating and not already present. If not, then only existing users will be able to authenticate. | +| [`register_action_name`](#authentication-strategies-auth0-register_action_name){: #authentication-strategies-auth0-register_action_name } | `atom` | | The name of the action to use to register a user. Only needed if `registration_enabled?` is `true`. Because we we don't know the response format of the server, you must implement your own registration action of the same name. See the "Registration and Sign-in" section of the module documentation for more information. The default is computed from the strategy name eg: `register_with_#{name}`. | +| [`sign_in_action_name`](#authentication-strategies-auth0-sign_in_action_name){: #authentication-strategies-auth0-sign_in_action_name } | `atom` | | The name of the action to use to sign in an existing user. Only needed if `registration_enabled?` is `false`. Because we don't know the response format of the server, you must implement your own sign-in action of the same name. See the "Registration and Sign-in" section of the module documentation for more information. The default is computed from the strategy name, eg: `sign_in_with_#{name}`. | +| [`identity_resource`](#authentication-strategies-auth0-identity_resource){: #authentication-strategies-auth0-identity_resource } | `module \| false` | `false` | The resource used to store user identities. Given that a user can be signed into multiple different authentication providers at once we use the `AshAuthentication.UserIdentity` resource to build a mapping between users, providers and that provider's uid. See the Identities section of the module documentation for more information. Set to `false` to disable. | +| [`identity_relationship_name`](#authentication-strategies-auth0-identity_relationship_name){: #authentication-strategies-auth0-identity_relationship_name } | `atom` | `:identities` | Name of the relationship to the provider identities resource | +| [`identity_relationship_user_id_attribute`](#authentication-strategies-auth0-identity_relationship_user_id_attribute){: #authentication-strategies-auth0-identity_relationship_user_id_attribute } | `atom` | `:user_id` | The name of the destination (user_id) attribute on your provider identity resource. The only reason to change this would be if you changed the `user_id_attribute_name` option of the provider identity. | +| [`icon`](#authentication-strategies-auth0-icon){: #authentication-strategies-auth0-icon } | `atom` | `:oauth2` | The name of an icon to use in any potential UI. This is a *hint* for UI generators to use, and not in any way canonical. | + + + + + +### Introspection + +Target: `AshAuthentication.Strategy.OAuth2` + + + + diff --git a/documentation/dsls/DSL:-AshAuthentication.Strategy.Github.cheatmd b/documentation/dsls/DSL:-AshAuthentication.Strategy.Github.cheatmd deleted file mode 100644 index a9d28fc1..00000000 --- a/documentation/dsls/DSL:-AshAuthentication.Strategy.Github.cheatmd +++ /dev/null @@ -1,863 +0,0 @@ - -# DSL: AshAuthentication.Strategy.Github - -Strategy for authenticating using [GitHub](https://github.com) - -This strategy builds on-top of `AshAuthentication.Strategy.OAuth2` and -[`assent`](https://hex.pm/packages/assent). - -In order to use GitHub you need to provide the following minimum configuration: - - - `client_id` - - `redirect_uri` - - `client_secret` - -See the [GitHub quickstart guide](/documentation/tutorials/github-quickstart.html) -for more information. - -## DSL Documentation - -Provides a pre-configured authentication strategy for [GitHub](https://github.com/). - -This strategy is built using the `:oauth2` strategy, and thus provides all the same -configuration options should you need them. - -For more information see the [Github Quick Start Guide](/documentation/tutorials/github-quickstart.md) -in our documentation. - -#### Strategy defaults: - -The following defaults are applied: - - * `:base_url` is set to `"https://api.github.com"`. - * `:authorize_url` is set to `"https://github.com/login/oauth/authorize"`. - * `:token_url` is set to `"https://github.com/login/oauth/access_token"`. - * `:user_url` is set to `"/user"`. - * `:user_emails_url` is set to `"/user/emails"`. - * `:authorization_params` is set to `[scope: "read:user,user:email"]`. - * `:auth_method` is set to `:client_secret_post`. - - -#### Schema: - - - - - - -* `:name` (`t:atom/0`) - Required. Uniquely identifies the strategy. - -* `:client_id` - Required. The OAuth2 client ID. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - client_id fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_client_id) - end - ``` - -* `:base_url` - The base URL of the OAuth2 server - including the leading protocol - (ie `https://`). - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - base_url fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) - end - ``` - -* `:site` - Deprecated: Use `base_url` instead. - -* `:auth_method` - The authentication strategy used, optional. If not set, no - authentication will be used during the access token request. The - value may be one of the following: - * `:client_secret_basic` - * `:client_secret_post` - * `:client_secret_jwt` - * `:private_key_jwt` - Valid values are nil, :client_secret_basic, :client_secret_post, :client_secret_jwt, :private_key_jwt The default value is `:client_secret_post`. - -* `:client_secret` - The OAuth2 client secret. - Required if :auth_method is `:client_secret_basic`, - `:client_secret_post` or `:client_secret_jwt`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - site fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) - end - ``` - -* `:authorize_url` - Required. The API url to the OAuth2 authorize endpoint. - Relative to the value of `site`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end - ``` - -* `:token_url` - Required. The API url to access the token endpoint. - Relative to the value of `site`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end - ``` - -* `:user_url` - Required. The API url to access the user endpoint. - Relative to the value of `site`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end - ``` - -* `:private_key` - The private key to use if `:auth_method` is `:private_key_jwt` - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - -* `:redirect_uri` - Required. The callback URI base. - Not the whole URI back to the callback endpoint, but the URI to your - `AuthPlug`. We can generate the rest. - Whilst not particularly secret, it seemed prudent to allow this to be - configured dynamically so that you can use different URIs for - different environments. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - -* `:authorization_params` (`t:keyword/0`) - Any additional parameters to encode in the request phase. - eg: `authorization_params scope: "openid profile email"` The default value is `[]`. - -* `:registration_enabled?` (`t:boolean/0`) - Is registration enabled for this provider? - If this option is enabled, then new users will be able to register for - your site when authenticating and not already present. - If not, then only existing users will be able to authenticate. The default value is `true`. - -* `:register_action_name` (`t:atom/0`) - The name of the action to use to register a user. - Only needed if `registration_enabled?` is `true`. - Because we we don't know the response format of the server, you must - implement your own registration action of the same name. - See the "Registration and Sign-in" section of the module - documentation for more information. - The default is computed from the strategy name eg: - `register_with_#{name}`. - -* `:sign_in_action_name` (`t:atom/0`) - The name of the action to use to sign in an existing user. - Only needed if `registration_enabled?` is `false`. - Because we don't know the response format of the server, you must - implement your own sign-in action of the same name. - See the "Registration and Sign-in" section of the module - documentation for more information. - The default is computed from the strategy name, eg: - `sign_in_with_#{name}`. - -* `:identity_resource` - The resource used to store user identities. - Given that a user can be signed into multiple different - authentication providers at once we use the - `AshAuthentication.UserIdentity` resource to build a mapping - between users, providers and that provider's uid. - See the Identities section of the module documentation for more - information. - Set to `false` to disable. The default value is `false`. - -* `:identity_relationship_name` (`t:atom/0`) - Name of the relationship to the provider identities resource The default value is `:identities`. - -* `:identity_relationship_user_id_attribute` (`t:atom/0`) - The name of the destination (user_id) attribute on your provider - identity resource. - The only reason to change this would be if you changed the - `user_id_attribute_name` option of the provider identity. The default value is `:user_id`. - -* `:icon` (`t:atom/0`) - The name of an icon to use in any potential UI. - This is a *hint* for UI generators to use, and not in any way canonical. The default value is `:oauth2`. - - - - - - - - -## authentication.strategies.github -```elixir -github name \ :github -``` - - -Provides a pre-configured authentication strategy for [GitHub](https://github.com/). - -This strategy is built using the `:oauth2` strategy, and thus provides all the same -configuration options should you need them. - -For more information see the [Github Quick Start Guide](/documentation/tutorials/github-quickstart.md) -in our documentation. - -###### Strategy defaults: - -The following defaults are applied: - -* `:base_url` is set to `"https://api.github.com"`. -* `:authorize_url` is set to `"https://github.com/login/oauth/authorize"`. -* `:token_url` is set to `"https://github.com/login/oauth/access_token"`. -* `:user_url` is set to `"/user"`. -* `:user_emails_url` is set to `"/user/emails"`. -* `:authorization_params` is set to `[scope: "read:user,user:email"]`. -* `:auth_method` is set to `:client_secret_post`. - - -###### Schema: - - - - - - -### Arguments - - - - - - - - - - - - - - - - - - - -
NameTypeDefaultDocs
- - - name - - - * - - - atom - - - - Uniquely identifies the strategy. - -
-### Options - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDefaultDocs
- - - client_id - - - * - - - (any, any -> any) | module | String.t - - - - The OAuth2 client ID. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -client_id fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_client_id) -end -``` - -
- - - authorize_url - - - * - - - (any, any -> any) | module | String.t - - - - The API url to the OAuth2 authorize endpoint. - -Relative to the value of `site`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end -``` - -
- - - token_url - - - * - - - (any, any -> any) | module | String.t - - - - The API url to access the token endpoint. - -Relative to the value of `site`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end -``` - -
- - - user_url - - - * - - - (any, any -> any) | module | String.t - - - - The API url to access the user endpoint. - -Relative to the value of `site`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end -``` - -
- - - redirect_uri - - - * - - - (any, any -> any) | module | String.t - - - - The callback URI base. - -Not the whole URI back to the callback endpoint, but the URI to your -`AuthPlug`. We can generate the rest. - -Whilst not particularly secret, it seemed prudent to allow this to be -configured dynamically so that you can use different URIs for -different environments. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -
- - - base_url - - - - - (any, any -> any) | module | String.t - - - - The base URL of the OAuth2 server - including the leading protocol -(ie `https://`). - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -base_url fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) -end -``` - -
- - - site - - - - - (any, any -> any) | module | String.t - - - - Deprecated: Use `base_url` instead. -
- - - auth_method - - - - - nil | :client_secret_basic | :client_secret_post | :client_secret_jwt | :private_key_jwt - - :client_secret_post - - The authentication strategy used, optional. If not set, no -authentication will be used during the access token request. The -value may be one of the following: - -* `:client_secret_basic` -* `:client_secret_post` -* `:client_secret_jwt` -* `:private_key_jwt` - -
- - - client_secret - - - - - (any, any -> any) | module | String.t - - - - The OAuth2 client secret. - -Required if :auth_method is `:client_secret_basic`, -`:client_secret_post` or `:client_secret_jwt`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -site fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) -end -``` - -
- - - private_key - - - - - (any, any -> any) | module | String.t - - - - The private key to use if `:auth_method` is `:private_key_jwt` - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -
- - - authorization_params - - - - - Keyword.t - - [] - - Any additional parameters to encode in the request phase. - -eg: `authorization_params scope: "openid profile email"` - -
- - - registration_enabled? - - - - - boolean - - true - - Is registration enabled for this provider? - -If this option is enabled, then new users will be able to register for -your site when authenticating and not already present. - -If not, then only existing users will be able to authenticate. - -
- - - register_action_name - - - - - atom - - - - The name of the action to use to register a user. - -Only needed if `registration_enabled?` is `true`. - -Because we we don't know the response format of the server, you must -implement your own registration action of the same name. - -See the "Registration and Sign-in" section of the module -documentation for more information. - -The default is computed from the strategy name eg: -`register_with_#{name}`. - -
- - - sign_in_action_name - - - - - atom - - - - The name of the action to use to sign in an existing user. - -Only needed if `registration_enabled?` is `false`. - -Because we don't know the response format of the server, you must -implement your own sign-in action of the same name. - -See the "Registration and Sign-in" section of the module -documentation for more information. - -The default is computed from the strategy name, eg: -`sign_in_with_#{name}`. - -
- - - identity_resource - - - - - module | false - - false - - The resource used to store user identities. - -Given that a user can be signed into multiple different -authentication providers at once we use the -`AshAuthentication.UserIdentity` resource to build a mapping -between users, providers and that provider's uid. - -See the Identities section of the module documentation for more -information. - -Set to `false` to disable. - -
- - - identity_relationship_name - - - - - atom - - :identities - - Name of the relationship to the provider identities resource -
- - - identity_relationship_user_id_attribute - - - - - atom - - :user_id - - The name of the destination (user_id) attribute on your provider -identity resource. - -The only reason to change this would be if you changed the -`user_id_attribute_name` option of the provider identity. - -
- - - icon - - - - - atom - - :oauth2 - - The name of an icon to use in any potential UI. - -This is a *hint* for UI generators to use, and not in any way canonical. - -
- - - - - -### Introspection - -Target: `AshAuthentication.Strategy.OAuth2` - - diff --git a/documentation/dsls/DSL:-AshAuthentication.Strategy.Github.md b/documentation/dsls/DSL:-AshAuthentication.Strategy.Github.md new file mode 100644 index 00000000..ffced151 --- /dev/null +++ b/documentation/dsls/DSL:-AshAuthentication.Strategy.Github.md @@ -0,0 +1,288 @@ + +# DSL: AshAuthentication.Strategy.Github + +Strategy for authenticating using [GitHub](https://github.com) + +This strategy builds on-top of `AshAuthentication.Strategy.OAuth2` and +[`assent`](https://hex.pm/packages/assent). + +In order to use GitHub you need to provide the following minimum configuration: + + - `client_id` + - `redirect_uri` + - `client_secret` + +See the [GitHub quickstart guide](/documentation/tutorials/github-quickstart.html) +for more information. + +## DSL Documentation + +Provides a pre-configured authentication strategy for [GitHub](https://github.com/). + +This strategy is built using the `:oauth2` strategy, and thus provides all the same +configuration options should you need them. + +For more information see the [Github Quick Start Guide](/documentation/tutorials/github-quickstart.md) +in our documentation. + +#### Strategy defaults: + +The following defaults are applied: + + * `:base_url` is set to `"https://api.github.com"`. + * `:authorize_url` is set to `"https://github.com/login/oauth/authorize"`. + * `:token_url` is set to `"https://github.com/login/oauth/access_token"`. + * `:user_url` is set to `"/user"`. + * `:user_emails_url` is set to `"/user/emails"`. + * `:authorization_params` is set to `[scope: "read:user,user:email"]`. + * `:auth_method` is set to `:client_secret_post`. + + +#### Schema: + + + + + + +* `:name` (`t:atom/0`) - Required. Uniquely identifies the strategy. + +* `:client_id` - Required. The OAuth2 client ID. + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + + Example: + ```elixir + client_id fn _, resource -> + :my_app + |> Application.get_env(resource, []) + |> Keyword.fetch(:oauth_client_id) + end + ``` + +* `:base_url` - The base URL of the OAuth2 server - including the leading protocol + (ie `https://`). + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + + Example: + ```elixir + base_url fn _, resource -> + :my_app + |> Application.get_env(resource, []) + |> Keyword.fetch(:oauth_site) + end + ``` + +* `:site` - Deprecated: Use `base_url` instead. + +* `:auth_method` - The authentication strategy used, optional. If not set, no + authentication will be used during the access token request. The + value may be one of the following: + * `:client_secret_basic` + * `:client_secret_post` + * `:client_secret_jwt` + * `:private_key_jwt` + Valid values are nil, :client_secret_basic, :client_secret_post, :client_secret_jwt, :private_key_jwt The default value is `:client_secret_post`. + +* `:client_secret` - The OAuth2 client secret. + Required if :auth_method is `:client_secret_basic`, + `:client_secret_post` or `:client_secret_jwt`. + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + + Example: + ```elixir + site fn _, resource -> + :my_app + |> Application.get_env(resource, []) + |> Keyword.fetch(:oauth_site) + end + ``` + +* `:authorize_url` - Required. The API url to the OAuth2 authorize endpoint. + Relative to the value of `site`. + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + + Example: + ```elixir + authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end + ``` + +* `:token_url` - Required. The API url to access the token endpoint. + Relative to the value of `site`. + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + + Example: + ```elixir + token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end + ``` + +* `:user_url` - Required. The API url to access the user endpoint. + Relative to the value of `site`. + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + + Example: + ```elixir + user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end + ``` + +* `:private_key` - The private key to use if `:auth_method` is `:private_key_jwt` + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + +* `:redirect_uri` - Required. The callback URI base. + Not the whole URI back to the callback endpoint, but the URI to your + `AuthPlug`. We can generate the rest. + Whilst not particularly secret, it seemed prudent to allow this to be + configured dynamically so that you can use different URIs for + different environments. + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + +* `:authorization_params` (`t:keyword/0`) - Any additional parameters to encode in the request phase. + eg: `authorization_params scope: "openid profile email"` The default value is `[]`. + +* `:registration_enabled?` (`t:boolean/0`) - Is registration enabled for this provider? + If this option is enabled, then new users will be able to register for + your site when authenticating and not already present. + If not, then only existing users will be able to authenticate. The default value is `true`. + +* `:register_action_name` (`t:atom/0`) - The name of the action to use to register a user. + Only needed if `registration_enabled?` is `true`. + Because we we don't know the response format of the server, you must + implement your own registration action of the same name. + See the "Registration and Sign-in" section of the module + documentation for more information. + The default is computed from the strategy name eg: + `register_with_#{name}`. + +* `:sign_in_action_name` (`t:atom/0`) - The name of the action to use to sign in an existing user. + Only needed if `registration_enabled?` is `false`. + Because we don't know the response format of the server, you must + implement your own sign-in action of the same name. + See the "Registration and Sign-in" section of the module + documentation for more information. + The default is computed from the strategy name, eg: + `sign_in_with_#{name}`. + +* `:identity_resource` - The resource used to store user identities. + Given that a user can be signed into multiple different + authentication providers at once we use the + `AshAuthentication.UserIdentity` resource to build a mapping + between users, providers and that provider's uid. + See the Identities section of the module documentation for more + information. + Set to `false` to disable. The default value is `false`. + +* `:identity_relationship_name` (`t:atom/0`) - Name of the relationship to the provider identities resource The default value is `:identities`. + +* `:identity_relationship_user_id_attribute` (`t:atom/0`) - The name of the destination (user_id) attribute on your provider + identity resource. + The only reason to change this would be if you changed the + `user_id_attribute_name` option of the provider identity. The default value is `:user_id`. + +* `:icon` (`t:atom/0`) - The name of an icon to use in any potential UI. + This is a *hint* for UI generators to use, and not in any way canonical. The default value is `:oauth2`. + + + + + + + + +## authentication.strategies.github +```elixir +github name \\ :github +``` + + +Provides a pre-configured authentication strategy for [GitHub](https://github.com/). + +This strategy is built using the `:oauth2` strategy, and thus provides all the same +configuration options should you need them. + +For more information see the [Github Quick Start Guide](/documentation/tutorials/github-quickstart.md) +in our documentation. + +###### Strategy defaults: + +The following defaults are applied: + +* `:base_url` is set to `"https://api.github.com"`. +* `:authorize_url` is set to `"https://github.com/login/oauth/authorize"`. +* `:token_url` is set to `"https://github.com/login/oauth/access_token"`. +* `:user_url` is set to `"/user"`. +* `:user_emails_url` is set to `"/user/emails"`. +* `:authorization_params` is set to `[scope: "read:user,user:email"]`. +* `:auth_method` is set to `:client_secret_post`. + + +###### Schema: + + + + + + +### Arguments + +| Name | Type | Default | Docs | +|------|------|---------|------| +| [`name`](#authentication-strategies-github-name){: #authentication-strategies-github-name .spark-required} | `atom` | | Uniquely identifies the strategy. | +### Options + +| Name | Type | Default | Docs | +|------|------|---------|------| +| [`client_id`](#authentication-strategies-github-client_id){: #authentication-strategies-github-client_id .spark-required} | `(any, any -> any) \| module \| String.t` | | The OAuth2 client ID. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir client_id fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_client_id) end ``` | +| [`authorize_url`](#authentication-strategies-github-authorize_url){: #authentication-strategies-github-authorize_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to the OAuth2 authorize endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end ``` | +| [`token_url`](#authentication-strategies-github-token_url){: #authentication-strategies-github-token_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the token endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end ``` | +| [`user_url`](#authentication-strategies-github-user_url){: #authentication-strategies-github-user_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the user endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end ``` | +| [`redirect_uri`](#authentication-strategies-github-redirect_uri){: #authentication-strategies-github-redirect_uri .spark-required} | `(any, any -> any) \| module \| String.t` | | The callback URI base. Not the whole URI back to the callback endpoint, but the URI to your `AuthPlug`. We can generate the rest. Whilst not particularly secret, it seemed prudent to allow this to be configured dynamically so that you can use different URIs for different environments. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. | +| [`base_url`](#authentication-strategies-github-base_url){: #authentication-strategies-github-base_url } | `(any, any -> any) \| module \| String.t` | | The base URL of the OAuth2 server - including the leading protocol (ie `https://`). Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir base_url fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_site) end ``` | +| [`site`](#authentication-strategies-github-site){: #authentication-strategies-github-site } | `(any, any -> any) \| module \| String.t` | | Deprecated: Use `base_url` instead. | +| [`auth_method`](#authentication-strategies-github-auth_method){: #authentication-strategies-github-auth_method } | `nil \| :client_secret_basic \| :client_secret_post \| :client_secret_jwt \| :private_key_jwt` | `:client_secret_post` | The authentication strategy used, optional. If not set, no authentication will be used during the access token request. The value may be one of the following: * `:client_secret_basic` * `:client_secret_post` * `:client_secret_jwt` * `:private_key_jwt` | +| [`client_secret`](#authentication-strategies-github-client_secret){: #authentication-strategies-github-client_secret } | `(any, any -> any) \| module \| String.t` | | The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir site fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_site) end ``` | +| [`private_key`](#authentication-strategies-github-private_key){: #authentication-strategies-github-private_key } | `(any, any -> any) \| module \| String.t` | | The private key to use if `:auth_method` is `:private_key_jwt` Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. | +| [`authorization_params`](#authentication-strategies-github-authorization_params){: #authentication-strategies-github-authorization_params } | `Keyword.t` | `[]` | Any additional parameters to encode in the request phase. eg: `authorization_params scope: "openid profile email"` | +| [`registration_enabled?`](#authentication-strategies-github-registration_enabled?){: #authentication-strategies-github-registration_enabled? } | `boolean` | `true` | Is registration enabled for this provider? If this option is enabled, then new users will be able to register for your site when authenticating and not already present. If not, then only existing users will be able to authenticate. | +| [`register_action_name`](#authentication-strategies-github-register_action_name){: #authentication-strategies-github-register_action_name } | `atom` | | The name of the action to use to register a user. Only needed if `registration_enabled?` is `true`. Because we we don't know the response format of the server, you must implement your own registration action of the same name. See the "Registration and Sign-in" section of the module documentation for more information. The default is computed from the strategy name eg: `register_with_#{name}`. | +| [`sign_in_action_name`](#authentication-strategies-github-sign_in_action_name){: #authentication-strategies-github-sign_in_action_name } | `atom` | | The name of the action to use to sign in an existing user. Only needed if `registration_enabled?` is `false`. Because we don't know the response format of the server, you must implement your own sign-in action of the same name. See the "Registration and Sign-in" section of the module documentation for more information. The default is computed from the strategy name, eg: `sign_in_with_#{name}`. | +| [`identity_resource`](#authentication-strategies-github-identity_resource){: #authentication-strategies-github-identity_resource } | `module \| false` | `false` | The resource used to store user identities. Given that a user can be signed into multiple different authentication providers at once we use the `AshAuthentication.UserIdentity` resource to build a mapping between users, providers and that provider's uid. See the Identities section of the module documentation for more information. Set to `false` to disable. | +| [`identity_relationship_name`](#authentication-strategies-github-identity_relationship_name){: #authentication-strategies-github-identity_relationship_name } | `atom` | `:identities` | Name of the relationship to the provider identities resource | +| [`identity_relationship_user_id_attribute`](#authentication-strategies-github-identity_relationship_user_id_attribute){: #authentication-strategies-github-identity_relationship_user_id_attribute } | `atom` | `:user_id` | The name of the destination (user_id) attribute on your provider identity resource. The only reason to change this would be if you changed the `user_id_attribute_name` option of the provider identity. | +| [`icon`](#authentication-strategies-github-icon){: #authentication-strategies-github-icon } | `atom` | `:oauth2` | The name of an icon to use in any potential UI. This is a *hint* for UI generators to use, and not in any way canonical. | + + + + + +### Introspection + +Target: `AshAuthentication.Strategy.OAuth2` + + + + diff --git a/documentation/dsls/DSL:-AshAuthentication.Strategy.Google.cheatmd b/documentation/dsls/DSL:-AshAuthentication.Strategy.Google.cheatmd deleted file mode 100644 index 9bab1894..00000000 --- a/documentation/dsls/DSL:-AshAuthentication.Strategy.Google.cheatmd +++ /dev/null @@ -1,862 +0,0 @@ - -# DSL: AshAuthentication.Strategy.Google - -Strategy for authenticating using [Google](https://google.com) - -This strategy builds on-top of `AshAuthentication.Strategy.OAuth2` and -[`assent`](https://hex.pm/packages/assent). - -In order to use Google you need to provide the following minimum configuration: - - - `client_id` - - `redirect_uri` - - `client_secret` - - `site` - -See the [Google OAuth 2.0 Overview](https://developers.google.com/identity/protocols/oauth2) -for Google setup details. - -## DSL Documentation - -Provides a pre-configured authentication strategy for [Google](https://google.com/). - -This strategy is built using the `:oauth2` strategy, and thus provides all the same -configuration options should you need them. - -See the [Google OAuth 2.0 Overview](https://developers.google.com/identity/protocols/oauth2) -for Google setup details. - -#### Strategy defaults: - -The following defaults are applied: - - * `:base_url` is set to `"https://www.googleapis.com"`. - * `:authorize_url` is set to `"https://accounts.google.com/o/oauth2/v2/auth"`. - * `:token_url` is set to `"/oauth2/v4/token"`. - * `:user_url` is set to `"/oauth2/v3/userinfo"`. - * `:authorization_params` is set to `[scope: "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"]`. - * `:auth_method` is set to `:client_secret_post`. - - -#### Schema: - - - - - - -* `:name` (`t:atom/0`) - Required. Uniquely identifies the strategy. - -* `:client_id` - Required. The OAuth2 client ID. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - client_id fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_client_id) - end - ``` - -* `:base_url` - The base URL of the OAuth2 server - including the leading protocol - (ie `https://`). - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - base_url fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) - end - ``` - -* `:site` - Deprecated: Use `base_url` instead. - -* `:auth_method` - The authentication strategy used, optional. If not set, no - authentication will be used during the access token request. The - value may be one of the following: - * `:client_secret_basic` - * `:client_secret_post` - * `:client_secret_jwt` - * `:private_key_jwt` - Valid values are nil, :client_secret_basic, :client_secret_post, :client_secret_jwt, :private_key_jwt The default value is `:client_secret_post`. - -* `:client_secret` - The OAuth2 client secret. - Required if :auth_method is `:client_secret_basic`, - `:client_secret_post` or `:client_secret_jwt`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - site fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) - end - ``` - -* `:authorize_url` - Required. The API url to the OAuth2 authorize endpoint. - Relative to the value of `site`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end - ``` - -* `:token_url` - Required. The API url to access the token endpoint. - Relative to the value of `site`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end - ``` - -* `:user_url` - Required. The API url to access the user endpoint. - Relative to the value of `site`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end - ``` - -* `:private_key` - The private key to use if `:auth_method` is `:private_key_jwt` - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - -* `:redirect_uri` - Required. The callback URI base. - Not the whole URI back to the callback endpoint, but the URI to your - `AuthPlug`. We can generate the rest. - Whilst not particularly secret, it seemed prudent to allow this to be - configured dynamically so that you can use different URIs for - different environments. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - -* `:authorization_params` (`t:keyword/0`) - Any additional parameters to encode in the request phase. - eg: `authorization_params scope: "openid profile email"` The default value is `[]`. - -* `:registration_enabled?` (`t:boolean/0`) - Is registration enabled for this provider? - If this option is enabled, then new users will be able to register for - your site when authenticating and not already present. - If not, then only existing users will be able to authenticate. The default value is `true`. - -* `:register_action_name` (`t:atom/0`) - The name of the action to use to register a user. - Only needed if `registration_enabled?` is `true`. - Because we we don't know the response format of the server, you must - implement your own registration action of the same name. - See the "Registration and Sign-in" section of the module - documentation for more information. - The default is computed from the strategy name eg: - `register_with_#{name}`. - -* `:sign_in_action_name` (`t:atom/0`) - The name of the action to use to sign in an existing user. - Only needed if `registration_enabled?` is `false`. - Because we don't know the response format of the server, you must - implement your own sign-in action of the same name. - See the "Registration and Sign-in" section of the module - documentation for more information. - The default is computed from the strategy name, eg: - `sign_in_with_#{name}`. - -* `:identity_resource` - The resource used to store user identities. - Given that a user can be signed into multiple different - authentication providers at once we use the - `AshAuthentication.UserIdentity` resource to build a mapping - between users, providers and that provider's uid. - See the Identities section of the module documentation for more - information. - Set to `false` to disable. The default value is `false`. - -* `:identity_relationship_name` (`t:atom/0`) - Name of the relationship to the provider identities resource The default value is `:identities`. - -* `:identity_relationship_user_id_attribute` (`t:atom/0`) - The name of the destination (user_id) attribute on your provider - identity resource. - The only reason to change this would be if you changed the - `user_id_attribute_name` option of the provider identity. The default value is `:user_id`. - -* `:icon` (`t:atom/0`) - The name of an icon to use in any potential UI. - This is a *hint* for UI generators to use, and not in any way canonical. The default value is `:oauth2`. - - - - - - - - -## authentication.strategies.google -```elixir -google name \ :google -``` - - -Provides a pre-configured authentication strategy for [Google](https://google.com/). - -This strategy is built using the `:oauth2` strategy, and thus provides all the same -configuration options should you need them. - -See the [Google OAuth 2.0 Overview](https://developers.google.com/identity/protocols/oauth2) -for Google setup details. - -###### Strategy defaults: - -The following defaults are applied: - -* `:base_url` is set to `"https://www.googleapis.com"`. -* `:authorize_url` is set to `"https://accounts.google.com/o/oauth2/v2/auth"`. -* `:token_url` is set to `"/oauth2/v4/token"`. -* `:user_url` is set to `"/oauth2/v3/userinfo"`. -* `:authorization_params` is set to `[scope: "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"]`. -* `:auth_method` is set to `:client_secret_post`. - - -###### Schema: - - - - - - -### Arguments - - - - - - - - - - - - - - - - - - - -
NameTypeDefaultDocs
- - - name - - - * - - - atom - - - - Uniquely identifies the strategy. - -
-### Options - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDefaultDocs
- - - client_id - - - * - - - (any, any -> any) | module | String.t - - - - The OAuth2 client ID. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -client_id fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_client_id) -end -``` - -
- - - authorize_url - - - * - - - (any, any -> any) | module | String.t - - - - The API url to the OAuth2 authorize endpoint. - -Relative to the value of `site`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end -``` - -
- - - token_url - - - * - - - (any, any -> any) | module | String.t - - - - The API url to access the token endpoint. - -Relative to the value of `site`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end -``` - -
- - - user_url - - - * - - - (any, any -> any) | module | String.t - - - - The API url to access the user endpoint. - -Relative to the value of `site`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end -``` - -
- - - redirect_uri - - - * - - - (any, any -> any) | module | String.t - - - - The callback URI base. - -Not the whole URI back to the callback endpoint, but the URI to your -`AuthPlug`. We can generate the rest. - -Whilst not particularly secret, it seemed prudent to allow this to be -configured dynamically so that you can use different URIs for -different environments. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -
- - - base_url - - - - - (any, any -> any) | module | String.t - - - - The base URL of the OAuth2 server - including the leading protocol -(ie `https://`). - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -base_url fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) -end -``` - -
- - - site - - - - - (any, any -> any) | module | String.t - - - - Deprecated: Use `base_url` instead. -
- - - auth_method - - - - - nil | :client_secret_basic | :client_secret_post | :client_secret_jwt | :private_key_jwt - - :client_secret_post - - The authentication strategy used, optional. If not set, no -authentication will be used during the access token request. The -value may be one of the following: - -* `:client_secret_basic` -* `:client_secret_post` -* `:client_secret_jwt` -* `:private_key_jwt` - -
- - - client_secret - - - - - (any, any -> any) | module | String.t - - - - The OAuth2 client secret. - -Required if :auth_method is `:client_secret_basic`, -`:client_secret_post` or `:client_secret_jwt`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -site fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) -end -``` - -
- - - private_key - - - - - (any, any -> any) | module | String.t - - - - The private key to use if `:auth_method` is `:private_key_jwt` - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -
- - - authorization_params - - - - - Keyword.t - - [] - - Any additional parameters to encode in the request phase. - -eg: `authorization_params scope: "openid profile email"` - -
- - - registration_enabled? - - - - - boolean - - true - - Is registration enabled for this provider? - -If this option is enabled, then new users will be able to register for -your site when authenticating and not already present. - -If not, then only existing users will be able to authenticate. - -
- - - register_action_name - - - - - atom - - - - The name of the action to use to register a user. - -Only needed if `registration_enabled?` is `true`. - -Because we we don't know the response format of the server, you must -implement your own registration action of the same name. - -See the "Registration and Sign-in" section of the module -documentation for more information. - -The default is computed from the strategy name eg: -`register_with_#{name}`. - -
- - - sign_in_action_name - - - - - atom - - - - The name of the action to use to sign in an existing user. - -Only needed if `registration_enabled?` is `false`. - -Because we don't know the response format of the server, you must -implement your own sign-in action of the same name. - -See the "Registration and Sign-in" section of the module -documentation for more information. - -The default is computed from the strategy name, eg: -`sign_in_with_#{name}`. - -
- - - identity_resource - - - - - module | false - - false - - The resource used to store user identities. - -Given that a user can be signed into multiple different -authentication providers at once we use the -`AshAuthentication.UserIdentity` resource to build a mapping -between users, providers and that provider's uid. - -See the Identities section of the module documentation for more -information. - -Set to `false` to disable. - -
- - - identity_relationship_name - - - - - atom - - :identities - - Name of the relationship to the provider identities resource -
- - - identity_relationship_user_id_attribute - - - - - atom - - :user_id - - The name of the destination (user_id) attribute on your provider -identity resource. - -The only reason to change this would be if you changed the -`user_id_attribute_name` option of the provider identity. - -
- - - icon - - - - - atom - - :oauth2 - - The name of an icon to use in any potential UI. - -This is a *hint* for UI generators to use, and not in any way canonical. - -
- - - - - -### Introspection - -Target: `AshAuthentication.Strategy.OAuth2` - - diff --git a/documentation/dsls/DSL:-AshAuthentication.Strategy.Google.md b/documentation/dsls/DSL:-AshAuthentication.Strategy.Google.md new file mode 100644 index 00000000..bd88cc56 --- /dev/null +++ b/documentation/dsls/DSL:-AshAuthentication.Strategy.Google.md @@ -0,0 +1,287 @@ + +# DSL: AshAuthentication.Strategy.Google + +Strategy for authenticating using [Google](https://google.com) + +This strategy builds on-top of `AshAuthentication.Strategy.OAuth2` and +[`assent`](https://hex.pm/packages/assent). + +In order to use Google you need to provide the following minimum configuration: + + - `client_id` + - `redirect_uri` + - `client_secret` + - `site` + +See the [Google OAuth 2.0 Overview](https://developers.google.com/identity/protocols/oauth2) +for Google setup details. + +## DSL Documentation + +Provides a pre-configured authentication strategy for [Google](https://google.com/). + +This strategy is built using the `:oauth2` strategy, and thus provides all the same +configuration options should you need them. + +See the [Google OAuth 2.0 Overview](https://developers.google.com/identity/protocols/oauth2) +for Google setup details. + +#### Strategy defaults: + +The following defaults are applied: + + * `:base_url` is set to `"https://www.googleapis.com"`. + * `:authorize_url` is set to `"https://accounts.google.com/o/oauth2/v2/auth"`. + * `:token_url` is set to `"/oauth2/v4/token"`. + * `:user_url` is set to `"/oauth2/v3/userinfo"`. + * `:authorization_params` is set to `[scope: "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"]`. + * `:auth_method` is set to `:client_secret_post`. + + +#### Schema: + + + + + + +* `:name` (`t:atom/0`) - Required. Uniquely identifies the strategy. + +* `:client_id` - Required. The OAuth2 client ID. + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + + Example: + ```elixir + client_id fn _, resource -> + :my_app + |> Application.get_env(resource, []) + |> Keyword.fetch(:oauth_client_id) + end + ``` + +* `:base_url` - The base URL of the OAuth2 server - including the leading protocol + (ie `https://`). + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + + Example: + ```elixir + base_url fn _, resource -> + :my_app + |> Application.get_env(resource, []) + |> Keyword.fetch(:oauth_site) + end + ``` + +* `:site` - Deprecated: Use `base_url` instead. + +* `:auth_method` - The authentication strategy used, optional. If not set, no + authentication will be used during the access token request. The + value may be one of the following: + * `:client_secret_basic` + * `:client_secret_post` + * `:client_secret_jwt` + * `:private_key_jwt` + Valid values are nil, :client_secret_basic, :client_secret_post, :client_secret_jwt, :private_key_jwt The default value is `:client_secret_post`. + +* `:client_secret` - The OAuth2 client secret. + Required if :auth_method is `:client_secret_basic`, + `:client_secret_post` or `:client_secret_jwt`. + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + + Example: + ```elixir + site fn _, resource -> + :my_app + |> Application.get_env(resource, []) + |> Keyword.fetch(:oauth_site) + end + ``` + +* `:authorize_url` - Required. The API url to the OAuth2 authorize endpoint. + Relative to the value of `site`. + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + + Example: + ```elixir + authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end + ``` + +* `:token_url` - Required. The API url to access the token endpoint. + Relative to the value of `site`. + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + + Example: + ```elixir + token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end + ``` + +* `:user_url` - Required. The API url to access the user endpoint. + Relative to the value of `site`. + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + + Example: + ```elixir + user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end + ``` + +* `:private_key` - The private key to use if `:auth_method` is `:private_key_jwt` + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + +* `:redirect_uri` - Required. The callback URI base. + Not the whole URI back to the callback endpoint, but the URI to your + `AuthPlug`. We can generate the rest. + Whilst not particularly secret, it seemed prudent to allow this to be + configured dynamically so that you can use different URIs for + different environments. + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + +* `:authorization_params` (`t:keyword/0`) - Any additional parameters to encode in the request phase. + eg: `authorization_params scope: "openid profile email"` The default value is `[]`. + +* `:registration_enabled?` (`t:boolean/0`) - Is registration enabled for this provider? + If this option is enabled, then new users will be able to register for + your site when authenticating and not already present. + If not, then only existing users will be able to authenticate. The default value is `true`. + +* `:register_action_name` (`t:atom/0`) - The name of the action to use to register a user. + Only needed if `registration_enabled?` is `true`. + Because we we don't know the response format of the server, you must + implement your own registration action of the same name. + See the "Registration and Sign-in" section of the module + documentation for more information. + The default is computed from the strategy name eg: + `register_with_#{name}`. + +* `:sign_in_action_name` (`t:atom/0`) - The name of the action to use to sign in an existing user. + Only needed if `registration_enabled?` is `false`. + Because we don't know the response format of the server, you must + implement your own sign-in action of the same name. + See the "Registration and Sign-in" section of the module + documentation for more information. + The default is computed from the strategy name, eg: + `sign_in_with_#{name}`. + +* `:identity_resource` - The resource used to store user identities. + Given that a user can be signed into multiple different + authentication providers at once we use the + `AshAuthentication.UserIdentity` resource to build a mapping + between users, providers and that provider's uid. + See the Identities section of the module documentation for more + information. + Set to `false` to disable. The default value is `false`. + +* `:identity_relationship_name` (`t:atom/0`) - Name of the relationship to the provider identities resource The default value is `:identities`. + +* `:identity_relationship_user_id_attribute` (`t:atom/0`) - The name of the destination (user_id) attribute on your provider + identity resource. + The only reason to change this would be if you changed the + `user_id_attribute_name` option of the provider identity. The default value is `:user_id`. + +* `:icon` (`t:atom/0`) - The name of an icon to use in any potential UI. + This is a *hint* for UI generators to use, and not in any way canonical. The default value is `:oauth2`. + + + + + + + + +## authentication.strategies.google +```elixir +google name \\ :google +``` + + +Provides a pre-configured authentication strategy for [Google](https://google.com/). + +This strategy is built using the `:oauth2` strategy, and thus provides all the same +configuration options should you need them. + +See the [Google OAuth 2.0 Overview](https://developers.google.com/identity/protocols/oauth2) +for Google setup details. + +###### Strategy defaults: + +The following defaults are applied: + +* `:base_url` is set to `"https://www.googleapis.com"`. +* `:authorize_url` is set to `"https://accounts.google.com/o/oauth2/v2/auth"`. +* `:token_url` is set to `"/oauth2/v4/token"`. +* `:user_url` is set to `"/oauth2/v3/userinfo"`. +* `:authorization_params` is set to `[scope: "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"]`. +* `:auth_method` is set to `:client_secret_post`. + + +###### Schema: + + + + + + +### Arguments + +| Name | Type | Default | Docs | +|------|------|---------|------| +| [`name`](#authentication-strategies-google-name){: #authentication-strategies-google-name .spark-required} | `atom` | | Uniquely identifies the strategy. | +### Options + +| Name | Type | Default | Docs | +|------|------|---------|------| +| [`client_id`](#authentication-strategies-google-client_id){: #authentication-strategies-google-client_id .spark-required} | `(any, any -> any) \| module \| String.t` | | The OAuth2 client ID. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir client_id fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_client_id) end ``` | +| [`authorize_url`](#authentication-strategies-google-authorize_url){: #authentication-strategies-google-authorize_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to the OAuth2 authorize endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end ``` | +| [`token_url`](#authentication-strategies-google-token_url){: #authentication-strategies-google-token_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the token endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end ``` | +| [`user_url`](#authentication-strategies-google-user_url){: #authentication-strategies-google-user_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the user endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end ``` | +| [`redirect_uri`](#authentication-strategies-google-redirect_uri){: #authentication-strategies-google-redirect_uri .spark-required} | `(any, any -> any) \| module \| String.t` | | The callback URI base. Not the whole URI back to the callback endpoint, but the URI to your `AuthPlug`. We can generate the rest. Whilst not particularly secret, it seemed prudent to allow this to be configured dynamically so that you can use different URIs for different environments. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. | +| [`base_url`](#authentication-strategies-google-base_url){: #authentication-strategies-google-base_url } | `(any, any -> any) \| module \| String.t` | | The base URL of the OAuth2 server - including the leading protocol (ie `https://`). Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir base_url fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_site) end ``` | +| [`site`](#authentication-strategies-google-site){: #authentication-strategies-google-site } | `(any, any -> any) \| module \| String.t` | | Deprecated: Use `base_url` instead. | +| [`auth_method`](#authentication-strategies-google-auth_method){: #authentication-strategies-google-auth_method } | `nil \| :client_secret_basic \| :client_secret_post \| :client_secret_jwt \| :private_key_jwt` | `:client_secret_post` | The authentication strategy used, optional. If not set, no authentication will be used during the access token request. The value may be one of the following: * `:client_secret_basic` * `:client_secret_post` * `:client_secret_jwt` * `:private_key_jwt` | +| [`client_secret`](#authentication-strategies-google-client_secret){: #authentication-strategies-google-client_secret } | `(any, any -> any) \| module \| String.t` | | The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir site fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_site) end ``` | +| [`private_key`](#authentication-strategies-google-private_key){: #authentication-strategies-google-private_key } | `(any, any -> any) \| module \| String.t` | | The private key to use if `:auth_method` is `:private_key_jwt` Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. | +| [`authorization_params`](#authentication-strategies-google-authorization_params){: #authentication-strategies-google-authorization_params } | `Keyword.t` | `[]` | Any additional parameters to encode in the request phase. eg: `authorization_params scope: "openid profile email"` | +| [`registration_enabled?`](#authentication-strategies-google-registration_enabled?){: #authentication-strategies-google-registration_enabled? } | `boolean` | `true` | Is registration enabled for this provider? If this option is enabled, then new users will be able to register for your site when authenticating and not already present. If not, then only existing users will be able to authenticate. | +| [`register_action_name`](#authentication-strategies-google-register_action_name){: #authentication-strategies-google-register_action_name } | `atom` | | The name of the action to use to register a user. Only needed if `registration_enabled?` is `true`. Because we we don't know the response format of the server, you must implement your own registration action of the same name. See the "Registration and Sign-in" section of the module documentation for more information. The default is computed from the strategy name eg: `register_with_#{name}`. | +| [`sign_in_action_name`](#authentication-strategies-google-sign_in_action_name){: #authentication-strategies-google-sign_in_action_name } | `atom` | | The name of the action to use to sign in an existing user. Only needed if `registration_enabled?` is `false`. Because we don't know the response format of the server, you must implement your own sign-in action of the same name. See the "Registration and Sign-in" section of the module documentation for more information. The default is computed from the strategy name, eg: `sign_in_with_#{name}`. | +| [`identity_resource`](#authentication-strategies-google-identity_resource){: #authentication-strategies-google-identity_resource } | `module \| false` | `false` | The resource used to store user identities. Given that a user can be signed into multiple different authentication providers at once we use the `AshAuthentication.UserIdentity` resource to build a mapping between users, providers and that provider's uid. See the Identities section of the module documentation for more information. Set to `false` to disable. | +| [`identity_relationship_name`](#authentication-strategies-google-identity_relationship_name){: #authentication-strategies-google-identity_relationship_name } | `atom` | `:identities` | Name of the relationship to the provider identities resource | +| [`identity_relationship_user_id_attribute`](#authentication-strategies-google-identity_relationship_user_id_attribute){: #authentication-strategies-google-identity_relationship_user_id_attribute } | `atom` | `:user_id` | The name of the destination (user_id) attribute on your provider identity resource. The only reason to change this would be if you changed the `user_id_attribute_name` option of the provider identity. | +| [`icon`](#authentication-strategies-google-icon){: #authentication-strategies-google-icon } | `atom` | `:oauth2` | The name of an icon to use in any potential UI. This is a *hint* for UI generators to use, and not in any way canonical. | + + + + + +### Introspection + +Target: `AshAuthentication.Strategy.OAuth2` + + + + diff --git a/documentation/dsls/DSL:-AshAuthentication.Strategy.MagicLink.cheatmd b/documentation/dsls/DSL:-AshAuthentication.Strategy.MagicLink.cheatmd deleted file mode 100644 index d7ad66cc..00000000 --- a/documentation/dsls/DSL:-AshAuthentication.Strategy.MagicLink.cheatmd +++ /dev/null @@ -1,337 +0,0 @@ - -# DSL: AshAuthentication.Strategy.MagicLink - -Strategy for authentication using a magic link. - -In order to use magic link authentication your resource needs to meet the -following minimum requirements: - -1. Have a primary key. -2. A uniquely constrained identity field (eg `username` or `email`) -3. Have tokens enabled. - -There are other options documented in the DSL. - -### Example - -```elixir -defmodule MyApp.Accounts.User do - use Ash.Resource, - extensions: [AshAuthentication] - - attributes do - uuid_primary_key :id - attribute :email, :ci_string, allow_nil?: false - end - - authentication do - api MyApp.Accounts - - strategies do - magic_link do - identity_field :email - sender fn user, token, _opts -> - MyApp.Emails.deliver_magic_link(user, token) - end - end - end - end - - identities do - identity :unique_email, [:email] - end -end -``` - -## Actions - -By default the magic link strategy will automatically generate the request and -sign-in actions for you, however you're free to define them yourself. If you -do, then the action will be validated to ensure that all the needed -configuration is present. - -If you wish to work with the actions directly from your code you can do so via -the `AshAuthentication.Strategy` protocol. - -### Examples - -Requesting that a magic link token is sent for a user: - - iex> strategy = Info.strategy!(Example.User, :magic_link) - ...> user = build_user() - ...> Strategy.action(strategy, :request, %{"username" => user.username}) - :ok - -Signing in using a magic link token: - - ...> {:ok, token} = MagicLink.request_token_for(strategy, user) - ...> {:ok, signed_in_user} = Strategy.action(strategy, :sign_in, %{"token" => token}) - ...> signed_in_user.id == user - true - -## Plugs - -The magic link strategy provides plug endpoints for both request and sign-in -actions. - -If you wish to work with the plugs directly, you can do so via the -`AshAuthentication.Strategy` protocol. - -### Examples: - -Dispatching to plugs directly: - - iex> strategy = Info.strategy!(Example.User, :magic_link) - ...> user = build_user() - ...> conn = conn(:post, "/user/magic_link/request", %{"user" => %{"username" => user.username}}) - ...> conn = Strategy.plug(strategy, :request, conn) - ...> {_conn, {:ok, nil}} = Plug.Helpers.get_authentication_result(conn) - - ...> {:ok, token} = MagicLink.request_token_for(strategy, user) - ...> conn = conn(:get, "/user/magic_link", %{"token" => token}) - ...> conn = Strategy.plug(strategy, :sign_in, conn) - ...> {_conn, {:ok, signed_in_user}} = Plug.Helpers.get_authentication_result(conn) - ...> signed_in_user.id == user.id - true - -## DSL Documentation - -Strategy for authenticating using local users with a magic link - - - - - -* `:identity_field` (`t:atom/0`) - The name of the attribute which uniquely identifies the user. - Usually something like `username` or `email_address`. The default value is `:username`. - -* `:token_lifetime` - How long the sign in token is valid. - If no unit is provided, then `minutes` is assumed. The default value is `{10, :minutes}`. - -* `:request_action_name` (`t:atom/0`) - The name to use for the request action. - If not present it will be generated by prepending the strategy name - with `request_`. - -* `:single_use_token?` (`t:boolean/0`) - Automatically revoke the token once it's been used for sign in. The default value is `true`. - -* `:sign_in_action_name` (`t:atom/0`) - The name to use for the sign in action. - If not present it will be generated by prepending the strategy name - with `sign_in_with_`. - -* `:token_param_name` (`t:atom/0`) - The name of the token parameter in the incoming sign-in request. The default value is `:token`. - -* `:sender` - Required. How to send the magic link to the user. - Allows you to glue sending of magic links to [swoosh](https://hex.pm/packages/swoosh), [ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification system is appropriate for your application. - Accepts a module, module and opts, or a function that takes a record, reset token and options. - See `AshAuthentication.Sender` for more information. - - - - - - - - -## authentication.strategies.magic_link -```elixir -magic_link name \ :magic_link -``` - - -Strategy for authenticating using local users with a magic link - - - - - - -### Options - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDefaultDocs
- - - sender - - - * - - - (any, any, any -> any) | module - - - - How to send the magic link to the user. - -Allows you to glue sending of magic links to [swoosh](https://hex.pm/packages/swoosh), [ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification system is appropriate for your application. - -Accepts a module, module and opts, or a function that takes a record, reset token and options. - -See `AshAuthentication.Sender` for more information. - -
- - - identity_field - - - - - atom - - :username - - The name of the attribute which uniquely identifies the user. - -Usually something like `username` or `email_address`. - -
- - - token_lifetime - - - - - pos_integer | {pos_integer, :days | :hours | :minutes | :seconds} - - {10, :minutes} - - How long the sign in token is valid. - -If no unit is provided, then `minutes` is assumed. - -
- - - request_action_name - - - - - atom - - - - The name to use for the request action. - -If not present it will be generated by prepending the strategy name -with `request_`. - -
- - - single_use_token? - - - - - boolean - - true - - Automatically revoke the token once it's been used for sign in. - -
- - - sign_in_action_name - - - - - atom - - - - The name to use for the sign in action. - -If not present it will be generated by prepending the strategy name -with `sign_in_with_`. - -
- - - token_param_name - - - - - atom - - :token - - The name of the token parameter in the incoming sign-in request. - -
- - - - - -### Introspection - -Target: `AshAuthentication.Strategy.MagicLink` - - diff --git a/documentation/dsls/DSL:-AshAuthentication.Strategy.MagicLink.md b/documentation/dsls/DSL:-AshAuthentication.Strategy.MagicLink.md new file mode 100644 index 00000000..6b61e5a2 --- /dev/null +++ b/documentation/dsls/DSL:-AshAuthentication.Strategy.MagicLink.md @@ -0,0 +1,172 @@ + +# DSL: AshAuthentication.Strategy.MagicLink + +Strategy for authentication using a magic link. + +In order to use magic link authentication your resource needs to meet the +following minimum requirements: + +1. Have a primary key. +2. A uniquely constrained identity field (eg `username` or `email`) +3. Have tokens enabled. + +There are other options documented in the DSL. + +### Example + +```elixir +defmodule MyApp.Accounts.User do + use Ash.Resource, + extensions: [AshAuthentication] + + attributes do + uuid_primary_key :id + attribute :email, :ci_string, allow_nil?: false + end + + authentication do + api MyApp.Accounts + + strategies do + magic_link do + identity_field :email + sender fn user, token, _opts -> + MyApp.Emails.deliver_magic_link(user, token) + end + end + end + end + + identities do + identity :unique_email, [:email] + end +end +``` + +## Actions + +By default the magic link strategy will automatically generate the request and +sign-in actions for you, however you're free to define them yourself. If you +do, then the action will be validated to ensure that all the needed +configuration is present. + +If you wish to work with the actions directly from your code you can do so via +the `AshAuthentication.Strategy` protocol. + +### Examples + +Requesting that a magic link token is sent for a user: + + iex> strategy = Info.strategy!(Example.User, :magic_link) + ...> user = build_user() + ...> Strategy.action(strategy, :request, %{"username" => user.username}) + :ok + +Signing in using a magic link token: + + ...> {:ok, token} = MagicLink.request_token_for(strategy, user) + ...> {:ok, signed_in_user} = Strategy.action(strategy, :sign_in, %{"token" => token}) + ...> signed_in_user.id == user + true + +## Plugs + +The magic link strategy provides plug endpoints for both request and sign-in +actions. + +If you wish to work with the plugs directly, you can do so via the +`AshAuthentication.Strategy` protocol. + +### Examples: + +Dispatching to plugs directly: + + iex> strategy = Info.strategy!(Example.User, :magic_link) + ...> user = build_user() + ...> conn = conn(:post, "/user/magic_link/request", %{"user" => %{"username" => user.username}}) + ...> conn = Strategy.plug(strategy, :request, conn) + ...> {_conn, {:ok, nil}} = Plug.Helpers.get_authentication_result(conn) + + ...> {:ok, token} = MagicLink.request_token_for(strategy, user) + ...> conn = conn(:get, "/user/magic_link", %{"token" => token}) + ...> conn = Strategy.plug(strategy, :sign_in, conn) + ...> {_conn, {:ok, signed_in_user}} = Plug.Helpers.get_authentication_result(conn) + ...> signed_in_user.id == user.id + true + +## DSL Documentation + +Strategy for authenticating using local users with a magic link + + + + + +* `:identity_field` (`t:atom/0`) - The name of the attribute which uniquely identifies the user. + Usually something like `username` or `email_address`. The default value is `:username`. + +* `:token_lifetime` - How long the sign in token is valid. + If no unit is provided, then `minutes` is assumed. The default value is `{10, :minutes}`. + +* `:request_action_name` (`t:atom/0`) - The name to use for the request action. + If not present it will be generated by prepending the strategy name + with `request_`. + +* `:single_use_token?` (`t:boolean/0`) - Automatically revoke the token once it's been used for sign in. The default value is `true`. + +* `:sign_in_action_name` (`t:atom/0`) - The name to use for the sign in action. + If not present it will be generated by prepending the strategy name + with `sign_in_with_`. + +* `:token_param_name` (`t:atom/0`) - The name of the token parameter in the incoming sign-in request. The default value is `:token`. + +* `:sender` - Required. How to send the magic link to the user. + Allows you to glue sending of magic links to [swoosh](https://hex.pm/packages/swoosh), [ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification system is appropriate for your application. + Accepts a module, module and opts, or a function that takes a record, reset token and options. + See `AshAuthentication.Sender` for more information. + + + + + + + + +## authentication.strategies.magic_link +```elixir +magic_link name \\ :magic_link +``` + + +Strategy for authenticating using local users with a magic link + + + + + + +### Options + +| Name | Type | Default | Docs | +|------|------|---------|------| +| [`sender`](#authentication-strategies-magic_link-sender){: #authentication-strategies-magic_link-sender .spark-required} | `(any, any, any -> any) \| module` | | How to send the magic link to the user. Allows you to glue sending of magic links to [swoosh](https://hex.pm/packages/swoosh), [ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification system is appropriate for your application. Accepts a module, module and opts, or a function that takes a record, reset token and options. See `AshAuthentication.Sender` for more information. | +| [`identity_field`](#authentication-strategies-magic_link-identity_field){: #authentication-strategies-magic_link-identity_field } | `atom` | `:username` | The name of the attribute which uniquely identifies the user. Usually something like `username` or `email_address`. | +| [`token_lifetime`](#authentication-strategies-magic_link-token_lifetime){: #authentication-strategies-magic_link-token_lifetime } | `pos_integer \| {pos_integer, :days \| :hours \| :minutes \| :seconds}` | `{10, :minutes}` | How long the sign in token is valid. If no unit is provided, then `minutes` is assumed. | +| [`request_action_name`](#authentication-strategies-magic_link-request_action_name){: #authentication-strategies-magic_link-request_action_name } | `atom` | | The name to use for the request action. If not present it will be generated by prepending the strategy name with `request_`. | +| [`single_use_token?`](#authentication-strategies-magic_link-single_use_token?){: #authentication-strategies-magic_link-single_use_token? } | `boolean` | `true` | Automatically revoke the token once it's been used for sign in. | +| [`sign_in_action_name`](#authentication-strategies-magic_link-sign_in_action_name){: #authentication-strategies-magic_link-sign_in_action_name } | `atom` | | The name to use for the sign in action. If not present it will be generated by prepending the strategy name with `sign_in_with_`. | +| [`token_param_name`](#authentication-strategies-magic_link-token_param_name){: #authentication-strategies-magic_link-token_param_name } | `atom` | `:token` | The name of the token parameter in the incoming sign-in request. | + + + + + +### Introspection + +Target: `AshAuthentication.Strategy.MagicLink` + + + + diff --git a/documentation/dsls/DSL:-AshAuthentication.Strategy.OAuth2.cheatmd b/documentation/dsls/DSL:-AshAuthentication.Strategy.OAuth2.cheatmd deleted file mode 100644 index b85d251e..00000000 --- a/documentation/dsls/DSL:-AshAuthentication.Strategy.OAuth2.cheatmd +++ /dev/null @@ -1,1020 +0,0 @@ - -# DSL: AshAuthentication.Strategy.OAuth2 - -Strategy for authenticating using an OAuth 2.0 server as the source of truth. - -This strategy wraps the excellent [`assent`](https://hex.pm/packages/assent) -package, which provides OAuth 2.0 capabilities. - -In order to use OAuth 2.0 authentication on your resource, it needs to meet -the following minimum criteria: - -1. Have a primary key. -2. Provide a strategy-specific action, either register or sign-in. -3. Provide configuration for OAuth2 destinations, secrets, etc. - -### Example: - -```elixir -defmodule MyApp.Accounts.User do - use Ash.Resource, - extensions: [AshAuthentication] - - attributes do - uuid_primary_key :id - attribute :email, :ci_string, allow_nil?: false - end - - authentication do - api MyApp.Accounts - - strategies do - oauth2 :example do - client_id "OAuth Client ID" - redirect_uri "https://my.app/" - client_secret "My Super Secret Secret" - site "https://auth.example.com/" - end - end - end -end -``` - -## Secrets and runtime configuration - -In order to use OAuth 2.0 you need to provide a varying number of secrets and -other configuration which may change based on runtime environment. The -`AshAuthentication.Secret` behaviour is provided to accommodate this. This -allows you to provide configuration either directly on the resource (ie as a -string), as an anonymous function, or as a module. - -> ### Warning {: .warning} -> -> We **strongly** urge you not to share actual secrets in your code or -> repository. - -### Examples: - -Providing configuration as an anonymous function: - -```elixir -oauth2 do - client_secret fn _path, resource -> - Application.fetch_env(:my_app, resource, :oauth2_client_secret) - end -end -``` - -Providing configuration as a module: - -```elixir -defmodule MyApp.Secrets do - use AshAuthentication.Secret - - def secret_for([:authentication, :strategies, :example, :client_secret], MyApp.User, _opts), do: Application.fetch_env(:my_app, :oauth2_client_secret) -end - -# and in your strategies: - -oauth2 :example do - client_secret MyApp.Secrets -end -``` - -## User identities - -Because your users can be signed in via multiple providers at once, you can -specify an `identity_resource` in the DSL configuration which points to a -seperate Ash resource which has the `AshAuthentication.UserIdentity` extension -present. This resource will be used to store details of the providers in use -by each user and a relationship will be added to the user resource. - -Setting the `identity_resource` will cause extra validations to be applied to -your resource so that changes are tracked correctly on sign-in or -registration. - -## Actions - -When using an OAuth 2.0 provider you need to declare either a "register" or -"sign-in" action. The reason for this is that it's not possible for us to -know ahead of time how you want to manage the link between your user resources -and the "user info" provided by the OAuth server. - -Both actions receive the following two arguments: - -1. `user_info` - a map with string keys containing the [OpenID Successful - UserInfo - response](https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse). - Usually this will be used to populate your email, nickname or other - identifying field. -2. `oauth_tokens` a map with string keys containing the [OpenID Successful - Token - response](https://openid.net/specs/openid-connect-core-1_0.html#TokenResponse) - (or similar). - -The actions themselves can be interacted with directly via the -`AshAuthentication.Strategy` protocol, but you are more likely to interact -with them via the web/plugs. - -### Sign-in - -The sign-in action is called when a successful OAuth2 callback is received. -You should use it to constrain the query to the correct user based on the -arguments provided. - -This action is only needed when the `registration_enabled?` DSL settings is -set to `false`. - -### Registration - -The register action is a little more complicated than the sign-in action, -because we cannot tell the difference between a new user and a returning user -(they all use the same OAuth flow). In order to handle this your register -action must be defined as an upsert with a configured `upsert_identity` (see -example below). - -### Examples: - -Providing sign-in to users who already exist in the database (and by extension -rejecting new users): - -```elixir -defmodule MyApp.Accounts.User do - attributes do - uuid_primary_key :id - attribute :email, :ci_string, allow_nil?: false - end - - actions do - read :sign_in_with_example do - argument :user_info, :map, allow_nil?: false - argument :oauth_tokens, :map, allow_nil?: false - prepare AshAuthentication.Strategy.OAuth2.SignInPreparation - - filter expr(email == get_path(^arg(:user_info), [:email])) - end - end - - authentication do - api MyApp.Accounts - - strategies do - oauth2 :example do - registration_enabled? false - end - end - end -end -``` - -Providing registration or sign-in to all comers: - -```elixir -defmodule MyApp.Accounts.User do - attributes do - uuid_primary_key :id - attribute :email, :ci_string, allow_nil?: false - end - - actions do - create :register_with_oauth2 do - argument :user_info, :map, allow_nil?: false - argument :oauth_tokens, :map, allow_nil?: false - upsert? true - upsert_identity :email - - change AshAuthentication.GenerateTokenChange - change fn changeset, _ctx -> - user_info = Ash.Changeset.get_argument(changeset, :user_info) - - changeset - |> Ash.Changeset.change_attribute(:email, user_info["email"]) - end - end - end - - authentication do - api MyApp.Accounts - - strategies do - oauth2 :example do - end - end - end -end -``` - -## Plugs - -OAuth 2.0 is (usually) a browser-based flow. This means that you're most -likely to interact with this strategy via it's plugs. There are two phases to -authentication with OAuth 2.0: - -1. The request phase, where the user's browser is redirected to the remote - authentication provider for authentication. -2. The callback phase, where the provider redirects the user back to your app - to create a local database record, session, etc. - - -## DSL Documentation - -OAuth2 authentication - - - - - -* `:name` (`t:atom/0`) - Required. Uniquely identifies the strategy. - -* `:client_id` - Required. The OAuth2 client ID. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - client_id fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_client_id) - end - ``` - -* `:base_url` - The base URL of the OAuth2 server - including the leading protocol - (ie `https://`). - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - base_url fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) - end - ``` - -* `:site` - Deprecated: Use `base_url` instead. - -* `:auth_method` - The authentication strategy used, optional. If not set, no - authentication will be used during the access token request. The - value may be one of the following: - * `:client_secret_basic` - * `:client_secret_post` - * `:client_secret_jwt` - * `:private_key_jwt` - Valid values are nil, :client_secret_basic, :client_secret_post, :client_secret_jwt, :private_key_jwt The default value is `:client_secret_post`. - -* `:client_secret` - The OAuth2 client secret. - Required if :auth_method is `:client_secret_basic`, - `:client_secret_post` or `:client_secret_jwt`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - site fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) - end - ``` - -* `:authorize_url` - Required. The API url to the OAuth2 authorize endpoint. - Relative to the value of `site`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end - ``` - -* `:token_url` - Required. The API url to access the token endpoint. - Relative to the value of `site`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end - ``` - -* `:user_url` - Required. The API url to access the user endpoint. - Relative to the value of `site`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end - ``` - -* `:private_key` - The private key to use if `:auth_method` is `:private_key_jwt` - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - -* `:redirect_uri` - Required. The callback URI base. - Not the whole URI back to the callback endpoint, but the URI to your - `AuthPlug`. We can generate the rest. - Whilst not particularly secret, it seemed prudent to allow this to be - configured dynamically so that you can use different URIs for - different environments. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - -* `:authorization_params` (`t:keyword/0`) - Any additional parameters to encode in the request phase. - eg: `authorization_params scope: "openid profile email"` The default value is `[]`. - -* `:registration_enabled?` (`t:boolean/0`) - Is registration enabled for this provider? - If this option is enabled, then new users will be able to register for - your site when authenticating and not already present. - If not, then only existing users will be able to authenticate. The default value is `true`. - -* `:register_action_name` (`t:atom/0`) - The name of the action to use to register a user. - Only needed if `registration_enabled?` is `true`. - Because we we don't know the response format of the server, you must - implement your own registration action of the same name. - See the "Registration and Sign-in" section of the module - documentation for more information. - The default is computed from the strategy name eg: - `register_with_#{name}`. - -* `:sign_in_action_name` (`t:atom/0`) - The name of the action to use to sign in an existing user. - Only needed if `registration_enabled?` is `false`. - Because we don't know the response format of the server, you must - implement your own sign-in action of the same name. - See the "Registration and Sign-in" section of the module - documentation for more information. - The default is computed from the strategy name, eg: - `sign_in_with_#{name}`. - -* `:identity_resource` - The resource used to store user identities. - Given that a user can be signed into multiple different - authentication providers at once we use the - `AshAuthentication.UserIdentity` resource to build a mapping - between users, providers and that provider's uid. - See the Identities section of the module documentation for more - information. - Set to `false` to disable. The default value is `false`. - -* `:identity_relationship_name` (`t:atom/0`) - Name of the relationship to the provider identities resource The default value is `:identities`. - -* `:identity_relationship_user_id_attribute` (`t:atom/0`) - The name of the destination (user_id) attribute on your provider - identity resource. - The only reason to change this would be if you changed the - `user_id_attribute_name` option of the provider identity. The default value is `:user_id`. - -* `:icon` (`t:atom/0`) - The name of an icon to use in any potential UI. - This is a *hint* for UI generators to use, and not in any way canonical. The default value is `:oauth2`. - - - - - - - - -## authentication.strategies.oauth2 -```elixir -oauth2 name \ :oauth2 -``` - - -OAuth2 authentication - - - - - -### Arguments - - - - - - - - - - - - - - - - - - - -
NameTypeDefaultDocs
- - - name - - - * - - - atom - - - - Uniquely identifies the strategy. - -
-### Options - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDefaultDocs
- - - client_id - - - * - - - (any, any -> any) | module | String.t - - - - The OAuth2 client ID. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -client_id fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_client_id) -end -``` - -
- - - authorize_url - - - * - - - (any, any -> any) | module | String.t - - - - The API url to the OAuth2 authorize endpoint. - -Relative to the value of `site`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end -``` - -
- - - token_url - - - * - - - (any, any -> any) | module | String.t - - - - The API url to access the token endpoint. - -Relative to the value of `site`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end -``` - -
- - - user_url - - - * - - - (any, any -> any) | module | String.t - - - - The API url to access the user endpoint. - -Relative to the value of `site`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end -``` - -
- - - redirect_uri - - - * - - - (any, any -> any) | module | String.t - - - - The callback URI base. - -Not the whole URI back to the callback endpoint, but the URI to your -`AuthPlug`. We can generate the rest. - -Whilst not particularly secret, it seemed prudent to allow this to be -configured dynamically so that you can use different URIs for -different environments. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -
- - - base_url - - - - - (any, any -> any) | module | String.t - - - - The base URL of the OAuth2 server - including the leading protocol -(ie `https://`). - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -base_url fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) -end -``` - -
- - - site - - - - - (any, any -> any) | module | String.t - - - - Deprecated: Use `base_url` instead. -
- - - auth_method - - - - - nil | :client_secret_basic | :client_secret_post | :client_secret_jwt | :private_key_jwt - - :client_secret_post - - The authentication strategy used, optional. If not set, no -authentication will be used during the access token request. The -value may be one of the following: - -* `:client_secret_basic` -* `:client_secret_post` -* `:client_secret_jwt` -* `:private_key_jwt` - -
- - - client_secret - - - - - (any, any -> any) | module | String.t - - - - The OAuth2 client secret. - -Required if :auth_method is `:client_secret_basic`, -`:client_secret_post` or `:client_secret_jwt`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -site fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) -end -``` - -
- - - private_key - - - - - (any, any -> any) | module | String.t - - - - The private key to use if `:auth_method` is `:private_key_jwt` - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -
- - - authorization_params - - - - - Keyword.t - - [] - - Any additional parameters to encode in the request phase. - -eg: `authorization_params scope: "openid profile email"` - -
- - - registration_enabled? - - - - - boolean - - true - - Is registration enabled for this provider? - -If this option is enabled, then new users will be able to register for -your site when authenticating and not already present. - -If not, then only existing users will be able to authenticate. - -
- - - register_action_name - - - - - atom - - - - The name of the action to use to register a user. - -Only needed if `registration_enabled?` is `true`. - -Because we we don't know the response format of the server, you must -implement your own registration action of the same name. - -See the "Registration and Sign-in" section of the module -documentation for more information. - -The default is computed from the strategy name eg: -`register_with_#{name}`. - -
- - - sign_in_action_name - - - - - atom - - - - The name of the action to use to sign in an existing user. - -Only needed if `registration_enabled?` is `false`. - -Because we don't know the response format of the server, you must -implement your own sign-in action of the same name. - -See the "Registration and Sign-in" section of the module -documentation for more information. - -The default is computed from the strategy name, eg: -`sign_in_with_#{name}`. - -
- - - identity_resource - - - - - module | false - - false - - The resource used to store user identities. - -Given that a user can be signed into multiple different -authentication providers at once we use the -`AshAuthentication.UserIdentity` resource to build a mapping -between users, providers and that provider's uid. - -See the Identities section of the module documentation for more -information. - -Set to `false` to disable. - -
- - - identity_relationship_name - - - - - atom - - :identities - - Name of the relationship to the provider identities resource -
- - - identity_relationship_user_id_attribute - - - - - atom - - :user_id - - The name of the destination (user_id) attribute on your provider -identity resource. - -The only reason to change this would be if you changed the -`user_id_attribute_name` option of the provider identity. - -
- - - icon - - - - - atom - - :oauth2 - - The name of an icon to use in any potential UI. - -This is a *hint* for UI generators to use, and not in any way canonical. - -
- - - - - -### Introspection - -Target: `AshAuthentication.Strategy.OAuth2` - - diff --git a/documentation/dsls/DSL:-AshAuthentication.Strategy.OAuth2.md b/documentation/dsls/DSL:-AshAuthentication.Strategy.OAuth2.md new file mode 100644 index 00000000..f15aa6fb --- /dev/null +++ b/documentation/dsls/DSL:-AshAuthentication.Strategy.OAuth2.md @@ -0,0 +1,445 @@ + +# DSL: AshAuthentication.Strategy.OAuth2 + +Strategy for authenticating using an OAuth 2.0 server as the source of truth. + +This strategy wraps the excellent [`assent`](https://hex.pm/packages/assent) +package, which provides OAuth 2.0 capabilities. + +In order to use OAuth 2.0 authentication on your resource, it needs to meet +the following minimum criteria: + +1. Have a primary key. +2. Provide a strategy-specific action, either register or sign-in. +3. Provide configuration for OAuth2 destinations, secrets, etc. + +### Example: + +```elixir +defmodule MyApp.Accounts.User do + use Ash.Resource, + extensions: [AshAuthentication] + + attributes do + uuid_primary_key :id + attribute :email, :ci_string, allow_nil?: false + end + + authentication do + api MyApp.Accounts + + strategies do + oauth2 :example do + client_id "OAuth Client ID" + redirect_uri "https://my.app/" + client_secret "My Super Secret Secret" + site "https://auth.example.com/" + end + end + end +end +``` + +## Secrets and runtime configuration + +In order to use OAuth 2.0 you need to provide a varying number of secrets and +other configuration which may change based on runtime environment. The +`AshAuthentication.Secret` behaviour is provided to accommodate this. This +allows you to provide configuration either directly on the resource (ie as a +string), as an anonymous function, or as a module. + +> ### Warning {: .warning} +> +> We **strongly** urge you not to share actual secrets in your code or +> repository. + +### Examples: + +Providing configuration as an anonymous function: + +```elixir +oauth2 do + client_secret fn _path, resource -> + Application.fetch_env(:my_app, resource, :oauth2_client_secret) + end +end +``` + +Providing configuration as a module: + +```elixir +defmodule MyApp.Secrets do + use AshAuthentication.Secret + + def secret_for([:authentication, :strategies, :example, :client_secret], MyApp.User, _opts), do: Application.fetch_env(:my_app, :oauth2_client_secret) +end + +# and in your strategies: + +oauth2 :example do + client_secret MyApp.Secrets +end +``` + +## User identities + +Because your users can be signed in via multiple providers at once, you can +specify an `identity_resource` in the DSL configuration which points to a +seperate Ash resource which has the `AshAuthentication.UserIdentity` extension +present. This resource will be used to store details of the providers in use +by each user and a relationship will be added to the user resource. + +Setting the `identity_resource` will cause extra validations to be applied to +your resource so that changes are tracked correctly on sign-in or +registration. + +## Actions + +When using an OAuth 2.0 provider you need to declare either a "register" or +"sign-in" action. The reason for this is that it's not possible for us to +know ahead of time how you want to manage the link between your user resources +and the "user info" provided by the OAuth server. + +Both actions receive the following two arguments: + +1. `user_info` - a map with string keys containing the [OpenID Successful + UserInfo + response](https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse). + Usually this will be used to populate your email, nickname or other + identifying field. +2. `oauth_tokens` a map with string keys containing the [OpenID Successful + Token + response](https://openid.net/specs/openid-connect-core-1_0.html#TokenResponse) + (or similar). + +The actions themselves can be interacted with directly via the +`AshAuthentication.Strategy` protocol, but you are more likely to interact +with them via the web/plugs. + +### Sign-in + +The sign-in action is called when a successful OAuth2 callback is received. +You should use it to constrain the query to the correct user based on the +arguments provided. + +This action is only needed when the `registration_enabled?` DSL settings is +set to `false`. + +### Registration + +The register action is a little more complicated than the sign-in action, +because we cannot tell the difference between a new user and a returning user +(they all use the same OAuth flow). In order to handle this your register +action must be defined as an upsert with a configured `upsert_identity` (see +example below). + +### Examples: + +Providing sign-in to users who already exist in the database (and by extension +rejecting new users): + +```elixir +defmodule MyApp.Accounts.User do + attributes do + uuid_primary_key :id + attribute :email, :ci_string, allow_nil?: false + end + + actions do + read :sign_in_with_example do + argument :user_info, :map, allow_nil?: false + argument :oauth_tokens, :map, allow_nil?: false + prepare AshAuthentication.Strategy.OAuth2.SignInPreparation + + filter expr(email == get_path(^arg(:user_info), [:email])) + end + end + + authentication do + api MyApp.Accounts + + strategies do + oauth2 :example do + registration_enabled? false + end + end + end +end +``` + +Providing registration or sign-in to all comers: + +```elixir +defmodule MyApp.Accounts.User do + attributes do + uuid_primary_key :id + attribute :email, :ci_string, allow_nil?: false + end + + actions do + create :register_with_oauth2 do + argument :user_info, :map, allow_nil?: false + argument :oauth_tokens, :map, allow_nil?: false + upsert? true + upsert_identity :email + + change AshAuthentication.GenerateTokenChange + change fn changeset, _ctx -> + user_info = Ash.Changeset.get_argument(changeset, :user_info) + + changeset + |> Ash.Changeset.change_attribute(:email, user_info["email"]) + end + end + end + + authentication do + api MyApp.Accounts + + strategies do + oauth2 :example do + end + end + end +end +``` + +## Plugs + +OAuth 2.0 is (usually) a browser-based flow. This means that you're most +likely to interact with this strategy via it's plugs. There are two phases to +authentication with OAuth 2.0: + +1. The request phase, where the user's browser is redirected to the remote + authentication provider for authentication. +2. The callback phase, where the provider redirects the user back to your app + to create a local database record, session, etc. + + +## DSL Documentation + +OAuth2 authentication + + + + + +* `:name` (`t:atom/0`) - Required. Uniquely identifies the strategy. + +* `:client_id` - Required. The OAuth2 client ID. + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + + Example: + ```elixir + client_id fn _, resource -> + :my_app + |> Application.get_env(resource, []) + |> Keyword.fetch(:oauth_client_id) + end + ``` + +* `:base_url` - The base URL of the OAuth2 server - including the leading protocol + (ie `https://`). + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + + Example: + ```elixir + base_url fn _, resource -> + :my_app + |> Application.get_env(resource, []) + |> Keyword.fetch(:oauth_site) + end + ``` + +* `:site` - Deprecated: Use `base_url` instead. + +* `:auth_method` - The authentication strategy used, optional. If not set, no + authentication will be used during the access token request. The + value may be one of the following: + * `:client_secret_basic` + * `:client_secret_post` + * `:client_secret_jwt` + * `:private_key_jwt` + Valid values are nil, :client_secret_basic, :client_secret_post, :client_secret_jwt, :private_key_jwt The default value is `:client_secret_post`. + +* `:client_secret` - The OAuth2 client secret. + Required if :auth_method is `:client_secret_basic`, + `:client_secret_post` or `:client_secret_jwt`. + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + + Example: + ```elixir + site fn _, resource -> + :my_app + |> Application.get_env(resource, []) + |> Keyword.fetch(:oauth_site) + end + ``` + +* `:authorize_url` - Required. The API url to the OAuth2 authorize endpoint. + Relative to the value of `site`. + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + + Example: + ```elixir + authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end + ``` + +* `:token_url` - Required. The API url to access the token endpoint. + Relative to the value of `site`. + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + + Example: + ```elixir + token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end + ``` + +* `:user_url` - Required. The API url to access the user endpoint. + Relative to the value of `site`. + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + + Example: + ```elixir + user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end + ``` + +* `:private_key` - The private key to use if `:auth_method` is `:private_key_jwt` + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + +* `:redirect_uri` - Required. The callback URI base. + Not the whole URI back to the callback endpoint, but the URI to your + `AuthPlug`. We can generate the rest. + Whilst not particularly secret, it seemed prudent to allow this to be + configured dynamically so that you can use different URIs for + different environments. + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + +* `:authorization_params` (`t:keyword/0`) - Any additional parameters to encode in the request phase. + eg: `authorization_params scope: "openid profile email"` The default value is `[]`. + +* `:registration_enabled?` (`t:boolean/0`) - Is registration enabled for this provider? + If this option is enabled, then new users will be able to register for + your site when authenticating and not already present. + If not, then only existing users will be able to authenticate. The default value is `true`. + +* `:register_action_name` (`t:atom/0`) - The name of the action to use to register a user. + Only needed if `registration_enabled?` is `true`. + Because we we don't know the response format of the server, you must + implement your own registration action of the same name. + See the "Registration and Sign-in" section of the module + documentation for more information. + The default is computed from the strategy name eg: + `register_with_#{name}`. + +* `:sign_in_action_name` (`t:atom/0`) - The name of the action to use to sign in an existing user. + Only needed if `registration_enabled?` is `false`. + Because we don't know the response format of the server, you must + implement your own sign-in action of the same name. + See the "Registration and Sign-in" section of the module + documentation for more information. + The default is computed from the strategy name, eg: + `sign_in_with_#{name}`. + +* `:identity_resource` - The resource used to store user identities. + Given that a user can be signed into multiple different + authentication providers at once we use the + `AshAuthentication.UserIdentity` resource to build a mapping + between users, providers and that provider's uid. + See the Identities section of the module documentation for more + information. + Set to `false` to disable. The default value is `false`. + +* `:identity_relationship_name` (`t:atom/0`) - Name of the relationship to the provider identities resource The default value is `:identities`. + +* `:identity_relationship_user_id_attribute` (`t:atom/0`) - The name of the destination (user_id) attribute on your provider + identity resource. + The only reason to change this would be if you changed the + `user_id_attribute_name` option of the provider identity. The default value is `:user_id`. + +* `:icon` (`t:atom/0`) - The name of an icon to use in any potential UI. + This is a *hint* for UI generators to use, and not in any way canonical. The default value is `:oauth2`. + + + + + + + + +## authentication.strategies.oauth2 +```elixir +oauth2 name \\ :oauth2 +``` + + +OAuth2 authentication + + + + + +### Arguments + +| Name | Type | Default | Docs | +|------|------|---------|------| +| [`name`](#authentication-strategies-oauth2-name){: #authentication-strategies-oauth2-name .spark-required} | `atom` | | Uniquely identifies the strategy. | +### Options + +| Name | Type | Default | Docs | +|------|------|---------|------| +| [`client_id`](#authentication-strategies-oauth2-client_id){: #authentication-strategies-oauth2-client_id .spark-required} | `(any, any -> any) \| module \| String.t` | | The OAuth2 client ID. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir client_id fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_client_id) end ``` | +| [`authorize_url`](#authentication-strategies-oauth2-authorize_url){: #authentication-strategies-oauth2-authorize_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to the OAuth2 authorize endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end ``` | +| [`token_url`](#authentication-strategies-oauth2-token_url){: #authentication-strategies-oauth2-token_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the token endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end ``` | +| [`user_url`](#authentication-strategies-oauth2-user_url){: #authentication-strategies-oauth2-user_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the user endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end ``` | +| [`redirect_uri`](#authentication-strategies-oauth2-redirect_uri){: #authentication-strategies-oauth2-redirect_uri .spark-required} | `(any, any -> any) \| module \| String.t` | | The callback URI base. Not the whole URI back to the callback endpoint, but the URI to your `AuthPlug`. We can generate the rest. Whilst not particularly secret, it seemed prudent to allow this to be configured dynamically so that you can use different URIs for different environments. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. | +| [`base_url`](#authentication-strategies-oauth2-base_url){: #authentication-strategies-oauth2-base_url } | `(any, any -> any) \| module \| String.t` | | The base URL of the OAuth2 server - including the leading protocol (ie `https://`). Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir base_url fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_site) end ``` | +| [`site`](#authentication-strategies-oauth2-site){: #authentication-strategies-oauth2-site } | `(any, any -> any) \| module \| String.t` | | Deprecated: Use `base_url` instead. | +| [`auth_method`](#authentication-strategies-oauth2-auth_method){: #authentication-strategies-oauth2-auth_method } | `nil \| :client_secret_basic \| :client_secret_post \| :client_secret_jwt \| :private_key_jwt` | `:client_secret_post` | The authentication strategy used, optional. If not set, no authentication will be used during the access token request. The value may be one of the following: * `:client_secret_basic` * `:client_secret_post` * `:client_secret_jwt` * `:private_key_jwt` | +| [`client_secret`](#authentication-strategies-oauth2-client_secret){: #authentication-strategies-oauth2-client_secret } | `(any, any -> any) \| module \| String.t` | | The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir site fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_site) end ``` | +| [`private_key`](#authentication-strategies-oauth2-private_key){: #authentication-strategies-oauth2-private_key } | `(any, any -> any) \| module \| String.t` | | The private key to use if `:auth_method` is `:private_key_jwt` Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. | +| [`authorization_params`](#authentication-strategies-oauth2-authorization_params){: #authentication-strategies-oauth2-authorization_params } | `Keyword.t` | `[]` | Any additional parameters to encode in the request phase. eg: `authorization_params scope: "openid profile email"` | +| [`registration_enabled?`](#authentication-strategies-oauth2-registration_enabled?){: #authentication-strategies-oauth2-registration_enabled? } | `boolean` | `true` | Is registration enabled for this provider? If this option is enabled, then new users will be able to register for your site when authenticating and not already present. If not, then only existing users will be able to authenticate. | +| [`register_action_name`](#authentication-strategies-oauth2-register_action_name){: #authentication-strategies-oauth2-register_action_name } | `atom` | | The name of the action to use to register a user. Only needed if `registration_enabled?` is `true`. Because we we don't know the response format of the server, you must implement your own registration action of the same name. See the "Registration and Sign-in" section of the module documentation for more information. The default is computed from the strategy name eg: `register_with_#{name}`. | +| [`sign_in_action_name`](#authentication-strategies-oauth2-sign_in_action_name){: #authentication-strategies-oauth2-sign_in_action_name } | `atom` | | The name of the action to use to sign in an existing user. Only needed if `registration_enabled?` is `false`. Because we don't know the response format of the server, you must implement your own sign-in action of the same name. See the "Registration and Sign-in" section of the module documentation for more information. The default is computed from the strategy name, eg: `sign_in_with_#{name}`. | +| [`identity_resource`](#authentication-strategies-oauth2-identity_resource){: #authentication-strategies-oauth2-identity_resource } | `module \| false` | `false` | The resource used to store user identities. Given that a user can be signed into multiple different authentication providers at once we use the `AshAuthentication.UserIdentity` resource to build a mapping between users, providers and that provider's uid. See the Identities section of the module documentation for more information. Set to `false` to disable. | +| [`identity_relationship_name`](#authentication-strategies-oauth2-identity_relationship_name){: #authentication-strategies-oauth2-identity_relationship_name } | `atom` | `:identities` | Name of the relationship to the provider identities resource | +| [`identity_relationship_user_id_attribute`](#authentication-strategies-oauth2-identity_relationship_user_id_attribute){: #authentication-strategies-oauth2-identity_relationship_user_id_attribute } | `atom` | `:user_id` | The name of the destination (user_id) attribute on your provider identity resource. The only reason to change this would be if you changed the `user_id_attribute_name` option of the provider identity. | +| [`icon`](#authentication-strategies-oauth2-icon){: #authentication-strategies-oauth2-icon } | `atom` | `:oauth2` | The name of an icon to use in any potential UI. This is a *hint* for UI generators to use, and not in any way canonical. | + + + + + +### Introspection + +Target: `AshAuthentication.Strategy.OAuth2` + + + + diff --git a/documentation/dsls/DSL:-AshAuthentication.Strategy.Oidc.cheatmd b/documentation/dsls/DSL:-AshAuthentication.Strategy.Oidc.cheatmd deleted file mode 100644 index cbe16861..00000000 --- a/documentation/dsls/DSL:-AshAuthentication.Strategy.Oidc.cheatmd +++ /dev/null @@ -1,1015 +0,0 @@ - -# DSL: AshAuthentication.Strategy.Oidc - -Strategy for authentication using an [OpenID -Connect](https://openid.net/connect/) compatible server as the source of -truth. - -This strategy builds on-top of `AshAuthentication.Strategy.OAuth2` and -[`assent`](https://hex.pm/packages/assent). - -In order to use OIDC you need to provide the following minimum configuration: - -- `client_id` - The client id, required -- `site` - The OIDC issuer, required -- `openid_configuration_uri` - The URI for OpenID Provider, optional, defaults - to `/.well-known/openid-configuration` -- `client_authentication_method` - The Client Authentication method to use, - optional, defaults to `client_secret_basic` -- `client_secret` - The client secret, required if - `:client_authentication_method` is `:client_secret_basic`, - `:client_secret_post`, or `:client_secret_jwt` -- `openid_configuration` - The OpenID configuration, optional, the - configuration will be fetched from `:openid_configuration_uri` if this is - not defined -- `id_token_signed_response_alg` - The `id_token_signed_response_alg` - parameter sent by the Client during Registration, defaults to `RS256` -- `id_token_ttl_seconds` - The number of seconds from `iat` that an ID Token - will be considered valid, optional, defaults to nil -- `nonce` - The nonce to use for authorization request, optional, MUST be - session based and unguessable. - - -## Nonce -`nonce` can be set in the provider config. The `nonce` will be returned in the -`session_params` along with `state`. You can use this to store the value in -the current session e.g. a httpOnly session cookie. - -A random value generator can look like this: - -```elixir -16 -|> :crypto.strong_rand_bytes() -|> Base.encode64(padding: false) -``` - -AshAuthentication will dynamically generate one for the session if `nonce` is -set to `true`. - -## DSL Documentation - -Provides an OpenID Connect authentication strategy. - -This strategy is built using the `:oauth2` strategy, and thus provides -all the same configuration options should you need them. - -#### Schema: - - - - - - -* `:name` (`t:atom/0`) - Required. Uniquely identifies the strategy. - -* `:client_id` - Required. The OAuth2 client ID. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - client_id fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_client_id) - end - ``` - -* `:base_url` - The base URL of the OAuth2 server - including the leading protocol - (ie `https://`). - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - base_url fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) - end - ``` - -* `:site` - Deprecated: Use `base_url` instead. - -* `:auth_method` - The authentication strategy used, optional. If not set, no - authentication will be used during the access token request. The - value may be one of the following: - * `:client_secret_basic` - * `:client_secret_post` - * `:client_secret_jwt` - * `:private_key_jwt` - Valid values are nil, :client_secret_basic, :client_secret_post, :client_secret_jwt, :private_key_jwt The default value is `:client_secret_post`. - -* `:client_secret` - The OAuth2 client secret. - Required if :auth_method is `:client_secret_basic`, - `:client_secret_post` or `:client_secret_jwt`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - site fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) - end - ``` - -* `:authorize_url` - Required. The API url to the OAuth2 authorize endpoint. - Relative to the value of `site`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end - ``` - -* `:token_url` - Required. The API url to access the token endpoint. - Relative to the value of `site`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end - ``` - -* `:private_key` - The private key to use if `:auth_method` is `:private_key_jwt` - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - -* `:redirect_uri` - Required. The callback URI base. - Not the whole URI back to the callback endpoint, but the URI to your - `AuthPlug`. We can generate the rest. - Whilst not particularly secret, it seemed prudent to allow this to be - configured dynamically so that you can use different URIs for - different environments. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - -* `:authorization_params` (`t:keyword/0`) - Any additional parameters to encode in the request phase. - eg: `authorization_params scope: "openid profile email"` The default value is `[]`. - -* `:registration_enabled?` (`t:boolean/0`) - Is registration enabled for this provider? - If this option is enabled, then new users will be able to register for - your site when authenticating and not already present. - If not, then only existing users will be able to authenticate. The default value is `true`. - -* `:register_action_name` (`t:atom/0`) - The name of the action to use to register a user. - Only needed if `registration_enabled?` is `true`. - Because we we don't know the response format of the server, you must - implement your own registration action of the same name. - See the "Registration and Sign-in" section of the module - documentation for more information. - The default is computed from the strategy name eg: - `register_with_#{name}`. - -* `:sign_in_action_name` (`t:atom/0`) - The name of the action to use to sign in an existing user. - Only needed if `registration_enabled?` is `false`. - Because we don't know the response format of the server, you must - implement your own sign-in action of the same name. - See the "Registration and Sign-in" section of the module - documentation for more information. - The default is computed from the strategy name, eg: - `sign_in_with_#{name}`. - -* `:identity_resource` - The resource used to store user identities. - Given that a user can be signed into multiple different - authentication providers at once we use the - `AshAuthentication.UserIdentity` resource to build a mapping - between users, providers and that provider's uid. - See the Identities section of the module documentation for more - information. - Set to `false` to disable. The default value is `false`. - -* `:identity_relationship_name` (`t:atom/0`) - Name of the relationship to the provider identities resource The default value is `:identities`. - -* `:identity_relationship_user_id_attribute` (`t:atom/0`) - The name of the destination (user_id) attribute on your provider - identity resource. - The only reason to change this would be if you changed the - `user_id_attribute_name` option of the provider identity. The default value is `:user_id`. - -* `:icon` (`t:atom/0`) - The name of an icon to use in any potential UI. - This is a *hint* for UI generators to use, and not in any way canonical. The default value is `:oauth2`. - -* `:openid_configuration_uri` (`t:String.t/0`) - The URI for the OpenID provider The default value is `"/.well-known/openid-configuration"`. - -* `:client_authentication_method` - The client authentication method to use. Valid values are :client_secret_basic, :client_secret_post, :client_secret_jwt, :private_key_jwt The default value is `:client_secret_basic`. - -* `:openid_configuration` (`t:map/0`) - The OpenID configuration. - If not set, the configuration will be retrieved from `openid_configuration_uri`. The default value is `%{}`. - -* `:id_token_signed_response_alg` - The `id_token_signed_response_alg` parameter sent by the Client during Registration. - Valid values are "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512", "Ed25519", "Ed25519ph", "Ed448", "Ed448ph", "EdDSA" The default value is `"RS256"`. - -* `:id_token_ttl_seconds` - The number of seconds from `iat` that an ID Token will be considered valid. The default value is `nil`. - -* `:nonce` - A function for generating the session nonce. - When set to `true` the nonce will be automatically generated using - `AshAuthentication.Strategy.Oidc.NonceGenerator`. Set to `false` - to explicitly disable. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - nonce fn _, _ -> - 16 - |> :crypto.strong_rand_bytes() - |> Base.encode64(padding: false) - end - ``` - - The default value is `true`. - -* `:trusted_audiences` - A list of audiences which are trusted. The default value is `nil`. - - - - - - - - -## authentication.strategies.oidc -```elixir -oidc name \ :oidc -``` - - -Provides an OpenID Connect authentication strategy. - -This strategy is built using the `:oauth2` strategy, and thus provides -all the same configuration options should you need them. - -###### Schema: - - - - - - -### Arguments - - - - - - - - - - - - - - - - - - - -
NameTypeDefaultDocs
- - - name - - - * - - - atom - - - - Uniquely identifies the strategy. - -
-### Options - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDefaultDocs
- - - client_id - - - * - - - (any, any -> any) | module | String.t - - - - The OAuth2 client ID. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -client_id fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_client_id) -end -``` - -
- - - authorize_url - - - * - - - (any, any -> any) | module | String.t - - - - The API url to the OAuth2 authorize endpoint. - -Relative to the value of `site`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end -``` - -
- - - token_url - - - * - - - (any, any -> any) | module | String.t - - - - The API url to access the token endpoint. - -Relative to the value of `site`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end -``` - -
- - - redirect_uri - - - * - - - (any, any -> any) | module | String.t - - - - The callback URI base. - -Not the whole URI back to the callback endpoint, but the URI to your -`AuthPlug`. We can generate the rest. - -Whilst not particularly secret, it seemed prudent to allow this to be -configured dynamically so that you can use different URIs for -different environments. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -
- - - base_url - - - - - (any, any -> any) | module | String.t - - - - The base URL of the OAuth2 server - including the leading protocol -(ie `https://`). - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -base_url fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) -end -``` - -
- - - site - - - - - (any, any -> any) | module | String.t - - - - Deprecated: Use `base_url` instead. -
- - - auth_method - - - - - nil | :client_secret_basic | :client_secret_post | :client_secret_jwt | :private_key_jwt - - :client_secret_post - - The authentication strategy used, optional. If not set, no -authentication will be used during the access token request. The -value may be one of the following: - -* `:client_secret_basic` -* `:client_secret_post` -* `:client_secret_jwt` -* `:private_key_jwt` - -
- - - client_secret - - - - - (any, any -> any) | module | String.t - - - - The OAuth2 client secret. - -Required if :auth_method is `:client_secret_basic`, -`:client_secret_post` or `:client_secret_jwt`. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -site fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) -end -``` - -
- - - private_key - - - - - (any, any -> any) | module | String.t - - - - The private key to use if `:auth_method` is `:private_key_jwt` - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -
- - - authorization_params - - - - - Keyword.t - - [] - - Any additional parameters to encode in the request phase. - -eg: `authorization_params scope: "openid profile email"` - -
- - - registration_enabled? - - - - - boolean - - true - - Is registration enabled for this provider? - -If this option is enabled, then new users will be able to register for -your site when authenticating and not already present. - -If not, then only existing users will be able to authenticate. - -
- - - register_action_name - - - - - atom - - - - The name of the action to use to register a user. - -Only needed if `registration_enabled?` is `true`. - -Because we we don't know the response format of the server, you must -implement your own registration action of the same name. - -See the "Registration and Sign-in" section of the module -documentation for more information. - -The default is computed from the strategy name eg: -`register_with_#{name}`. - -
- - - sign_in_action_name - - - - - atom - - - - The name of the action to use to sign in an existing user. - -Only needed if `registration_enabled?` is `false`. - -Because we don't know the response format of the server, you must -implement your own sign-in action of the same name. - -See the "Registration and Sign-in" section of the module -documentation for more information. - -The default is computed from the strategy name, eg: -`sign_in_with_#{name}`. - -
- - - identity_resource - - - - - module | false - - false - - The resource used to store user identities. - -Given that a user can be signed into multiple different -authentication providers at once we use the -`AshAuthentication.UserIdentity` resource to build a mapping -between users, providers and that provider's uid. - -See the Identities section of the module documentation for more -information. - -Set to `false` to disable. - -
- - - identity_relationship_name - - - - - atom - - :identities - - Name of the relationship to the provider identities resource -
- - - identity_relationship_user_id_attribute - - - - - atom - - :user_id - - The name of the destination (user_id) attribute on your provider -identity resource. - -The only reason to change this would be if you changed the -`user_id_attribute_name` option of the provider identity. - -
- - - icon - - - - - atom - - :oauth2 - - The name of an icon to use in any potential UI. - -This is a *hint* for UI generators to use, and not in any way canonical. - -
- - - openid_configuration_uri - - - - - String.t - - "/.well-known/openid-configuration" - - The URI for the OpenID provider -
- - - client_authentication_method - - - - - :client_secret_basic | :client_secret_post | :client_secret_jwt | :private_key_jwt - - :client_secret_basic - - The client authentication method to use. -
- - - openid_configuration - - - - - map - - %{} - - The OpenID configuration. - -If not set, the configuration will be retrieved from `openid_configuration_uri`. - -
- - - id_token_signed_response_alg - - - - - "HS256" | "HS384" | "HS512" | "RS256" | "RS384" | "RS512" | "ES256" | "ES384" | "ES512" | "PS256" | "PS384" | "PS512" | "Ed25519" | "Ed25519ph" | "Ed448" | "Ed448ph" | "EdDSA" - - "RS256" - - The `id_token_signed_response_alg` parameter sent by the Client during Registration. - -
- - - id_token_ttl_seconds - - - - - nil | pos_integer - - - - The number of seconds from `iat` that an ID Token will be considered valid. - -
- - - nonce - - - - - boolean | (any, any -> any) | module | String.t - - true - - A function for generating the session nonce. - -When set to `true` the nonce will be automatically generated using -`AshAuthentication.Strategy.Oidc.NonceGenerator`. Set to `false` -to explicitly disable. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -Example: - -```elixir -nonce fn _, _ -> - 16 - |> :crypto.strong_rand_bytes() - |> Base.encode64(padding: false) -end -``` - -
- - - trusted_audiences - - - - - nil | list(String.t) - - - - A list of audiences which are trusted. - -
- - - - - -### Introspection - -Target: `AshAuthentication.Strategy.OAuth2` - - diff --git a/documentation/dsls/DSL:-AshAuthentication.Strategy.Oidc.md b/documentation/dsls/DSL:-AshAuthentication.Strategy.Oidc.md new file mode 100644 index 00000000..8534c362 --- /dev/null +++ b/documentation/dsls/DSL:-AshAuthentication.Strategy.Oidc.md @@ -0,0 +1,315 @@ + +# DSL: AshAuthentication.Strategy.Oidc + +Strategy for authentication using an [OpenID +Connect](https://openid.net/connect/) compatible server as the source of +truth. + +This strategy builds on-top of `AshAuthentication.Strategy.OAuth2` and +[`assent`](https://hex.pm/packages/assent). + +In order to use OIDC you need to provide the following minimum configuration: + +- `client_id` - The client id, required +- `site` - The OIDC issuer, required +- `openid_configuration_uri` - The URI for OpenID Provider, optional, defaults + to `/.well-known/openid-configuration` +- `client_authentication_method` - The Client Authentication method to use, + optional, defaults to `client_secret_basic` +- `client_secret` - The client secret, required if + `:client_authentication_method` is `:client_secret_basic`, + `:client_secret_post`, or `:client_secret_jwt` +- `openid_configuration` - The OpenID configuration, optional, the + configuration will be fetched from `:openid_configuration_uri` if this is + not defined +- `id_token_signed_response_alg` - The `id_token_signed_response_alg` + parameter sent by the Client during Registration, defaults to `RS256` +- `id_token_ttl_seconds` - The number of seconds from `iat` that an ID Token + will be considered valid, optional, defaults to nil +- `nonce` - The nonce to use for authorization request, optional, MUST be + session based and unguessable. + + +## Nonce +`nonce` can be set in the provider config. The `nonce` will be returned in the +`session_params` along with `state`. You can use this to store the value in +the current session e.g. a httpOnly session cookie. + +A random value generator can look like this: + +```elixir +16 +|> :crypto.strong_rand_bytes() +|> Base.encode64(padding: false) +``` + +AshAuthentication will dynamically generate one for the session if `nonce` is +set to `true`. + +## DSL Documentation + +Provides an OpenID Connect authentication strategy. + +This strategy is built using the `:oauth2` strategy, and thus provides +all the same configuration options should you need them. + +#### Schema: + + + + + + +* `:name` (`t:atom/0`) - Required. Uniquely identifies the strategy. + +* `:client_id` - Required. The OAuth2 client ID. + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + + Example: + ```elixir + client_id fn _, resource -> + :my_app + |> Application.get_env(resource, []) + |> Keyword.fetch(:oauth_client_id) + end + ``` + +* `:base_url` - The base URL of the OAuth2 server - including the leading protocol + (ie `https://`). + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + + Example: + ```elixir + base_url fn _, resource -> + :my_app + |> Application.get_env(resource, []) + |> Keyword.fetch(:oauth_site) + end + ``` + +* `:site` - Deprecated: Use `base_url` instead. + +* `:auth_method` - The authentication strategy used, optional. If not set, no + authentication will be used during the access token request. The + value may be one of the following: + * `:client_secret_basic` + * `:client_secret_post` + * `:client_secret_jwt` + * `:private_key_jwt` + Valid values are nil, :client_secret_basic, :client_secret_post, :client_secret_jwt, :private_key_jwt The default value is `:client_secret_post`. + +* `:client_secret` - The OAuth2 client secret. + Required if :auth_method is `:client_secret_basic`, + `:client_secret_post` or `:client_secret_jwt`. + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + + Example: + ```elixir + site fn _, resource -> + :my_app + |> Application.get_env(resource, []) + |> Keyword.fetch(:oauth_site) + end + ``` + +* `:authorize_url` - Required. The API url to the OAuth2 authorize endpoint. + Relative to the value of `site`. + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + + Example: + ```elixir + authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end + ``` + +* `:token_url` - Required. The API url to access the token endpoint. + Relative to the value of `site`. + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + + Example: + ```elixir + token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end + ``` + +* `:private_key` - The private key to use if `:auth_method` is `:private_key_jwt` + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + +* `:redirect_uri` - Required. The callback URI base. + Not the whole URI back to the callback endpoint, but the URI to your + `AuthPlug`. We can generate the rest. + Whilst not particularly secret, it seemed prudent to allow this to be + configured dynamically so that you can use different URIs for + different environments. + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + +* `:authorization_params` (`t:keyword/0`) - Any additional parameters to encode in the request phase. + eg: `authorization_params scope: "openid profile email"` The default value is `[]`. + +* `:registration_enabled?` (`t:boolean/0`) - Is registration enabled for this provider? + If this option is enabled, then new users will be able to register for + your site when authenticating and not already present. + If not, then only existing users will be able to authenticate. The default value is `true`. + +* `:register_action_name` (`t:atom/0`) - The name of the action to use to register a user. + Only needed if `registration_enabled?` is `true`. + Because we we don't know the response format of the server, you must + implement your own registration action of the same name. + See the "Registration and Sign-in" section of the module + documentation for more information. + The default is computed from the strategy name eg: + `register_with_#{name}`. + +* `:sign_in_action_name` (`t:atom/0`) - The name of the action to use to sign in an existing user. + Only needed if `registration_enabled?` is `false`. + Because we don't know the response format of the server, you must + implement your own sign-in action of the same name. + See the "Registration and Sign-in" section of the module + documentation for more information. + The default is computed from the strategy name, eg: + `sign_in_with_#{name}`. + +* `:identity_resource` - The resource used to store user identities. + Given that a user can be signed into multiple different + authentication providers at once we use the + `AshAuthentication.UserIdentity` resource to build a mapping + between users, providers and that provider's uid. + See the Identities section of the module documentation for more + information. + Set to `false` to disable. The default value is `false`. + +* `:identity_relationship_name` (`t:atom/0`) - Name of the relationship to the provider identities resource The default value is `:identities`. + +* `:identity_relationship_user_id_attribute` (`t:atom/0`) - The name of the destination (user_id) attribute on your provider + identity resource. + The only reason to change this would be if you changed the + `user_id_attribute_name` option of the provider identity. The default value is `:user_id`. + +* `:icon` (`t:atom/0`) - The name of an icon to use in any potential UI. + This is a *hint* for UI generators to use, and not in any way canonical. The default value is `:oauth2`. + +* `:openid_configuration_uri` (`t:String.t/0`) - The URI for the OpenID provider The default value is `"/.well-known/openid-configuration"`. + +* `:client_authentication_method` - The client authentication method to use. Valid values are :client_secret_basic, :client_secret_post, :client_secret_jwt, :private_key_jwt The default value is `:client_secret_basic`. + +* `:openid_configuration` (`t:map/0`) - The OpenID configuration. + If not set, the configuration will be retrieved from `openid_configuration_uri`. The default value is `%{}`. + +* `:id_token_signed_response_alg` - The `id_token_signed_response_alg` parameter sent by the Client during Registration. + Valid values are "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512", "Ed25519", "Ed25519ph", "Ed448", "Ed448ph", "EdDSA" The default value is `"RS256"`. + +* `:id_token_ttl_seconds` - The number of seconds from `iat` that an ID Token will be considered valid. The default value is `nil`. + +* `:nonce` - A function for generating the session nonce. + When set to `true` the nonce will be automatically generated using + `AshAuthentication.Strategy.Oidc.NonceGenerator`. Set to `false` + to explicitly disable. + Takes either a module which implements the `AshAuthentication.Secret` + behaviour, a 2 arity anonymous function or a string. + See the module documentation for `AshAuthentication.Secret` for more + information. + + Example: + ```elixir + nonce fn _, _ -> + 16 + |> :crypto.strong_rand_bytes() + |> Base.encode64(padding: false) + end + ``` + + The default value is `true`. + +* `:trusted_audiences` - A list of audiences which are trusted. The default value is `nil`. + + + + + + + + +## authentication.strategies.oidc +```elixir +oidc name \\ :oidc +``` + + +Provides an OpenID Connect authentication strategy. + +This strategy is built using the `:oauth2` strategy, and thus provides +all the same configuration options should you need them. + +###### Schema: + + + + + + +### Arguments + +| Name | Type | Default | Docs | +|------|------|---------|------| +| [`name`](#authentication-strategies-oidc-name){: #authentication-strategies-oidc-name .spark-required} | `atom` | | Uniquely identifies the strategy. | +### Options + +| Name | Type | Default | Docs | +|------|------|---------|------| +| [`client_id`](#authentication-strategies-oidc-client_id){: #authentication-strategies-oidc-client_id .spark-required} | `(any, any -> any) \| module \| String.t` | | The OAuth2 client ID. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir client_id fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_client_id) end ``` | +| [`authorize_url`](#authentication-strategies-oidc-authorize_url){: #authentication-strategies-oidc-authorize_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to the OAuth2 authorize endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end ``` | +| [`token_url`](#authentication-strategies-oidc-token_url){: #authentication-strategies-oidc-token_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the token endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end ``` | +| [`redirect_uri`](#authentication-strategies-oidc-redirect_uri){: #authentication-strategies-oidc-redirect_uri .spark-required} | `(any, any -> any) \| module \| String.t` | | The callback URI base. Not the whole URI back to the callback endpoint, but the URI to your `AuthPlug`. We can generate the rest. Whilst not particularly secret, it seemed prudent to allow this to be configured dynamically so that you can use different URIs for different environments. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. | +| [`base_url`](#authentication-strategies-oidc-base_url){: #authentication-strategies-oidc-base_url } | `(any, any -> any) \| module \| String.t` | | The base URL of the OAuth2 server - including the leading protocol (ie `https://`). Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir base_url fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_site) end ``` | +| [`site`](#authentication-strategies-oidc-site){: #authentication-strategies-oidc-site } | `(any, any -> any) \| module \| String.t` | | Deprecated: Use `base_url` instead. | +| [`auth_method`](#authentication-strategies-oidc-auth_method){: #authentication-strategies-oidc-auth_method } | `nil \| :client_secret_basic \| :client_secret_post \| :client_secret_jwt \| :private_key_jwt` | `:client_secret_post` | The authentication strategy used, optional. If not set, no authentication will be used during the access token request. The value may be one of the following: * `:client_secret_basic` * `:client_secret_post` * `:client_secret_jwt` * `:private_key_jwt` | +| [`client_secret`](#authentication-strategies-oidc-client_secret){: #authentication-strategies-oidc-client_secret } | `(any, any -> any) \| module \| String.t` | | The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir site fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_site) end ``` | +| [`private_key`](#authentication-strategies-oidc-private_key){: #authentication-strategies-oidc-private_key } | `(any, any -> any) \| module \| String.t` | | The private key to use if `:auth_method` is `:private_key_jwt` Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. | +| [`authorization_params`](#authentication-strategies-oidc-authorization_params){: #authentication-strategies-oidc-authorization_params } | `Keyword.t` | `[]` | Any additional parameters to encode in the request phase. eg: `authorization_params scope: "openid profile email"` | +| [`registration_enabled?`](#authentication-strategies-oidc-registration_enabled?){: #authentication-strategies-oidc-registration_enabled? } | `boolean` | `true` | Is registration enabled for this provider? If this option is enabled, then new users will be able to register for your site when authenticating and not already present. If not, then only existing users will be able to authenticate. | +| [`register_action_name`](#authentication-strategies-oidc-register_action_name){: #authentication-strategies-oidc-register_action_name } | `atom` | | The name of the action to use to register a user. Only needed if `registration_enabled?` is `true`. Because we we don't know the response format of the server, you must implement your own registration action of the same name. See the "Registration and Sign-in" section of the module documentation for more information. The default is computed from the strategy name eg: `register_with_#{name}`. | +| [`sign_in_action_name`](#authentication-strategies-oidc-sign_in_action_name){: #authentication-strategies-oidc-sign_in_action_name } | `atom` | | The name of the action to use to sign in an existing user. Only needed if `registration_enabled?` is `false`. Because we don't know the response format of the server, you must implement your own sign-in action of the same name. See the "Registration and Sign-in" section of the module documentation for more information. The default is computed from the strategy name, eg: `sign_in_with_#{name}`. | +| [`identity_resource`](#authentication-strategies-oidc-identity_resource){: #authentication-strategies-oidc-identity_resource } | `module \| false` | `false` | The resource used to store user identities. Given that a user can be signed into multiple different authentication providers at once we use the `AshAuthentication.UserIdentity` resource to build a mapping between users, providers and that provider's uid. See the Identities section of the module documentation for more information. Set to `false` to disable. | +| [`identity_relationship_name`](#authentication-strategies-oidc-identity_relationship_name){: #authentication-strategies-oidc-identity_relationship_name } | `atom` | `:identities` | Name of the relationship to the provider identities resource | +| [`identity_relationship_user_id_attribute`](#authentication-strategies-oidc-identity_relationship_user_id_attribute){: #authentication-strategies-oidc-identity_relationship_user_id_attribute } | `atom` | `:user_id` | The name of the destination (user_id) attribute on your provider identity resource. The only reason to change this would be if you changed the `user_id_attribute_name` option of the provider identity. | +| [`icon`](#authentication-strategies-oidc-icon){: #authentication-strategies-oidc-icon } | `atom` | `:oauth2` | The name of an icon to use in any potential UI. This is a *hint* for UI generators to use, and not in any way canonical. | +| [`openid_configuration_uri`](#authentication-strategies-oidc-openid_configuration_uri){: #authentication-strategies-oidc-openid_configuration_uri } | `String.t` | `"/.well-known/openid-configuration"` | The URI for the OpenID provider | +| [`client_authentication_method`](#authentication-strategies-oidc-client_authentication_method){: #authentication-strategies-oidc-client_authentication_method } | `:client_secret_basic \| :client_secret_post \| :client_secret_jwt \| :private_key_jwt` | `:client_secret_basic` | The client authentication method to use. | +| [`openid_configuration`](#authentication-strategies-oidc-openid_configuration){: #authentication-strategies-oidc-openid_configuration } | `map` | `%{}` | The OpenID configuration. If not set, the configuration will be retrieved from `openid_configuration_uri`. | +| [`id_token_signed_response_alg`](#authentication-strategies-oidc-id_token_signed_response_alg){: #authentication-strategies-oidc-id_token_signed_response_alg } | `"HS256" \| "HS384" \| "HS512" \| "RS256" \| "RS384" \| "RS512" \| "ES256" \| "ES384" \| "ES512" \| "PS256" \| "PS384" \| "PS512" \| "Ed25519" \| "Ed25519ph" \| "Ed448" \| "Ed448ph" \| "EdDSA"` | `"RS256"` | The `id_token_signed_response_alg` parameter sent by the Client during Registration. | +| [`id_token_ttl_seconds`](#authentication-strategies-oidc-id_token_ttl_seconds){: #authentication-strategies-oidc-id_token_ttl_seconds } | `nil \| pos_integer` | | The number of seconds from `iat` that an ID Token will be considered valid. | +| [`nonce`](#authentication-strategies-oidc-nonce){: #authentication-strategies-oidc-nonce } | `boolean \| (any, any -> any) \| module \| String.t` | `true` | A function for generating the session nonce. When set to `true` the nonce will be automatically generated using `AshAuthentication.Strategy.Oidc.NonceGenerator`. Set to `false` to explicitly disable. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir nonce fn _, _ -> 16 \|> :crypto.strong_rand_bytes() \|> Base.encode64(padding: false) end ``` | +| [`trusted_audiences`](#authentication-strategies-oidc-trusted_audiences){: #authentication-strategies-oidc-trusted_audiences } | `nil \| list(String.t)` | | A list of audiences which are trusted. | + + + + + +### Introspection + +Target: `AshAuthentication.Strategy.OAuth2` + + + + diff --git a/documentation/dsls/DSL:-AshAuthentication.Strategy.Password.cheatmd b/documentation/dsls/DSL:-AshAuthentication.Strategy.Password.cheatmd deleted file mode 100644 index 031f1550..00000000 --- a/documentation/dsls/DSL:-AshAuthentication.Strategy.Password.cheatmd +++ /dev/null @@ -1,682 +0,0 @@ - -# DSL: AshAuthentication.Strategy.Password - -Strategy for authenticating using local resources as the source of truth. - -In order to use password authentication your resource needs to meet the -following minimum requirements: - -1. Have a primary key. -2. A uniquely constrained identity field (eg `username` or `email`). -3. A sensitive string field within which to store the hashed password. - -There are other options documented in the DSL. - -### Example: - -```elixir -defmodule MyApp.Accounts.User do - use Ash.Resource, - extensions: [AshAuthentication] - - attributes do - uuid_primary_key :id - attribute :email, :ci_string, allow_nil?: false - attribute :hashed_password, :string, allow_nil?: false, sensitive?: true - end - - authentication do - api MyApp.Accounts - - strategies do - password :password do - identity_field :email - hashed_password_field :hashed_password - end - end - end - - identities do - identity :unique_email, [:email] - end -end -``` - -## Actions - -By default the password strategy will automatically generate the register, -sign-in, reset-request and reset actions for you, however you're free to -define them yourself. If you do, then the action will be validated to ensure -that all the needed configuration is present. - -If you wish to work with the actions directly from your code you can do so via -the `AshAuthentication.Strategy` protocol. - -### Examples: - -Interacting with the actions directly: - - iex> strategy = Info.strategy!(Example.User, :password) - ...> {:ok, marty} = Strategy.action(strategy, :register, %{"username" => "marty", "password" => "outatime1985", "password_confirmation" => "outatime1985"}) - ...> marty.username |> to_string() - "marty" - - ...> {:ok, user} = Strategy.action(strategy, :sign_in, %{"username" => "marty", "password" => "outatime1985"}) - ...> user.username |> to_string() - "marty" - -## Plugs - -The password strategy provides plug endpoints for all four actions, although -only sign-in and register will be reported by `Strategy.routes/1` if the -strategy is not configured as resettable. - -If you wish to work with the plugs directly, you can do so via the -`AshAuthentication.Strategy` protocol. - -### Examples: - -Dispatching to plugs directly: - - iex> strategy = Info.strategy!(Example.User, :password) - ...> conn = conn(:post, "/user/password/register", %{"user" => %{"username" => "marty", "password" => "outatime1985", "password_confirmation" => "outatime1985"}}) - ...> conn = Strategy.plug(strategy, :register, conn) - ...> {_conn, {:ok, marty}} = Plug.Helpers.get_authentication_result(conn) - ...> marty.username |> to_string() - "marty" - - ...> conn = conn(:post, "/user/password/reset_request", %{"user" => %{"username" => "marty"}}) - ...> conn = Strategy.plug(strategy, :reset_request, conn) - ...> {_conn, :ok} = Plug.Helpers.get_authentication_result(conn) - -## Testing - -See the [Testing guide](/documentation/topics/testing.md) for tips on testing resources using this strategy. - -## DSL Documentation - -Strategy for authenticating using local resources as the source of truth. - - * resettable - -Examples: -``` -password :password do - identity_field :email - hashed_password_field :hashed_password - hash_provider AshAuthentication.BcryptProvider - confirmation_required? true -end - -``` - - -* `:identity_field` (`t:atom/0`) - The name of the attribute which uniquely identifies the user. - Usually something like `username` or `email_address`. The default value is `:username`. - -* `:hashed_password_field` (`t:atom/0`) - The name of the attribute within which to store the user's password - once it has been hashed. The default value is `:hashed_password`. - -* `:hash_provider` (`t:atom/0`) - A module which implements the `AshAuthentication.HashProvider` - behaviour. - Used to provide cryptographic hashing of passwords. The default value is `AshAuthentication.BcryptProvider`. - -* `:confirmation_required?` (`t:boolean/0`) - Whether a password confirmation field is required when registering or - changing passwords. The default value is `true`. - -* `:register_action_accept` (list of `t:atom/0`) - A list of additional fields to be accepted in the register action. The default value is `[]`. - -* `:password_field` (`t:atom/0`) - The name of the argument used to collect the user's password in - plaintext when registering, checking or changing passwords. The default value is `:password`. - -* `:password_confirmation_field` (`t:atom/0`) - The name of the argument used to confirm the user's password in - plaintext when registering or changing passwords. The default value is `:password_confirmation`. - -* `:register_action_name` (`t:atom/0`) - The name to use for the register action. - If not present it will be generated by prepending the strategy name - with `register_with_`. - -* `:registration_enabled?` (`t:boolean/0`) - If you do not want new users to be able to register using this - strategy, set this to false. The default value is `true`. - -* `:sign_in_action_name` (`t:atom/0`) - The name to use for the sign in action. - If not present it will be generated by prepending the strategy name - with `sign_in_with_`. - -* `:sign_in_enabled?` (`t:boolean/0`) - If you do not want new users to be able to sign in using this - strategy, set this to false. The default value is `true`. - -* `:sign_in_tokens_enabled?` (`t:boolean/0`) - Whether or not to support generating short lived sign in tokens. Requires the resource to have - tokens enabled. There is no drawback to supporting this, and in the future this default will - change from `false` to `true`. - Sign in tokens can be generated on request by setting the `:token_type` context to `:sign_in` - when calling the sign in action. You might do this when you need to generate a short lived token - to be exchanged for a real token using the `validate_sign_in_token` route. This is used, for example, - by `ash_authentication_phoenix` (since 1.7) to support signing in in a liveview, and then redirecting - with a valid token to a controller action, allowing the liveview to show invalid username/password errors. The default value is `false`. - -* `:sign_in_token_lifetime` - A lifetime for which a generated sign in token will be valid, if `sign_in_tokens_enabled?`. - If no unit is specified, defaults to `:seconds`. The default value is `{60, :seconds}`. - - - -### resettable - -Configure password reset options for the resource - - - - - -* `:token_lifetime` - How long should the reset token be valid. - If no unit is provided `:hours` is assumed. - Defaults to 3 days. The default value is `{3, :days}`. - -* `:request_password_reset_action_name` (`t:atom/0`) - The name to use for the action which generates a password reset token. - If not present it will be generated by prepending the strategy name - with `request_password_reset_with_`. - -* `:password_reset_action_name` (`t:atom/0`) - The name to use for the action which actually resets the user's - password. - If not present it will be generated by prepending the strategy name - with `password_reset_with_`. - -* `:sender` - Required. How to send the password reset instructions to the user. - Allows you to glue sending of reset instructions to [swoosh](https://hex.pm/packages/swoosh), [ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification system is appropriate for your application. - Accepts a module, module and opts, or a function that takes a record, reset token and options. - See `AshAuthentication.Sender` for more information. - - - - - - - - - -## authentication.strategies.password -```elixir -password name \ :password -``` - - -Strategy for authenticating using local resources as the source of truth. - -### Nested DSLs - * [resettable](#authentication-strategies-password-resettable) - - -### Examples -``` -password :password do - identity_field :email - hashed_password_field :hashed_password - hash_provider AshAuthentication.BcryptProvider - confirmation_required? true -end - -``` - - - - -### Options - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDefaultDocs
- - - identity_field - - - - - atom - - :username - - The name of the attribute which uniquely identifies the user. - -Usually something like `username` or `email_address`. - -
- - - hashed_password_field - - - - - atom - - :hashed_password - - The name of the attribute within which to store the user's password -once it has been hashed. - -
- - - hash_provider - - - - - module - - AshAuthentication.BcryptProvider - - A module which implements the `AshAuthentication.HashProvider` -behaviour. - -Used to provide cryptographic hashing of passwords. - -
- - - confirmation_required? - - - - - boolean - - true - - Whether a password confirmation field is required when registering or -changing passwords. - -
- - - register_action_accept - - - - - list(atom) - - [] - - A list of additional fields to be accepted in the register action. -
- - - password_field - - - - - atom - - :password - - The name of the argument used to collect the user's password in -plaintext when registering, checking or changing passwords. - -
- - - password_confirmation_field - - - - - atom - - :password_confirmation - - The name of the argument used to confirm the user's password in -plaintext when registering or changing passwords. - -
- - - register_action_name - - - - - atom - - - - The name to use for the register action. - -If not present it will be generated by prepending the strategy name -with `register_with_`. - -
- - - registration_enabled? - - - - - boolean - - true - - If you do not want new users to be able to register using this -strategy, set this to false. - -
- - - sign_in_action_name - - - - - atom - - - - The name to use for the sign in action. - -If not present it will be generated by prepending the strategy name -with `sign_in_with_`. - -
- - - sign_in_enabled? - - - - - boolean - - true - - If you do not want new users to be able to sign in using this -strategy, set this to false. - -
- - - sign_in_tokens_enabled? - - - - - boolean - - false - - Whether or not to support generating short lived sign in tokens. Requires the resource to have -tokens enabled. There is no drawback to supporting this, and in the future this default will -change from `false` to `true`. - -Sign in tokens can be generated on request by setting the `:token_type` context to `:sign_in` -when calling the sign in action. You might do this when you need to generate a short lived token -to be exchanged for a real token using the `validate_sign_in_token` route. This is used, for example, -by `ash_authentication_phoenix` (since 1.7) to support signing in in a liveview, and then redirecting -with a valid token to a controller action, allowing the liveview to show invalid username/password errors. - -
- - - sign_in_token_lifetime - - - - - pos_integer | {pos_integer, :days | :hours | :minutes | :seconds} - - {60, :seconds} - - A lifetime for which a generated sign in token will be valid, if `sign_in_tokens_enabled?`. - -If no unit is specified, defaults to `:seconds`. - -
- - -## authentication.strategies.password.resettable - - -Configure password reset options for the resource - - - - - - -### Options - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDefaultDocs
- - - sender - - - * - - - (any, any, any -> any) | module - - - - How to send the password reset instructions to the user. - -Allows you to glue sending of reset instructions to [swoosh](https://hex.pm/packages/swoosh), [ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification system is appropriate for your application. - -Accepts a module, module and opts, or a function that takes a record, reset token and options. - -See `AshAuthentication.Sender` for more information. - -
- - - token_lifetime - - - - - pos_integer | {pos_integer, :days | :hours | :minutes | :seconds} - - {3, :days} - - How long should the reset token be valid. - -If no unit is provided `:hours` is assumed. - -Defaults to 3 days. - -
- - - request_password_reset_action_name - - - - - atom - - - - The name to use for the action which generates a password reset token. - -If not present it will be generated by prepending the strategy name -with `request_password_reset_with_`. - -
- - - password_reset_action_name - - - - - atom - - - - The name to use for the action which actually resets the user's -password. - -If not present it will be generated by prepending the strategy name -with `password_reset_with_`. - -
- - - - - -### Introspection - -Target: `AshAuthentication.Strategy.Password.Resettable` - - - - -### Introspection - -Target: `AshAuthentication.Strategy.Password` - - diff --git a/documentation/dsls/DSL:-AshAuthentication.Strategy.Password.md b/documentation/dsls/DSL:-AshAuthentication.Strategy.Password.md new file mode 100644 index 00000000..88d36ce7 --- /dev/null +++ b/documentation/dsls/DSL:-AshAuthentication.Strategy.Password.md @@ -0,0 +1,280 @@ + +# DSL: AshAuthentication.Strategy.Password + +Strategy for authenticating using local resources as the source of truth. + +In order to use password authentication your resource needs to meet the +following minimum requirements: + +1. Have a primary key. +2. A uniquely constrained identity field (eg `username` or `email`). +3. A sensitive string field within which to store the hashed password. + +There are other options documented in the DSL. + +### Example: + +```elixir +defmodule MyApp.Accounts.User do + use Ash.Resource, + extensions: [AshAuthentication] + + attributes do + uuid_primary_key :id + attribute :email, :ci_string, allow_nil?: false + attribute :hashed_password, :string, allow_nil?: false, sensitive?: true + end + + authentication do + api MyApp.Accounts + + strategies do + password :password do + identity_field :email + hashed_password_field :hashed_password + end + end + end + + identities do + identity :unique_email, [:email] + end +end +``` + +## Actions + +By default the password strategy will automatically generate the register, +sign-in, reset-request and reset actions for you, however you're free to +define them yourself. If you do, then the action will be validated to ensure +that all the needed configuration is present. + +If you wish to work with the actions directly from your code you can do so via +the `AshAuthentication.Strategy` protocol. + +### Examples: + +Interacting with the actions directly: + + iex> strategy = Info.strategy!(Example.User, :password) + ...> {:ok, marty} = Strategy.action(strategy, :register, %{"username" => "marty", "password" => "outatime1985", "password_confirmation" => "outatime1985"}) + ...> marty.username |> to_string() + "marty" + + ...> {:ok, user} = Strategy.action(strategy, :sign_in, %{"username" => "marty", "password" => "outatime1985"}) + ...> user.username |> to_string() + "marty" + +## Plugs + +The password strategy provides plug endpoints for all four actions, although +only sign-in and register will be reported by `Strategy.routes/1` if the +strategy is not configured as resettable. + +If you wish to work with the plugs directly, you can do so via the +`AshAuthentication.Strategy` protocol. + +### Examples: + +Dispatching to plugs directly: + + iex> strategy = Info.strategy!(Example.User, :password) + ...> conn = conn(:post, "/user/password/register", %{"user" => %{"username" => "marty", "password" => "outatime1985", "password_confirmation" => "outatime1985"}}) + ...> conn = Strategy.plug(strategy, :register, conn) + ...> {_conn, {:ok, marty}} = Plug.Helpers.get_authentication_result(conn) + ...> marty.username |> to_string() + "marty" + + ...> conn = conn(:post, "/user/password/reset_request", %{"user" => %{"username" => "marty"}}) + ...> conn = Strategy.plug(strategy, :reset_request, conn) + ...> {_conn, :ok} = Plug.Helpers.get_authentication_result(conn) + +## Testing + +See the [Testing guide](/documentation/topics/testing.md) for tips on testing resources using this strategy. + +## DSL Documentation + +Strategy for authenticating using local resources as the source of truth. + + * resettable + +Examples: +``` +password :password do + identity_field :email + hashed_password_field :hashed_password + hash_provider AshAuthentication.BcryptProvider + confirmation_required? true +end + +``` + + +* `:identity_field` (`t:atom/0`) - The name of the attribute which uniquely identifies the user. + Usually something like `username` or `email_address`. The default value is `:username`. + +* `:hashed_password_field` (`t:atom/0`) - The name of the attribute within which to store the user's password + once it has been hashed. The default value is `:hashed_password`. + +* `:hash_provider` (`t:atom/0`) - A module which implements the `AshAuthentication.HashProvider` + behaviour. + Used to provide cryptographic hashing of passwords. The default value is `AshAuthentication.BcryptProvider`. + +* `:confirmation_required?` (`t:boolean/0`) - Whether a password confirmation field is required when registering or + changing passwords. The default value is `true`. + +* `:register_action_accept` (list of `t:atom/0`) - A list of additional fields to be accepted in the register action. The default value is `[]`. + +* `:password_field` (`t:atom/0`) - The name of the argument used to collect the user's password in + plaintext when registering, checking or changing passwords. The default value is `:password`. + +* `:password_confirmation_field` (`t:atom/0`) - The name of the argument used to confirm the user's password in + plaintext when registering or changing passwords. The default value is `:password_confirmation`. + +* `:register_action_name` (`t:atom/0`) - The name to use for the register action. + If not present it will be generated by prepending the strategy name + with `register_with_`. + +* `:registration_enabled?` (`t:boolean/0`) - If you do not want new users to be able to register using this + strategy, set this to false. The default value is `true`. + +* `:sign_in_action_name` (`t:atom/0`) - The name to use for the sign in action. + If not present it will be generated by prepending the strategy name + with `sign_in_with_`. + +* `:sign_in_enabled?` (`t:boolean/0`) - If you do not want new users to be able to sign in using this + strategy, set this to false. The default value is `true`. + +* `:sign_in_tokens_enabled?` (`t:boolean/0`) - Whether or not to support generating short lived sign in tokens. Requires the resource to have + tokens enabled. There is no drawback to supporting this, and in the future this default will + change from `false` to `true`. + Sign in tokens can be generated on request by setting the `:token_type` context to `:sign_in` + when calling the sign in action. You might do this when you need to generate a short lived token + to be exchanged for a real token using the `validate_sign_in_token` route. This is used, for example, + by `ash_authentication_phoenix` (since 1.7) to support signing in in a liveview, and then redirecting + with a valid token to a controller action, allowing the liveview to show invalid username/password errors. The default value is `false`. + +* `:sign_in_token_lifetime` - A lifetime for which a generated sign in token will be valid, if `sign_in_tokens_enabled?`. + If no unit is specified, defaults to `:seconds`. The default value is `{60, :seconds}`. + + + +### resettable + +Configure password reset options for the resource + + + + + +* `:token_lifetime` - How long should the reset token be valid. + If no unit is provided `:hours` is assumed. + Defaults to 3 days. The default value is `{3, :days}`. + +* `:request_password_reset_action_name` (`t:atom/0`) - The name to use for the action which generates a password reset token. + If not present it will be generated by prepending the strategy name + with `request_password_reset_with_`. + +* `:password_reset_action_name` (`t:atom/0`) - The name to use for the action which actually resets the user's + password. + If not present it will be generated by prepending the strategy name + with `password_reset_with_`. + +* `:sender` - Required. How to send the password reset instructions to the user. + Allows you to glue sending of reset instructions to [swoosh](https://hex.pm/packages/swoosh), [ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification system is appropriate for your application. + Accepts a module, module and opts, or a function that takes a record, reset token and options. + See `AshAuthentication.Sender` for more information. + + + + + + + + + +## authentication.strategies.password +```elixir +password name \\ :password +``` + + +Strategy for authenticating using local resources as the source of truth. + +### Nested DSLs + * [resettable](#authentication-strategies-password-resettable) + + +### Examples +``` +password :password do + identity_field :email + hashed_password_field :hashed_password + hash_provider AshAuthentication.BcryptProvider + confirmation_required? true +end + +``` + + + + +### Options + +| Name | Type | Default | Docs | +|------|------|---------|------| +| [`identity_field`](#authentication-strategies-password-identity_field){: #authentication-strategies-password-identity_field } | `atom` | `:username` | The name of the attribute which uniquely identifies the user. Usually something like `username` or `email_address`. | +| [`hashed_password_field`](#authentication-strategies-password-hashed_password_field){: #authentication-strategies-password-hashed_password_field } | `atom` | `:hashed_password` | The name of the attribute within which to store the user's password once it has been hashed. | +| [`hash_provider`](#authentication-strategies-password-hash_provider){: #authentication-strategies-password-hash_provider } | `module` | `AshAuthentication.BcryptProvider` | A module which implements the `AshAuthentication.HashProvider` behaviour. Used to provide cryptographic hashing of passwords. | +| [`confirmation_required?`](#authentication-strategies-password-confirmation_required?){: #authentication-strategies-password-confirmation_required? } | `boolean` | `true` | Whether a password confirmation field is required when registering or changing passwords. | +| [`register_action_accept`](#authentication-strategies-password-register_action_accept){: #authentication-strategies-password-register_action_accept } | `list(atom)` | `[]` | A list of additional fields to be accepted in the register action. | +| [`password_field`](#authentication-strategies-password-password_field){: #authentication-strategies-password-password_field } | `atom` | `:password` | The name of the argument used to collect the user's password in plaintext when registering, checking or changing passwords. | +| [`password_confirmation_field`](#authentication-strategies-password-password_confirmation_field){: #authentication-strategies-password-password_confirmation_field } | `atom` | `:password_confirmation` | The name of the argument used to confirm the user's password in plaintext when registering or changing passwords. | +| [`register_action_name`](#authentication-strategies-password-register_action_name){: #authentication-strategies-password-register_action_name } | `atom` | | The name to use for the register action. If not present it will be generated by prepending the strategy name with `register_with_`. | +| [`registration_enabled?`](#authentication-strategies-password-registration_enabled?){: #authentication-strategies-password-registration_enabled? } | `boolean` | `true` | If you do not want new users to be able to register using this strategy, set this to false. | +| [`sign_in_action_name`](#authentication-strategies-password-sign_in_action_name){: #authentication-strategies-password-sign_in_action_name } | `atom` | | The name to use for the sign in action. If not present it will be generated by prepending the strategy name with `sign_in_with_`. | +| [`sign_in_enabled?`](#authentication-strategies-password-sign_in_enabled?){: #authentication-strategies-password-sign_in_enabled? } | `boolean` | `true` | If you do not want new users to be able to sign in using this strategy, set this to false. | +| [`sign_in_tokens_enabled?`](#authentication-strategies-password-sign_in_tokens_enabled?){: #authentication-strategies-password-sign_in_tokens_enabled? } | `boolean` | `false` | Whether or not to support generating short lived sign in tokens. Requires the resource to have tokens enabled. There is no drawback to supporting this, and in the future this default will change from `false` to `true`. Sign in tokens can be generated on request by setting the `:token_type` context to `:sign_in` when calling the sign in action. You might do this when you need to generate a short lived token to be exchanged for a real token using the `validate_sign_in_token` route. This is used, for example, by `ash_authentication_phoenix` (since 1.7) to support signing in in a liveview, and then redirecting with a valid token to a controller action, allowing the liveview to show invalid username/password errors. | +| [`sign_in_token_lifetime`](#authentication-strategies-password-sign_in_token_lifetime){: #authentication-strategies-password-sign_in_token_lifetime } | `pos_integer \| {pos_integer, :days \| :hours \| :minutes \| :seconds}` | `{60, :seconds}` | A lifetime for which a generated sign in token will be valid, if `sign_in_tokens_enabled?`. If no unit is specified, defaults to `:seconds`. | + + +## authentication.strategies.password.resettable + + +Configure password reset options for the resource + + + + + + +### Options + +| Name | Type | Default | Docs | +|------|------|---------|------| +| [`sender`](#authentication-strategies-password-resettable-sender){: #authentication-strategies-password-resettable-sender .spark-required} | `(any, any, any -> any) \| module` | | How to send the password reset instructions to the user. Allows you to glue sending of reset instructions to [swoosh](https://hex.pm/packages/swoosh), [ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification system is appropriate for your application. Accepts a module, module and opts, or a function that takes a record, reset token and options. See `AshAuthentication.Sender` for more information. | +| [`token_lifetime`](#authentication-strategies-password-resettable-token_lifetime){: #authentication-strategies-password-resettable-token_lifetime } | `pos_integer \| {pos_integer, :days \| :hours \| :minutes \| :seconds}` | `{3, :days}` | How long should the reset token be valid. If no unit is provided `:hours` is assumed. Defaults to 3 days. | +| [`request_password_reset_action_name`](#authentication-strategies-password-resettable-request_password_reset_action_name){: #authentication-strategies-password-resettable-request_password_reset_action_name } | `atom` | | The name to use for the action which generates a password reset token. If not present it will be generated by prepending the strategy name with `request_password_reset_with_`. | +| [`password_reset_action_name`](#authentication-strategies-password-resettable-password_reset_action_name){: #authentication-strategies-password-resettable-password_reset_action_name } | `atom` | | The name to use for the action which actually resets the user's password. If not present it will be generated by prepending the strategy name with `password_reset_with_`. | + + + + + +### Introspection + +Target: `AshAuthentication.Strategy.Password.Resettable` + + + + +### Introspection + +Target: `AshAuthentication.Strategy.Password` + + + + diff --git a/documentation/dsls/DSL:-AshAuthentication.TokenResource.cheatmd b/documentation/dsls/DSL:-AshAuthentication.TokenResource.cheatmd deleted file mode 100644 index 2840ab1f..00000000 --- a/documentation/dsls/DSL:-AshAuthentication.TokenResource.cheatmd +++ /dev/null @@ -1,359 +0,0 @@ - -# DSL: AshAuthentication.TokenResource - -This is an Ash resource extension which generates the default token resource. - -The token resource is used to store information about tokens that should not -be shared with the end user. It does not actually contain any tokens. - -For example: - - * When an authentication token has been revoked - * When a confirmation token has changes to apply - -## Storage - -The information stored in this resource is essentially ephemeral - all tokens -have an expiry date, so it doesn't make sense to keep them after that time has -passed. However, if you have any tokens with very long expiry times then we -suggest you store this resource in a resilient data-layer such as Postgres. - -## Usage - -There is no need to define any attributes or actions (although you can if you -want). The extension will wire up everything that's needed for the token -system to function. - -``` -defmodule MyApp.Accounts.Token do - use Ash.Resource, - data_layer: AshPostgres.DataLayer, - extensions: [AshAuthentication.TokenResource] - - token do - api MyApp.Accounts - end - - postgres do - table "tokens" - repo MyApp.Repo - end -end -``` - -Whilst it is possible to have multiple token resources, there is no need to do -so. - -## Removing expired records - -Once a token has expired there's no point in keeping the information it refers -to, so expired tokens can be automatically removed by adding the -`AshAuthentication.Supervisor` to your application supervision tree. This -will start the `AshAuthentication.TokenResource.Expunger` `GenServer` which -periodically scans and removes any expired records. - - -## token -Configuration options for this token resource - -### Nested DSLs - * [revocation](#token-revocation) - * [confirmation](#token-confirmation) - - - - - -### Options - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDefaultDocs
- - - api - - - * - - - module - - - - The Ash API to use to access this resource. - -
- - - expunge_expired_action_name - - - - - atom - - :expunge_expired - - The name of the action used to remove expired tokens. - -
- - - read_expired_action_name - - - - - atom - - :read_expired - - The name of the action use to find all expired tokens. - -Used internally by the `expunge_expired` action. - -
- - - expunge_interval - - - - - pos_integer - - 12 - - How often to remove expired records. - -How often to scan this resource for records which have expired, and thus can be removed. - -
- - - store_token_action_name - - - - - atom - - :store_token - - The name of the action to use to store a token. - -Used if `store_all_tokens?` is enabled in your authentication resource. - -
- - - get_token_action_name - - - - - atom - - :get_token - - The name of the action used to retrieve tokens from the store. - -Used if `require_token_presence_for_authentication?` is enabled in your authentication resource. - -
- - -## token.revocation -Configuration options for token revocation - - - - - - -### Options - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDefaultDocs
- - - revoke_token_action_name - - - - - atom - - :revoke_token - - The name of the action used to revoke tokens. - -
- - - is_revoked_action_name - - - - - atom - - :revoked? - - The name of the action used to check if a token is revoked. - -
- - - - -## token.confirmation -Configuration options for confirmation tokens - - - - - - -### Options - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDefaultDocs
- - - store_changes_action_name - - - - - atom - - :store_confirmation_changes - - The name of the action used to store confirmation changes. - -
- - - get_changes_action_name - - - - - atom - - :get_confirmation_changes - - The name of the action used to get confirmation changes. - -
- - - - - - - - diff --git a/documentation/dsls/DSL:-AshAuthentication.TokenResource.md b/documentation/dsls/DSL:-AshAuthentication.TokenResource.md new file mode 100644 index 00000000..70ef0002 --- /dev/null +++ b/documentation/dsls/DSL:-AshAuthentication.TokenResource.md @@ -0,0 +1,122 @@ + +# DSL: AshAuthentication.TokenResource + +This is an Ash resource extension which generates the default token resource. + +The token resource is used to store information about tokens that should not +be shared with the end user. It does not actually contain any tokens. + +For example: + + * When an authentication token has been revoked + * When a confirmation token has changes to apply + +## Storage + +The information stored in this resource is essentially ephemeral - all tokens +have an expiry date, so it doesn't make sense to keep them after that time has +passed. However, if you have any tokens with very long expiry times then we +suggest you store this resource in a resilient data-layer such as Postgres. + +## Usage + +There is no need to define any attributes or actions (although you can if you +want). The extension will wire up everything that's needed for the token +system to function. + +``` +defmodule MyApp.Accounts.Token do + use Ash.Resource, + data_layer: AshPostgres.DataLayer, + extensions: [AshAuthentication.TokenResource] + + token do + api MyApp.Accounts + end + + postgres do + table "tokens" + repo MyApp.Repo + end +end +``` + +Whilst it is possible to have multiple token resources, there is no need to do +so. + +## Removing expired records + +Once a token has expired there's no point in keeping the information it refers +to, so expired tokens can be automatically removed by adding the +`AshAuthentication.Supervisor` to your application supervision tree. This +will start the `AshAuthentication.TokenResource.Expunger` `GenServer` which +periodically scans and removes any expired records. + + +## token +Configuration options for this token resource + +### Nested DSLs + * [revocation](#token-revocation) + * [confirmation](#token-confirmation) + + + + + +### Options + +| Name | Type | Default | Docs | +|------|------|---------|------| +| [`api`](#token-api){: #token-api .spark-required} | `module` | | The Ash API to use to access this resource. | +| [`expunge_expired_action_name`](#token-expunge_expired_action_name){: #token-expunge_expired_action_name } | `atom` | `:expunge_expired` | The name of the action used to remove expired tokens. | +| [`read_expired_action_name`](#token-read_expired_action_name){: #token-read_expired_action_name } | `atom` | `:read_expired` | The name of the action use to find all expired tokens. Used internally by the `expunge_expired` action. | +| [`expunge_interval`](#token-expunge_interval){: #token-expunge_interval } | `pos_integer` | `12` | How often to remove expired records. How often to scan this resource for records which have expired, and thus can be removed. | +| [`store_token_action_name`](#token-store_token_action_name){: #token-store_token_action_name } | `atom` | `:store_token` | The name of the action to use to store a token. Used if `store_all_tokens?` is enabled in your authentication resource. | +| [`get_token_action_name`](#token-get_token_action_name){: #token-get_token_action_name } | `atom` | `:get_token` | The name of the action used to retrieve tokens from the store. Used if `require_token_presence_for_authentication?` is enabled in your authentication resource. | + + +## token.revocation +Configuration options for token revocation + + + + + + +### Options + +| Name | Type | Default | Docs | +|------|------|---------|------| +| [`revoke_token_action_name`](#token-revocation-revoke_token_action_name){: #token-revocation-revoke_token_action_name } | `atom` | `:revoke_token` | The name of the action used to revoke tokens. | +| [`is_revoked_action_name`](#token-revocation-is_revoked_action_name){: #token-revocation-is_revoked_action_name } | `atom` | `:revoked?` | The name of the action used to check if a token is revoked. | + + + + +## token.confirmation +Configuration options for confirmation tokens + + + + + + +### Options + +| Name | Type | Default | Docs | +|------|------|---------|------| +| [`store_changes_action_name`](#token-confirmation-store_changes_action_name){: #token-confirmation-store_changes_action_name } | `atom` | `:store_confirmation_changes` | The name of the action used to store confirmation changes. | +| [`get_changes_action_name`](#token-confirmation-get_changes_action_name){: #token-confirmation-get_changes_action_name } | `atom` | `:get_confirmation_changes` | The name of the action used to get confirmation changes. | + + + + + + + + + + diff --git a/documentation/dsls/DSL:-AshAuthentication.UserIdentity.cheatmd b/documentation/dsls/DSL:-AshAuthentication.UserIdentity.cheatmd deleted file mode 100644 index f1fa6f24..00000000 --- a/documentation/dsls/DSL:-AshAuthentication.UserIdentity.cheatmd +++ /dev/null @@ -1,319 +0,0 @@ - -# DSL: AshAuthentication.UserIdentity - -An Ash extension which generates the default user identities resource. - -The user identities resource is used to store information returned by remote -authentication strategies (such as those provided by OAuth2) and maps them to -your user resource(s). This provides the following benefits: - - 1. A user can be signed in to multiple authentication strategies at once. - 2. For those provides which support it AshAuthentication can handle - automatic refreshing of tokens. - -## Storage - -User identities are expected to be relatively long-lived (although they're -deleted on log out), so should probably be stored using a permanent data layer -sush as `ash_postgres`. - -## Usage - -There is no need to define any attributes, etc. The extension will generate -them all for you. As there is no other use-case for this resource it's -unlikely that you will need to customise it. - -```elixir -defmodule MyApp.Accounts.UserIdentity do - use Ash.Resource, - data_layer: AshPostgres.DataLayer, - extensions: [AshAuthentication.UserIdentity] - - user_identity do - api MyApp.Accounts - user_resource MyApp.Accounts.User - end - - postgres do - table "user_identities" - repo MyApp.Repo - end -end -``` - -If you intend to operate with multiple user resources, you will need to define -multiple user identity resources. - - -## user_identity -Configure identity options for this resource - - - - - - -### Options - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDefaultDocs
- - - api - - - * - - - module - - - - The Ash API to use to access this resource. -
- - - user_resource - - - * - - - module - - - - The user resource to which these identities belong. -
- - - uid_attribute_name - - - - - atom - - :uid - - The name of the `uid` attribute on this resource. -
- - - strategy_attribute_name - - - - - atom - - :strategy - - The name of the `strategy` attribute on this resource. -
- - - user_id_attribute_name - - - - - atom - - :user_id - - The name of the `user_id` attribute on this resource. -
- - - access_token_attribute_name - - - - - atom - - :access_token - - The name of the `access_token` attribute on this resource. -
- - - access_token_expires_at_attribute_name - - - - - atom - - :access_token_expires_at - - The name of the `access_token_expires_at` attribute on this resource. -
- - - refresh_token_attribute_name - - - - - atom - - :refresh_token - - The name of the `refresh_token` attribute on this resource. -
- - - upsert_action_name - - - - - atom - - :upsert - - The name of the action used to create and update records. -
- - - destroy_action_name - - - - - atom - - :destroy - - The name of the action used to destroy records. -
- - - read_action_name - - - - - atom - - :read - - The name of the action used to query identities. -
- - - user_relationship_name - - - - - atom - - :user - - The name of the belongs-to relationship between identities and users. -
- - - - - - diff --git a/documentation/dsls/DSL:-AshAuthentication.UserIdentity.md b/documentation/dsls/DSL:-AshAuthentication.UserIdentity.md new file mode 100644 index 00000000..a48e6d23 --- /dev/null +++ b/documentation/dsls/DSL:-AshAuthentication.UserIdentity.md @@ -0,0 +1,81 @@ + +# DSL: AshAuthentication.UserIdentity + +An Ash extension which generates the default user identities resource. + +The user identities resource is used to store information returned by remote +authentication strategies (such as those provided by OAuth2) and maps them to +your user resource(s). This provides the following benefits: + + 1. A user can be signed in to multiple authentication strategies at once. + 2. For those provides which support it AshAuthentication can handle + automatic refreshing of tokens. + +## Storage + +User identities are expected to be relatively long-lived (although they're +deleted on log out), so should probably be stored using a permanent data layer +sush as `ash_postgres`. + +## Usage + +There is no need to define any attributes, etc. The extension will generate +them all for you. As there is no other use-case for this resource it's +unlikely that you will need to customise it. + +```elixir +defmodule MyApp.Accounts.UserIdentity do + use Ash.Resource, + data_layer: AshPostgres.DataLayer, + extensions: [AshAuthentication.UserIdentity] + + user_identity do + api MyApp.Accounts + user_resource MyApp.Accounts.User + end + + postgres do + table "user_identities" + repo MyApp.Repo + end +end +``` + +If you intend to operate with multiple user resources, you will need to define +multiple user identity resources. + + +## user_identity +Configure identity options for this resource + + + + + + +### Options + +| Name | Type | Default | Docs | +|------|------|---------|------| +| [`api`](#user_identity-api){: #user_identity-api .spark-required} | `module` | | The Ash API to use to access this resource. | +| [`user_resource`](#user_identity-user_resource){: #user_identity-user_resource .spark-required} | `module` | | The user resource to which these identities belong. | +| [`uid_attribute_name`](#user_identity-uid_attribute_name){: #user_identity-uid_attribute_name } | `atom` | `:uid` | The name of the `uid` attribute on this resource. | +| [`strategy_attribute_name`](#user_identity-strategy_attribute_name){: #user_identity-strategy_attribute_name } | `atom` | `:strategy` | The name of the `strategy` attribute on this resource. | +| [`user_id_attribute_name`](#user_identity-user_id_attribute_name){: #user_identity-user_id_attribute_name } | `atom` | `:user_id` | The name of the `user_id` attribute on this resource. | +| [`access_token_attribute_name`](#user_identity-access_token_attribute_name){: #user_identity-access_token_attribute_name } | `atom` | `:access_token` | The name of the `access_token` attribute on this resource. | +| [`access_token_expires_at_attribute_name`](#user_identity-access_token_expires_at_attribute_name){: #user_identity-access_token_expires_at_attribute_name } | `atom` | `:access_token_expires_at` | The name of the `access_token_expires_at` attribute on this resource. | +| [`refresh_token_attribute_name`](#user_identity-refresh_token_attribute_name){: #user_identity-refresh_token_attribute_name } | `atom` | `:refresh_token` | The name of the `refresh_token` attribute on this resource. | +| [`upsert_action_name`](#user_identity-upsert_action_name){: #user_identity-upsert_action_name } | `atom` | `:upsert` | The name of the action used to create and update records. | +| [`destroy_action_name`](#user_identity-destroy_action_name){: #user_identity-destroy_action_name } | `atom` | `:destroy` | The name of the action used to destroy records. | +| [`read_action_name`](#user_identity-read_action_name){: #user_identity-read_action_name } | `atom` | `:read` | The name of the action used to query identities. | +| [`user_relationship_name`](#user_identity-user_relationship_name){: #user_identity-user_relationship_name } | `atom` | `:user` | The name of the belongs-to relationship between identities and users. | + + + + + + + + diff --git a/documentation/dsls/DSL:-AshAuthentication.cheatmd b/documentation/dsls/DSL:-AshAuthentication.cheatmd deleted file mode 100644 index 723b3b5c..00000000 --- a/documentation/dsls/DSL:-AshAuthentication.cheatmd +++ /dev/null @@ -1,446 +0,0 @@ - -# DSL: AshAuthentication - -AshAuthentication provides a turn-key authentication solution for folks using -[Ash](https://www.ash-hq.org/). - -## Usage - -This package assumes that you have [Ash](https://ash-hq.org/) installed and -configured. See the Ash documentation for details. - -Once installed you can easily add support for authentication by configuring -the `AshAuthentication` extension on your resource: - -```elixir -defmodule MyApp.Accounts.User do - use Ash.Resource, - extensions: [AshAuthentication] - - attributes do - uuid_primary_key :id - attribute :email, :ci_string, allow_nil?: false - attribute :hashed_password, :string, allow_nil?: false, sensitive?: true - end - - authentication do - api MyApp.Accounts - - strategies do - password :password do - identity_field :email - hashed_password_field :hashed_password - end - end - end - - identities do - identity :unique_email, [:email] - end -end -``` - -If you plan on providing authentication via the web, then you will need to -define a plug using `AshAuthentication.Plug` which builds a `Plug.Router` that -routes incoming authentication requests to the correct provider and provides -callbacks for you to manipulate the conn after success or failure. - -If you're using AshAuthentication with Phoenix, then check out -[`ash_authentication_phoenix`](https://github.com/team-alembic/ash_authentication_phoenix) -which provides route helpers, a controller abstraction and LiveView components -for easy set up. - -## Authentication Strategies - -Currently supported strategies: - -1. `AshAuthentication.Strategy.Password` - - authenticate users against your local database using a unique identity - (such as username or email address) and a password. -2. `AshAuthentication.Strategy.OAuth2` - - authenticate using local or remote [OAuth 2.0](https://oauth.net/2/) - compatible services. - -## Add-ons - -Add-ons are like strategies, except that they don't actually provide -authentication - they just provide features adjacent to authentication. -Current add-ons: - -1. `AshAuthentication.AddOn.Confirmation` - - allows you to force the user to confirm changes using a confirmation - token (eg. sending a confirmation email when a new user registers). - -## Supervisor - -Some add-ons or strategies may require processes to be started which manage -their state over the lifetime of the application (eg periodically deleting -expired token revocations). Because of this you should add -`{AshAuthentication.Supervisor, otp_app: :my_app}` to your application's -supervision tree. See [the Elixir -docs](https://hexdocs.pm/elixir/Application.html#module-the-application-callback-module) -for more information. - - -## authentication -Configure authentication for this resource - -### Nested DSLs - * [tokens](#authentication-tokens) - * [strategies](#authentication-strategies) - * [add_ons](#authentication-add_ons) - - - - - -### Options - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDefaultDocs
- - - api - - - * - - - module - - - - The name of the Ash API to use to access this resource when -doing anything authenticaiton related. - -
- - - subject_name - - - - - atom - - - - The subject name is used anywhere that a short version of your -resource name is needed, eg: - - - generating token claims, - - generating routes, - - form parameter nesting. - -This needs to be unique system-wide and if not set will be inferred -from the resource name (ie `MyApp.Accounts.User` will have a subject -name of `user`). - -
- - - get_by_subject_action_name - - - - - atom - - :get_by_subject - - The name of the read action used to retrieve records. - -Used internally by `AshAuthentication.subject_to_user/2`. If the -action doesn't exist, one will be generated for you. - -
- - - select_for_senders - - - - - list(atom) - - - - A list of fields that we will ensure are selected whenever a sender will be invoked. -This is useful if using something like `ash_graphql` which by default only selects -what fields appear in the query, and if you are exposing these actions that way. -Defaults to `[:email]` if there is an `:email` attribute on the resource, and `[]` -otherwise. - -
- - -## authentication.tokens -Configure JWT settings for this resource - - - - - - -### Options - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NameTypeDefaultDocs
- - - token_resource - - - * - - - module | false - - - - The resource used to store token information. - -If token generation is enabled for this resource, we need a place to -store information about tokens, such as revocations and in-flight -confirmations. - -
- - - enabled? - - - - - boolean - - false - - Should JWTs be generated by this resource? - -
- - - store_all_tokens? - - - - - boolean - - false - - Store all tokens in the `token_resource`? - -Some applications need to keep track of all tokens issued to -any user. This is optional behaviour with `ash_authentication` -in order to preserve as much performance as possible. - -
- - - require_token_presence_for_authentication? - - - - - boolean - - false - - Require a locally-stored token for authentication? - -This inverts the token validation behaviour from requiring that -tokens are not revoked to requiring any token presented by a -client to be present in the token resource to be considered -valid. - -Requires `store_all_tokens?` to be `true`. - -
- - - signing_algorithm - - - - - String.t - - "HS256" - - The algorithm to use for token signing. - -Available signing algorithms are; -EdDSA, Ed448ph, Ed448, Ed25519ph, Ed25519, PS512, PS384, PS256, ES512, ES384, ES256, RS512, RS384, RS256, HS512, HS384 and HS256. - -
- - - token_lifetime - - - - - pos_integer | {pos_integer, :days | :hours | :minutes | :seconds} - - {14, :days} - - How long a token should be valid. - -Since refresh tokens are not yet supported, you should -probably set this to a reasonably long time to ensure -a good user experience. - -You can either provide a tuple with a time unit, or a positive -integer, in which case the unit is assumed to be hours. - -Defaults to 14 days. - -
- - - signing_secret - - - - - (any, any -> any) | module | String.t - - - - The secret used to sign tokens. - -Takes either a module which implements the `AshAuthentication.Secret` -behaviour, a 2 arity anonymous function or a string. - -See the module documentation for `AshAuthentication.Secret` for more -information. - - -
- - - - -## authentication.strategies -Configure authentication strategies on this resource - - - - - - - -## authentication.add_ons -Additional add-ons related to, but not providing authentication - - - - - - - - - - - diff --git a/documentation/dsls/DSL:-AshAuthentication.md b/documentation/dsls/DSL:-AshAuthentication.md new file mode 100644 index 00000000..50048c97 --- /dev/null +++ b/documentation/dsls/DSL:-AshAuthentication.md @@ -0,0 +1,155 @@ + +# DSL: AshAuthentication + +AshAuthentication provides a turn-key authentication solution for folks using +[Ash](https://www.ash-hq.org/). + +## Usage + +This package assumes that you have [Ash](https://ash-hq.org/) installed and +configured. See the Ash documentation for details. + +Once installed you can easily add support for authentication by configuring +the `AshAuthentication` extension on your resource: + +```elixir +defmodule MyApp.Accounts.User do + use Ash.Resource, + extensions: [AshAuthentication] + + attributes do + uuid_primary_key :id + attribute :email, :ci_string, allow_nil?: false + attribute :hashed_password, :string, allow_nil?: false, sensitive?: true + end + + authentication do + api MyApp.Accounts + + strategies do + password :password do + identity_field :email + hashed_password_field :hashed_password + end + end + end + + identities do + identity :unique_email, [:email] + end +end +``` + +If you plan on providing authentication via the web, then you will need to +define a plug using `AshAuthentication.Plug` which builds a `Plug.Router` that +routes incoming authentication requests to the correct provider and provides +callbacks for you to manipulate the conn after success or failure. + +If you're using AshAuthentication with Phoenix, then check out +[`ash_authentication_phoenix`](https://github.com/team-alembic/ash_authentication_phoenix) +which provides route helpers, a controller abstraction and LiveView components +for easy set up. + +## Authentication Strategies + +Currently supported strategies: + +1. `AshAuthentication.Strategy.Password` + - authenticate users against your local database using a unique identity + (such as username or email address) and a password. +2. `AshAuthentication.Strategy.OAuth2` + - authenticate using local or remote [OAuth 2.0](https://oauth.net/2/) + compatible services. + +## Add-ons + +Add-ons are like strategies, except that they don't actually provide +authentication - they just provide features adjacent to authentication. +Current add-ons: + +1. `AshAuthentication.AddOn.Confirmation` + - allows you to force the user to confirm changes using a confirmation + token (eg. sending a confirmation email when a new user registers). + +## Supervisor + +Some add-ons or strategies may require processes to be started which manage +their state over the lifetime of the application (eg periodically deleting +expired token revocations). Because of this you should add +`{AshAuthentication.Supervisor, otp_app: :my_app}` to your application's +supervision tree. See [the Elixir +docs](https://hexdocs.pm/elixir/Application.html#module-the-application-callback-module) +for more information. + + +## authentication +Configure authentication for this resource + +### Nested DSLs + * [tokens](#authentication-tokens) + * [strategies](#authentication-strategies) + * [add_ons](#authentication-add_ons) + + + + + +### Options + +| Name | Type | Default | Docs | +|------|------|---------|------| +| [`api`](#authentication-api){: #authentication-api .spark-required} | `module` | | The name of the Ash API to use to access this resource when doing anything authenticaiton related. | +| [`subject_name`](#authentication-subject_name){: #authentication-subject_name } | `atom` | | The subject name is used anywhere that a short version of your resource name is needed, eg: - generating token claims, - generating routes, - form parameter nesting. This needs to be unique system-wide and if not set will be inferred from the resource name (ie `MyApp.Accounts.User` will have a subject name of `user`). | +| [`get_by_subject_action_name`](#authentication-get_by_subject_action_name){: #authentication-get_by_subject_action_name } | `atom` | `:get_by_subject` | The name of the read action used to retrieve records. Used internally by `AshAuthentication.subject_to_user/2`. If the action doesn't exist, one will be generated for you. | +| [`select_for_senders`](#authentication-select_for_senders){: #authentication-select_for_senders } | `list(atom)` | | A list of fields that we will ensure are selected whenever a sender will be invoked. This is useful if using something like `ash_graphql` which by default only selects what fields appear in the query, and if you are exposing these actions that way. Defaults to `[:email]` if there is an `:email` attribute on the resource, and `[]` otherwise. | + + +## authentication.tokens +Configure JWT settings for this resource + + + + + + +### Options + +| Name | Type | Default | Docs | +|------|------|---------|------| +| [`token_resource`](#authentication-tokens-token_resource){: #authentication-tokens-token_resource .spark-required} | `module \| false` | | The resource used to store token information. If token generation is enabled for this resource, we need a place to store information about tokens, such as revocations and in-flight confirmations. | +| [`enabled?`](#authentication-tokens-enabled?){: #authentication-tokens-enabled? } | `boolean` | `false` | Should JWTs be generated by this resource? | +| [`store_all_tokens?`](#authentication-tokens-store_all_tokens?){: #authentication-tokens-store_all_tokens? } | `boolean` | `false` | Store all tokens in the `token_resource`? Some applications need to keep track of all tokens issued to any user. This is optional behaviour with `ash_authentication` in order to preserve as much performance as possible. | +| [`require_token_presence_for_authentication?`](#authentication-tokens-require_token_presence_for_authentication?){: #authentication-tokens-require_token_presence_for_authentication? } | `boolean` | `false` | Require a locally-stored token for authentication? This inverts the token validation behaviour from requiring that tokens are not revoked to requiring any token presented by a client to be present in the token resource to be considered valid. Requires `store_all_tokens?` to be `true`. | +| [`signing_algorithm`](#authentication-tokens-signing_algorithm){: #authentication-tokens-signing_algorithm } | `String.t` | `"HS256"` | The algorithm to use for token signing. Available signing algorithms are; EdDSA, Ed448ph, Ed448, Ed25519ph, Ed25519, PS512, PS384, PS256, ES512, ES384, ES256, RS512, RS384, RS256, HS512, HS384 and HS256. | +| [`token_lifetime`](#authentication-tokens-token_lifetime){: #authentication-tokens-token_lifetime } | `pos_integer \| {pos_integer, :days \| :hours \| :minutes \| :seconds}` | `{14, :days}` | How long a token should be valid. Since refresh tokens are not yet supported, you should probably set this to a reasonably long time to ensure a good user experience. You can either provide a tuple with a time unit, or a positive integer, in which case the unit is assumed to be hours. Defaults to 14 days. | +| [`signing_secret`](#authentication-tokens-signing_secret){: #authentication-tokens-signing_secret } | `(any, any -> any) \| module \| String.t` | | The secret used to sign tokens. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. | + + + + +## authentication.strategies +Configure authentication strategies on this resource + + + + + + + +## authentication.add_ons +Additional add-ons related to, but not providing authentication + + + + + + + + + + + + + diff --git a/mix.lock b/mix.lock index 5e0a67a5..4b5ea783 100644 --- a/mix.lock +++ b/mix.lock @@ -1,14 +1,14 @@ %{ "absinthe": {:hex, :absinthe, "1.7.6", "0b897365f98d068cfcb4533c0200a8e58825a4aeeae6ec33633ebed6de11773b", [:mix], [{:dataloader, "~> 1.0.0 or ~> 2.0", [hex: :dataloader, repo: "hexpm", optional: true]}, {:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}, {:nimble_parsec, "~> 1.2.2 or ~> 1.3", [hex: :nimble_parsec, repo: "hexpm", optional: false]}, {:opentelemetry_process_propagator, "~> 0.2.1", [hex: :opentelemetry_process_propagator, repo: "hexpm", optional: true]}, {:telemetry, "~> 1.0 or ~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "e7626951ca5eec627da960615b51009f3a774765406ff02722b1d818f17e5778"}, "absinthe_plug": {:hex, :absinthe_plug, "1.5.8", "38d230641ba9dca8f72f1fed2dfc8abd53b3907d1996363da32434ab6ee5d6ab", [:mix], [{:absinthe, "~> 1.5", [hex: :absinthe, repo: "hexpm", optional: false]}, {:plug, "~> 1.4", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "bbb04176647b735828861e7b2705465e53e2cf54ccf5a73ddd1ebd855f996e5a"}, - "ash": {:hex, :ash, "2.17.10", "5fc4a5bb239ca824fd259276b4b8529dd330cca31c588656f099483aa34ebdc0", [:mix], [{:comparable, "~> 1.0", [hex: :comparable, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: false]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:spark, "~> 1.1 and >= 1.1.50", [hex: :spark, repo: "hexpm", optional: false]}, {:stream_data, "~> 0.6", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "263ebecb61480fa0c5106376cb4b0b25735e88372a29615fcc5abf4fe797221f"}, + "ash": {:hex, :ash, "2.17.12", "3da797a550a51ee999ed5e81c7c5c82e9c11c9ccaa9b7acac3fc64e4bd2ecc67", [:mix], [{:comparable, "~> 1.0", [hex: :comparable, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: false]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:spark, ">= 1.1.50 and < 2.0.0-0", [hex: :spark, repo: "hexpm", optional: false]}, {:stream_data, "~> 0.6", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "905a28545617e59a800111e1f397c92546435d2d31f157bb1787219851572e49"}, "ash_graphql": {:hex, :ash_graphql, "0.26.8", "ca0af0d267d3cb8e7d1cf006b132f7120f7635b54187c7e150c373a652bff09f", [:mix], [{:absinthe, "~> 1.7", [hex: :absinthe, repo: "hexpm", optional: false]}, {:absinthe_plug, "~> 1.4", [hex: :absinthe_plug, repo: "hexpm", optional: false]}, {:ash, "~> 2.17", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.2", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "dfb0a6b9840715b77fce4b95e0e820133706de76c6b1f9bafc16fa9889e7e739"}, "ash_json_api": {:hex, :ash_json_api, "0.34.0", "f11b21c322cead92d0a886c2f9640a35c5866e5024c4744ad1869996aeb3b123", [:mix], [{:ash, "~> 2.3 and >= 2.9.24", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:json_xema, "~> 0.4.0", [hex: :json_xema, repo: "hexpm", optional: false]}, {:open_api_spex, "~> 3.16", [hex: :open_api_spex, repo: "hexpm", optional: true]}, {:plug, "~> 1.11", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "192d805447e2ed506751a2ae6f58f564741f68a9e8cba1a71a2f6f3928e182f1"}, "ash_postgres": {:hex, :ash_postgres, "1.3.64", "7d7b66c482ffc934a93d9872649d22da0b832cbcb9f3a14b858a3e830100302a", [:mix], [{:ash, "~> 2.17 and >= 2.17.7", [hex: :ash, repo: "hexpm", optional: false]}, {:ecto, "~> 3.9", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.9", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, ">= 0.0.0", [hex: :postgrex, repo: "hexpm", optional: false]}], "hexpm", "22a40de58746ceae628b89e48317ab8bd4cf6b9cdf88c1e3a006773c4c606cd0"}, "assent": {:hex, :assent, "0.2.9", "e3cdbc8f2e4f8d02c4c490ef8c2148bb1bc0d81aa0648f09addc5918d9a1cd5a", [:mix], [{:certifi, ">= 0.0.0", [hex: :certifi, repo: "hexpm", optional: true]}, {:finch, "~> 0.15", [hex: :finch, repo: "hexpm", optional: true]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:jose, "~> 1.8", [hex: :jose, repo: "hexpm", optional: true]}, {:mint, "~> 1.0", [hex: :mint, repo: "hexpm", optional: true]}, {:req, "~> 0.4", [hex: :req, repo: "hexpm", optional: true]}, {:ssl_verify_fun, ">= 0.0.0", [hex: :ssl_verify_fun, repo: "hexpm", optional: true]}], "hexpm", "5f9562bda90bef7bd3f1b9a348520a5631b86c85145346bb7edb8a7ebbad8e86"}, "bcrypt_elixir": {:hex, :bcrypt_elixir, "3.1.0", "0b110a9a6c619b19a7f73fa3004aa11d6e719a67e672d1633dc36b6b2290a0f7", [:make, :mix], [{:comeonin, "~> 5.3", [hex: :comeonin, repo: "hexpm", optional: false]}, {:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "2ad2acb5a8bc049e8d5aa267802631912bb80d5f4110a178ae7999e69dca1bf7"}, "bunt": {:hex, :bunt, "0.2.1", "e2d4792f7bc0ced7583ab54922808919518d0e57ee162901a16a1b6664ef3b14", [:mix], [], "hexpm", "a330bfb4245239787b15005e66ae6845c9cd524a288f0d141c148b02603777a5"}, - "castore": {:hex, :castore, "1.0.4", "ff4d0fb2e6411c0479b1d965a814ea6d00e51eb2f58697446e9c41a97d940b28", [:mix], [], "hexpm", "9418c1b8144e11656f0be99943db4caf04612e3eaecefb5dae9a2a87565584f8"}, + "castore": {:hex, :castore, "1.0.5", "9eeebb394cc9a0f3ae56b813459f990abb0a3dedee1be6b27fdb50301930502f", [:mix], [], "hexpm", "8d7c597c3e4a64c395980882d4bca3cebb8d74197c590dc272cfd3b6a6310578"}, "comeonin": {:hex, :comeonin, "5.4.0", "246a56ca3f41d404380fc6465650ddaa532c7f98be4bda1b4656b3a37cc13abe", [:mix], [], "hexpm", "796393a9e50d01999d56b7b8420ab0481a7538d0caf80919da493b4a6e51faf1"}, "comparable": {:hex, :comparable, "1.0.0", "bb669e91cedd14ae9937053e5bcbc3c52bb2f22422611f43b6e38367d94a495f", [:mix], [{:typable, "~> 0.1", [hex: :typable, repo: "hexpm", optional: false]}], "hexpm", "277c11eeb1cd726e7cd41c6c199e7e52fa16ee6830b45ad4cdc62e51f62eb60c"}, "conv_case": {:hex, :conv_case, "0.2.3", "c1455c27d3c1ffcdd5f17f1e91f40b8a0bc0a337805a6e8302f441af17118ed8", [:mix], [], "hexpm", "88f29a3d97d1742f9865f7e394ed3da011abb7c5e8cc104e676fdef6270d4b4a"}, @@ -46,7 +46,7 @@ "mimic": {:hex, :mimic, "1.7.4", "cd2772ffbc9edefe964bc668bfd4059487fa639a5b7f1cbdf4fd22946505aa4f", [:mix], [], "hexpm", "437c61041ecf8a7fae35763ce89859e4973bb0666e6ce76d75efc789204447c3"}, "mint": {:hex, :mint, "1.5.1", "8db5239e56738552d85af398798c80648db0e90f343c8469f6c6d8898944fb6f", [:mix], [{:castore, "~> 0.1.0 or ~> 1.0", [hex: :castore, repo: "hexpm", optional: true]}, {:hpax, "~> 0.1.1", [hex: :hpax, repo: "hexpm", optional: false]}], "hexpm", "4a63e1e76a7c3956abd2c72f370a0d0aecddc3976dea5c27eccbecfa5e7d5b1e"}, "mix_audit": {:hex, :mix_audit, "2.1.1", "653aa6d8f291fc4b017aa82bdb79a4017903902ebba57960ef199cbbc8c008a1", [:make, :mix], [{:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:yaml_elixir, "~> 2.9", [hex: :yaml_elixir, repo: "hexpm", optional: false]}], "hexpm", "541990c3ab3a7bb8c4aaa2ce2732a4ae160ad6237e5dcd5ad1564f4f85354db1"}, - "nimble_options": {:hex, :nimble_options, "1.0.2", "92098a74df0072ff37d0c12ace58574d26880e522c22801437151a159392270e", [:mix], [], "hexpm", "fd12a8db2021036ce12a309f26f564ec367373265b53e25403f0ee697380f1b8"}, + "nimble_options": {:hex, :nimble_options, "1.1.0", "3b31a57ede9cb1502071fade751ab0c7b8dbe75a9a4c2b5bbb0943a690b63172", [:mix], [], "hexpm", "8bbbb3941af3ca9acc7835f5655ea062111c9c27bcac53e004460dfd19008a99"}, "nimble_parsec": {:hex, :nimble_parsec, "1.4.0", "51f9b613ea62cfa97b25ccc2c1b4216e81df970acd8e16e8d1bdc58fef21370d", [:mix], [], "hexpm", "9c565862810fb383e9838c1dd2d7d2c437b3d13b267414ba6af33e50d2d1cf28"}, "nimble_pool": {:hex, :nimble_pool, "1.0.0", "5eb82705d138f4dd4423f69ceb19ac667b3b492ae570c9f5c900bb3d2f50a847", [:mix], [], "hexpm", "80be3b882d2d351882256087078e1b1952a28bf98d0a287be87e4a24a710b67a"}, "picosat_elixir": {:hex, :picosat_elixir, "0.2.3", "bf326d0f179fbb3b706bb2c15fbc367dacfa2517157d090fdfc32edae004c597", [:make, :mix], [{:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "f76c9db2dec9d2561ffaa9be35f65403d53e984e8cd99c832383b7ab78c16c66"}, @@ -57,7 +57,7 @@ "ranch": {:hex, :ranch, "1.8.0", "8c7a100a139fd57f17327b6413e4167ac559fbc04ca7448e9be9057311597a1d", [:make, :rebar3], [], "hexpm", "49fbcfd3682fab1f5d109351b61257676da1a2fdbe295904176d5e521a2ddfe5"}, "sobelow": {:hex, :sobelow, "0.13.0", "218afe9075904793f5c64b8837cc356e493d88fddde126a463839351870b8d1e", [:mix], [{:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "cd6e9026b85fc35d7529da14f95e85a078d9dd1907a9097b3ba6ac7ebbe34a0d"}, "sourceror": {:hex, :sourceror, "0.14.1", "c6fb848d55bd34362880da671debc56e77fd722fa13b4dcbeac89a8998fc8b09", [:mix], [], "hexpm", "8b488a219e4c4d7d9ff29d16346fd4a5858085ccdd010e509101e226bbfd8efc"}, - "spark": {:hex, :spark, "1.1.51", "8458de5abbb89d18dd5c9235dd39e3757076eba84a5078d1cdc2c1e23c39aa95", [:mix], [{:jason, "~> 1.4", [hex: :jason, repo: "hexpm", optional: false]}, {:nimble_options, "~> 0.5 or ~> 1.0", [hex: :nimble_options, repo: "hexpm", optional: false]}, {:sourceror, "~> 0.1", [hex: :sourceror, repo: "hexpm", optional: false]}], "hexpm", "ed8410aa8db08867b8fff3d65e54deeb7f6f6cf2b8698fc405a386c1c7a9e4f0"}, + "spark": {:hex, :spark, "1.1.52", "e0ddd137899c11fb44ef46cda346a112e60365b93e50264da976f45b1c6e28c5", [:mix], [{:jason, "~> 1.4", [hex: :jason, repo: "hexpm", optional: false]}, {:nimble_options, "~> 0.5 or ~> 1.0", [hex: :nimble_options, repo: "hexpm", optional: false]}, {:sourceror, "~> 0.1", [hex: :sourceror, repo: "hexpm", optional: false]}], "hexpm", "2d8b354103eb4ae5fb4ed5f885d491e3ed5684ccb57806c3980fcc15a4b597d6"}, "stream_data": {:hex, :stream_data, "0.6.0", "e87a9a79d7ec23d10ff83eb025141ef4915eeb09d4491f79e52f2562b73e5f47", [:mix], [], "hexpm", "b92b5031b650ca480ced047578f1d57ea6dd563f5b57464ad274718c9c29501c"}, "telemetry": {:hex, :telemetry, "1.2.1", "68fdfe8d8f05a8428483a97d7aab2f268aaff24b49e0f599faa091f1d4e7f61c", [:rebar3], [], "hexpm", "dad9ce9d8effc621708f99eac538ef1cbe05d6a874dd741de2e689c47feafed5"}, "typable": {:hex, :typable, "0.3.0", "0431e121d124cd26f312123e313d2689b9a5322b15add65d424c07779eaa3ca1", [:mix], [], "hexpm", "880a0797752da1a4c508ac48f94711e04c86156f498065a83d160eef945858f8"}, From 6b0cad75039159ea2c2d5e4706c75d4f47a12a76 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 15 Dec 2023 09:20:13 +1300 Subject: [PATCH 06/30] chore(deps-dev): Bump ash_json_api from 0.34.0 to 0.34.1 (#523) Bumps [ash_json_api](https://github.com/ash-project/ash_json_api) from 0.34.0 to 0.34.1. - [Changelog](https://github.com/ash-project/ash_json_api/blob/main/CHANGELOG.md) - [Commits](https://github.com/ash-project/ash_json_api/compare/v0.34.0...v0.34.1) --- updated-dependencies: - dependency-name: ash_json_api dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- mix.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mix.lock b/mix.lock index 4b5ea783..c142b27e 100644 --- a/mix.lock +++ b/mix.lock @@ -3,7 +3,7 @@ "absinthe_plug": {:hex, :absinthe_plug, "1.5.8", "38d230641ba9dca8f72f1fed2dfc8abd53b3907d1996363da32434ab6ee5d6ab", [:mix], [{:absinthe, "~> 1.5", [hex: :absinthe, repo: "hexpm", optional: false]}, {:plug, "~> 1.4", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "bbb04176647b735828861e7b2705465e53e2cf54ccf5a73ddd1ebd855f996e5a"}, "ash": {:hex, :ash, "2.17.12", "3da797a550a51ee999ed5e81c7c5c82e9c11c9ccaa9b7acac3fc64e4bd2ecc67", [:mix], [{:comparable, "~> 1.0", [hex: :comparable, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: false]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:spark, ">= 1.1.50 and < 2.0.0-0", [hex: :spark, repo: "hexpm", optional: false]}, {:stream_data, "~> 0.6", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "905a28545617e59a800111e1f397c92546435d2d31f157bb1787219851572e49"}, "ash_graphql": {:hex, :ash_graphql, "0.26.8", "ca0af0d267d3cb8e7d1cf006b132f7120f7635b54187c7e150c373a652bff09f", [:mix], [{:absinthe, "~> 1.7", [hex: :absinthe, repo: "hexpm", optional: false]}, {:absinthe_plug, "~> 1.4", [hex: :absinthe_plug, repo: "hexpm", optional: false]}, {:ash, "~> 2.17", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.2", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "dfb0a6b9840715b77fce4b95e0e820133706de76c6b1f9bafc16fa9889e7e739"}, - "ash_json_api": {:hex, :ash_json_api, "0.34.0", "f11b21c322cead92d0a886c2f9640a35c5866e5024c4744ad1869996aeb3b123", [:mix], [{:ash, "~> 2.3 and >= 2.9.24", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:json_xema, "~> 0.4.0", [hex: :json_xema, repo: "hexpm", optional: false]}, {:open_api_spex, "~> 3.16", [hex: :open_api_spex, repo: "hexpm", optional: true]}, {:plug, "~> 1.11", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "192d805447e2ed506751a2ae6f58f564741f68a9e8cba1a71a2f6f3928e182f1"}, + "ash_json_api": {:hex, :ash_json_api, "0.34.1", "6abe0369087b051956996233d0a9524b29ae74d16a7ffa37c8835f2e4f29a95b", [:mix], [{:ash, ">= 2.9.24 and < 3.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:json_xema, "~> 0.4.0", [hex: :json_xema, repo: "hexpm", optional: false]}, {:open_api_spex, "~> 3.16", [hex: :open_api_spex, repo: "hexpm", optional: true]}, {:plug, "~> 1.11", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "f48bf65dada604d5e876af63ba2d587d0bfff618f0bccf7774487301b3b3d43f"}, "ash_postgres": {:hex, :ash_postgres, "1.3.64", "7d7b66c482ffc934a93d9872649d22da0b832cbcb9f3a14b858a3e830100302a", [:mix], [{:ash, "~> 2.17 and >= 2.17.7", [hex: :ash, repo: "hexpm", optional: false]}, {:ecto, "~> 3.9", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.9", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, ">= 0.0.0", [hex: :postgrex, repo: "hexpm", optional: false]}], "hexpm", "22a40de58746ceae628b89e48317ab8bd4cf6b9cdf88c1e3a006773c4c606cd0"}, "assent": {:hex, :assent, "0.2.9", "e3cdbc8f2e4f8d02c4c490ef8c2148bb1bc0d81aa0648f09addc5918d9a1cd5a", [:mix], [{:certifi, ">= 0.0.0", [hex: :certifi, repo: "hexpm", optional: true]}, {:finch, "~> 0.15", [hex: :finch, repo: "hexpm", optional: true]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:jose, "~> 1.8", [hex: :jose, repo: "hexpm", optional: true]}, {:mint, "~> 1.0", [hex: :mint, repo: "hexpm", optional: true]}, {:req, "~> 0.4", [hex: :req, repo: "hexpm", optional: true]}, {:ssl_verify_fun, ">= 0.0.0", [hex: :ssl_verify_fun, repo: "hexpm", optional: true]}], "hexpm", "5f9562bda90bef7bd3f1b9a348520a5631b86c85145346bb7edb8a7ebbad8e86"}, "bcrypt_elixir": {:hex, :bcrypt_elixir, "3.1.0", "0b110a9a6c619b19a7f73fa3004aa11d6e719a67e672d1633dc36b6b2290a0f7", [:make, :mix], [{:comeonin, "~> 5.3", [hex: :comeonin, repo: "hexpm", optional: false]}, {:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "2ad2acb5a8bc049e8d5aa267802631912bb80d5f4110a178ae7999e69dca1bf7"}, From be5727146c4e5c10cfa99919751d2c0bbd0eabca Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Dec 2023 14:11:17 +1300 Subject: [PATCH 07/30] chore(deps): Bump ash from 2.17.12 to 2.17.13 (#525) Bumps [ash](https://github.com/ash-project/ash) from 2.17.12 to 2.17.13. - [Release notes](https://github.com/ash-project/ash/releases) - [Changelog](https://github.com/ash-project/ash/blob/main/CHANGELOG.md) - [Commits](https://github.com/ash-project/ash/compare/v2.17.12...v2.17.13) --- updated-dependencies: - dependency-name: ash dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- mix.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mix.lock b/mix.lock index c142b27e..6e107595 100644 --- a/mix.lock +++ b/mix.lock @@ -1,7 +1,7 @@ %{ "absinthe": {:hex, :absinthe, "1.7.6", "0b897365f98d068cfcb4533c0200a8e58825a4aeeae6ec33633ebed6de11773b", [:mix], [{:dataloader, "~> 1.0.0 or ~> 2.0", [hex: :dataloader, repo: "hexpm", optional: true]}, {:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}, {:nimble_parsec, "~> 1.2.2 or ~> 1.3", [hex: :nimble_parsec, repo: "hexpm", optional: false]}, {:opentelemetry_process_propagator, "~> 0.2.1", [hex: :opentelemetry_process_propagator, repo: "hexpm", optional: true]}, {:telemetry, "~> 1.0 or ~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "e7626951ca5eec627da960615b51009f3a774765406ff02722b1d818f17e5778"}, "absinthe_plug": {:hex, :absinthe_plug, "1.5.8", "38d230641ba9dca8f72f1fed2dfc8abd53b3907d1996363da32434ab6ee5d6ab", [:mix], [{:absinthe, "~> 1.5", [hex: :absinthe, repo: "hexpm", optional: false]}, {:plug, "~> 1.4", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "bbb04176647b735828861e7b2705465e53e2cf54ccf5a73ddd1ebd855f996e5a"}, - "ash": {:hex, :ash, "2.17.12", "3da797a550a51ee999ed5e81c7c5c82e9c11c9ccaa9b7acac3fc64e4bd2ecc67", [:mix], [{:comparable, "~> 1.0", [hex: :comparable, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: false]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:spark, ">= 1.1.50 and < 2.0.0-0", [hex: :spark, repo: "hexpm", optional: false]}, {:stream_data, "~> 0.6", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "905a28545617e59a800111e1f397c92546435d2d31f157bb1787219851572e49"}, + "ash": {:hex, :ash, "2.17.13", "a3bb846238d4eb029da00583554f074d73950cfa4bc2f5964283d2e4491a9543", [:mix], [{:comparable, "~> 1.0", [hex: :comparable, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: false]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:spark, ">= 1.1.50 and < 2.0.0-0", [hex: :spark, repo: "hexpm", optional: false]}, {:stream_data, "~> 0.6", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "b41a3e029b1553e71a0cab7db66d98a1ea7a883d301b866630ef9d09e64d38ee"}, "ash_graphql": {:hex, :ash_graphql, "0.26.8", "ca0af0d267d3cb8e7d1cf006b132f7120f7635b54187c7e150c373a652bff09f", [:mix], [{:absinthe, "~> 1.7", [hex: :absinthe, repo: "hexpm", optional: false]}, {:absinthe_plug, "~> 1.4", [hex: :absinthe_plug, repo: "hexpm", optional: false]}, {:ash, "~> 2.17", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.2", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "dfb0a6b9840715b77fce4b95e0e820133706de76c6b1f9bafc16fa9889e7e739"}, "ash_json_api": {:hex, :ash_json_api, "0.34.1", "6abe0369087b051956996233d0a9524b29ae74d16a7ffa37c8835f2e4f29a95b", [:mix], [{:ash, ">= 2.9.24 and < 3.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:json_xema, "~> 0.4.0", [hex: :json_xema, repo: "hexpm", optional: false]}, {:open_api_spex, "~> 3.16", [hex: :open_api_spex, repo: "hexpm", optional: true]}, {:plug, "~> 1.11", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "f48bf65dada604d5e876af63ba2d587d0bfff618f0bccf7774487301b3b3d43f"}, "ash_postgres": {:hex, :ash_postgres, "1.3.64", "7d7b66c482ffc934a93d9872649d22da0b832cbcb9f3a14b858a3e830100302a", [:mix], [{:ash, "~> 2.17 and >= 2.17.7", [hex: :ash, repo: "hexpm", optional: false]}, {:ecto, "~> 3.9", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.9", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, ">= 0.0.0", [hex: :postgrex, repo: "hexpm", optional: false]}], "hexpm", "22a40de58746ceae628b89e48317ab8bd4cf6b9cdf88c1e3a006773c4c606cd0"}, From 506c9ac2d8188509549b198add2d5b5ae9568880 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 19 Dec 2023 11:09:41 +1300 Subject: [PATCH 08/30] chore(deps): Bump spark from 1.1.52 to 1.1.53 (#526) Bumps [spark](https://github.com/ash-project/spark) from 1.1.52 to 1.1.53. - [Changelog](https://github.com/ash-project/spark/blob/main/CHANGELOG.md) - [Commits](https://github.com/ash-project/spark/compare/v1.1.52...v1.1.53) --- updated-dependencies: - dependency-name: spark dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- mix.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mix.lock b/mix.lock index 6e107595..454e6984 100644 --- a/mix.lock +++ b/mix.lock @@ -57,7 +57,7 @@ "ranch": {:hex, :ranch, "1.8.0", "8c7a100a139fd57f17327b6413e4167ac559fbc04ca7448e9be9057311597a1d", [:make, :rebar3], [], "hexpm", "49fbcfd3682fab1f5d109351b61257676da1a2fdbe295904176d5e521a2ddfe5"}, "sobelow": {:hex, :sobelow, "0.13.0", "218afe9075904793f5c64b8837cc356e493d88fddde126a463839351870b8d1e", [:mix], [{:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "cd6e9026b85fc35d7529da14f95e85a078d9dd1907a9097b3ba6ac7ebbe34a0d"}, "sourceror": {:hex, :sourceror, "0.14.1", "c6fb848d55bd34362880da671debc56e77fd722fa13b4dcbeac89a8998fc8b09", [:mix], [], "hexpm", "8b488a219e4c4d7d9ff29d16346fd4a5858085ccdd010e509101e226bbfd8efc"}, - "spark": {:hex, :spark, "1.1.52", "e0ddd137899c11fb44ef46cda346a112e60365b93e50264da976f45b1c6e28c5", [:mix], [{:jason, "~> 1.4", [hex: :jason, repo: "hexpm", optional: false]}, {:nimble_options, "~> 0.5 or ~> 1.0", [hex: :nimble_options, repo: "hexpm", optional: false]}, {:sourceror, "~> 0.1", [hex: :sourceror, repo: "hexpm", optional: false]}], "hexpm", "2d8b354103eb4ae5fb4ed5f885d491e3ed5684ccb57806c3980fcc15a4b597d6"}, + "spark": {:hex, :spark, "1.1.53", "db8a374ef6ada4f38389386bec76b2fa6331d4755308a6e359acad16472e29ea", [:mix], [{:jason, "~> 1.4", [hex: :jason, repo: "hexpm", optional: false]}, {:nimble_options, "~> 0.5 or ~> 1.0", [hex: :nimble_options, repo: "hexpm", optional: false]}, {:sourceror, "~> 0.1", [hex: :sourceror, repo: "hexpm", optional: false]}], "hexpm", "5f8a8e2b4abd2544517bb8d29c28576239254b5979d66d9781b154706c4199dd"}, "stream_data": {:hex, :stream_data, "0.6.0", "e87a9a79d7ec23d10ff83eb025141ef4915eeb09d4491f79e52f2562b73e5f47", [:mix], [], "hexpm", "b92b5031b650ca480ced047578f1d57ea6dd563f5b57464ad274718c9c29501c"}, "telemetry": {:hex, :telemetry, "1.2.1", "68fdfe8d8f05a8428483a97d7aab2f268aaff24b49e0f599faa091f1d4e7f61c", [:rebar3], [], "hexpm", "dad9ce9d8effc621708f99eac538ef1cbe05d6a874dd741de2e689c47feafed5"}, "typable": {:hex, :typable, "0.3.0", "0431e121d124cd26f312123e313d2689b9a5322b15add65d424c07779eaa3ca1", [:mix], [], "hexpm", "880a0797752da1a4c508ac48f94711e04c86156f498065a83d160eef945858f8"}, From e65c2bd2cc0bd88dee484d2f92bc781c27b1521a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 21 Dec 2023 09:06:53 +1300 Subject: [PATCH 09/30] chore(deps): Bump ash from 2.17.13 to 2.17.14 (#527) Bumps [ash](https://github.com/ash-project/ash) from 2.17.13 to 2.17.14. - [Release notes](https://github.com/ash-project/ash/releases) - [Changelog](https://github.com/ash-project/ash/blob/main/CHANGELOG.md) - [Commits](https://github.com/ash-project/ash/compare/v2.17.13...v2.17.14) --- updated-dependencies: - dependency-name: ash dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- mix.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mix.lock b/mix.lock index 454e6984..30e7f845 100644 --- a/mix.lock +++ b/mix.lock @@ -1,7 +1,7 @@ %{ "absinthe": {:hex, :absinthe, "1.7.6", "0b897365f98d068cfcb4533c0200a8e58825a4aeeae6ec33633ebed6de11773b", [:mix], [{:dataloader, "~> 1.0.0 or ~> 2.0", [hex: :dataloader, repo: "hexpm", optional: true]}, {:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}, {:nimble_parsec, "~> 1.2.2 or ~> 1.3", [hex: :nimble_parsec, repo: "hexpm", optional: false]}, {:opentelemetry_process_propagator, "~> 0.2.1", [hex: :opentelemetry_process_propagator, repo: "hexpm", optional: true]}, {:telemetry, "~> 1.0 or ~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "e7626951ca5eec627da960615b51009f3a774765406ff02722b1d818f17e5778"}, "absinthe_plug": {:hex, :absinthe_plug, "1.5.8", "38d230641ba9dca8f72f1fed2dfc8abd53b3907d1996363da32434ab6ee5d6ab", [:mix], [{:absinthe, "~> 1.5", [hex: :absinthe, repo: "hexpm", optional: false]}, {:plug, "~> 1.4", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "bbb04176647b735828861e7b2705465e53e2cf54ccf5a73ddd1ebd855f996e5a"}, - "ash": {:hex, :ash, "2.17.13", "a3bb846238d4eb029da00583554f074d73950cfa4bc2f5964283d2e4491a9543", [:mix], [{:comparable, "~> 1.0", [hex: :comparable, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: false]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:spark, ">= 1.1.50 and < 2.0.0-0", [hex: :spark, repo: "hexpm", optional: false]}, {:stream_data, "~> 0.6", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "b41a3e029b1553e71a0cab7db66d98a1ea7a883d301b866630ef9d09e64d38ee"}, + "ash": {:hex, :ash, "2.17.14", "ccb68a0eacd7d4f4652a01baa3ceda510d793ab769c82958d644638905f08f7d", [:mix], [{:comparable, "~> 1.0", [hex: :comparable, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: false]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:spark, ">= 1.1.50 and < 2.0.0-0", [hex: :spark, repo: "hexpm", optional: false]}, {:stream_data, "~> 0.6", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "b09a585924f222a1d353ebd13ec8691c4b9c5e37a8be271ee8960c34feb3fad0"}, "ash_graphql": {:hex, :ash_graphql, "0.26.8", "ca0af0d267d3cb8e7d1cf006b132f7120f7635b54187c7e150c373a652bff09f", [:mix], [{:absinthe, "~> 1.7", [hex: :absinthe, repo: "hexpm", optional: false]}, {:absinthe_plug, "~> 1.4", [hex: :absinthe_plug, repo: "hexpm", optional: false]}, {:ash, "~> 2.17", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.2", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "dfb0a6b9840715b77fce4b95e0e820133706de76c6b1f9bafc16fa9889e7e739"}, "ash_json_api": {:hex, :ash_json_api, "0.34.1", "6abe0369087b051956996233d0a9524b29ae74d16a7ffa37c8835f2e4f29a95b", [:mix], [{:ash, ">= 2.9.24 and < 3.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:json_xema, "~> 0.4.0", [hex: :json_xema, repo: "hexpm", optional: false]}, {:open_api_spex, "~> 3.16", [hex: :open_api_spex, repo: "hexpm", optional: true]}, {:plug, "~> 1.11", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "f48bf65dada604d5e876af63ba2d587d0bfff618f0bccf7774487301b3b3d43f"}, "ash_postgres": {:hex, :ash_postgres, "1.3.64", "7d7b66c482ffc934a93d9872649d22da0b832cbcb9f3a14b858a3e830100302a", [:mix], [{:ash, "~> 2.17 and >= 2.17.7", [hex: :ash, repo: "hexpm", optional: false]}, {:ecto, "~> 3.9", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.9", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, ">= 0.0.0", [hex: :postgrex, repo: "hexpm", optional: false]}], "hexpm", "22a40de58746ceae628b89e48317ab8bd4cf6b9cdf88c1e3a006773c4c606cd0"}, From 1b9a9f1f5bf71e1082cadba850e80bf9a9de95ce Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 24 Dec 2023 15:27:48 +1300 Subject: [PATCH 10/30] chore(deps): Bump ash from 2.17.14 to 2.17.15 (#528) --- mix.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mix.lock b/mix.lock index 30e7f845..6e66e087 100644 --- a/mix.lock +++ b/mix.lock @@ -1,7 +1,7 @@ %{ "absinthe": {:hex, :absinthe, "1.7.6", "0b897365f98d068cfcb4533c0200a8e58825a4aeeae6ec33633ebed6de11773b", [:mix], [{:dataloader, "~> 1.0.0 or ~> 2.0", [hex: :dataloader, repo: "hexpm", optional: true]}, {:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}, {:nimble_parsec, "~> 1.2.2 or ~> 1.3", [hex: :nimble_parsec, repo: "hexpm", optional: false]}, {:opentelemetry_process_propagator, "~> 0.2.1", [hex: :opentelemetry_process_propagator, repo: "hexpm", optional: true]}, {:telemetry, "~> 1.0 or ~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "e7626951ca5eec627da960615b51009f3a774765406ff02722b1d818f17e5778"}, "absinthe_plug": {:hex, :absinthe_plug, "1.5.8", "38d230641ba9dca8f72f1fed2dfc8abd53b3907d1996363da32434ab6ee5d6ab", [:mix], [{:absinthe, "~> 1.5", [hex: :absinthe, repo: "hexpm", optional: false]}, {:plug, "~> 1.4", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "bbb04176647b735828861e7b2705465e53e2cf54ccf5a73ddd1ebd855f996e5a"}, - "ash": {:hex, :ash, "2.17.14", "ccb68a0eacd7d4f4652a01baa3ceda510d793ab769c82958d644638905f08f7d", [:mix], [{:comparable, "~> 1.0", [hex: :comparable, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: false]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:spark, ">= 1.1.50 and < 2.0.0-0", [hex: :spark, repo: "hexpm", optional: false]}, {:stream_data, "~> 0.6", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "b09a585924f222a1d353ebd13ec8691c4b9c5e37a8be271ee8960c34feb3fad0"}, + "ash": {:hex, :ash, "2.17.15", "5a71025ad4878c0522408032e5f6253b43dee19de50d0ef23ff57555f05ea646", [:mix], [{:comparable, "~> 1.0", [hex: :comparable, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: false]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:spark, ">= 1.1.50 and < 2.0.0-0", [hex: :spark, repo: "hexpm", optional: false]}, {:stream_data, "~> 0.6", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "44082e414ee43dc2c15f31ec26121a626855587413eee2f5325e5e783a04f59b"}, "ash_graphql": {:hex, :ash_graphql, "0.26.8", "ca0af0d267d3cb8e7d1cf006b132f7120f7635b54187c7e150c373a652bff09f", [:mix], [{:absinthe, "~> 1.7", [hex: :absinthe, repo: "hexpm", optional: false]}, {:absinthe_plug, "~> 1.4", [hex: :absinthe_plug, repo: "hexpm", optional: false]}, {:ash, "~> 2.17", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.2", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "dfb0a6b9840715b77fce4b95e0e820133706de76c6b1f9bafc16fa9889e7e739"}, "ash_json_api": {:hex, :ash_json_api, "0.34.1", "6abe0369087b051956996233d0a9524b29ae74d16a7ffa37c8835f2e4f29a95b", [:mix], [{:ash, ">= 2.9.24 and < 3.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:json_xema, "~> 0.4.0", [hex: :json_xema, repo: "hexpm", optional: false]}, {:open_api_spex, "~> 3.16", [hex: :open_api_spex, repo: "hexpm", optional: true]}, {:plug, "~> 1.11", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "f48bf65dada604d5e876af63ba2d587d0bfff618f0bccf7774487301b3b3d43f"}, "ash_postgres": {:hex, :ash_postgres, "1.3.64", "7d7b66c482ffc934a93d9872649d22da0b832cbcb9f3a14b858a3e830100302a", [:mix], [{:ash, "~> 2.17 and >= 2.17.7", [hex: :ash, repo: "hexpm", optional: false]}, {:ecto, "~> 3.9", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.9", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, ">= 0.0.0", [hex: :postgrex, repo: "hexpm", optional: false]}], "hexpm", "22a40de58746ceae628b89e48317ab8bd4cf6b9cdf88c1e3a006773c4c606cd0"}, From 65d3a9f3606d2a86897eb6b154e6821cd8a55f12 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Dec 2023 05:57:32 +1300 Subject: [PATCH 11/30] chore(deps-dev): Bump ash_postgres from 1.3.64 to 1.3.65 (#531) --- mix.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/mix.lock b/mix.lock index 6e66e087..cd1f8bff 100644 --- a/mix.lock +++ b/mix.lock @@ -1,10 +1,10 @@ %{ "absinthe": {:hex, :absinthe, "1.7.6", "0b897365f98d068cfcb4533c0200a8e58825a4aeeae6ec33633ebed6de11773b", [:mix], [{:dataloader, "~> 1.0.0 or ~> 2.0", [hex: :dataloader, repo: "hexpm", optional: true]}, {:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}, {:nimble_parsec, "~> 1.2.2 or ~> 1.3", [hex: :nimble_parsec, repo: "hexpm", optional: false]}, {:opentelemetry_process_propagator, "~> 0.2.1", [hex: :opentelemetry_process_propagator, repo: "hexpm", optional: true]}, {:telemetry, "~> 1.0 or ~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "e7626951ca5eec627da960615b51009f3a774765406ff02722b1d818f17e5778"}, "absinthe_plug": {:hex, :absinthe_plug, "1.5.8", "38d230641ba9dca8f72f1fed2dfc8abd53b3907d1996363da32434ab6ee5d6ab", [:mix], [{:absinthe, "~> 1.5", [hex: :absinthe, repo: "hexpm", optional: false]}, {:plug, "~> 1.4", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "bbb04176647b735828861e7b2705465e53e2cf54ccf5a73ddd1ebd855f996e5a"}, - "ash": {:hex, :ash, "2.17.15", "5a71025ad4878c0522408032e5f6253b43dee19de50d0ef23ff57555f05ea646", [:mix], [{:comparable, "~> 1.0", [hex: :comparable, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: false]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:spark, ">= 1.1.50 and < 2.0.0-0", [hex: :spark, repo: "hexpm", optional: false]}, {:stream_data, "~> 0.6", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "44082e414ee43dc2c15f31ec26121a626855587413eee2f5325e5e783a04f59b"}, + "ash": {:hex, :ash, "2.17.17", "437688358c4f3fe18087e47b16388f0cc6c1eaaadfe44c0eeef1ef7c871ed9f4", [:mix], [{:comparable, "~> 1.0", [hex: :comparable, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: false]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:spark, ">= 1.1.50 and < 2.0.0-0", [hex: :spark, repo: "hexpm", optional: false]}, {:stream_data, "~> 0.6", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "df074e4246db04351344db23f36598535d568f7a91023eafd7af698e34804f0b"}, "ash_graphql": {:hex, :ash_graphql, "0.26.8", "ca0af0d267d3cb8e7d1cf006b132f7120f7635b54187c7e150c373a652bff09f", [:mix], [{:absinthe, "~> 1.7", [hex: :absinthe, repo: "hexpm", optional: false]}, {:absinthe_plug, "~> 1.4", [hex: :absinthe_plug, repo: "hexpm", optional: false]}, {:ash, "~> 2.17", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.2", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "dfb0a6b9840715b77fce4b95e0e820133706de76c6b1f9bafc16fa9889e7e739"}, "ash_json_api": {:hex, :ash_json_api, "0.34.1", "6abe0369087b051956996233d0a9524b29ae74d16a7ffa37c8835f2e4f29a95b", [:mix], [{:ash, ">= 2.9.24 and < 3.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:json_xema, "~> 0.4.0", [hex: :json_xema, repo: "hexpm", optional: false]}, {:open_api_spex, "~> 3.16", [hex: :open_api_spex, repo: "hexpm", optional: true]}, {:plug, "~> 1.11", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "f48bf65dada604d5e876af63ba2d587d0bfff618f0bccf7774487301b3b3d43f"}, - "ash_postgres": {:hex, :ash_postgres, "1.3.64", "7d7b66c482ffc934a93d9872649d22da0b832cbcb9f3a14b858a3e830100302a", [:mix], [{:ash, "~> 2.17 and >= 2.17.7", [hex: :ash, repo: "hexpm", optional: false]}, {:ecto, "~> 3.9", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.9", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, ">= 0.0.0", [hex: :postgrex, repo: "hexpm", optional: false]}], "hexpm", "22a40de58746ceae628b89e48317ab8bd4cf6b9cdf88c1e3a006773c4c606cd0"}, + "ash_postgres": {:hex, :ash_postgres, "1.3.65", "b4f99c75040d245b75646567687ea85c4fe69f047d4037705fa6af945e88e583", [:mix], [{:ash, ">= 2.17.17 and < 3.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:ecto, "~> 3.9", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.9", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, ">= 0.0.0", [hex: :postgrex, repo: "hexpm", optional: false]}], "hexpm", "2390f80943326d325ee7bfe647d72988ee6a86e186c8c7297d316592e1d57875"}, "assent": {:hex, :assent, "0.2.9", "e3cdbc8f2e4f8d02c4c490ef8c2148bb1bc0d81aa0648f09addc5918d9a1cd5a", [:mix], [{:certifi, ">= 0.0.0", [hex: :certifi, repo: "hexpm", optional: true]}, {:finch, "~> 0.15", [hex: :finch, repo: "hexpm", optional: true]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:jose, "~> 1.8", [hex: :jose, repo: "hexpm", optional: true]}, {:mint, "~> 1.0", [hex: :mint, repo: "hexpm", optional: true]}, {:req, "~> 0.4", [hex: :req, repo: "hexpm", optional: true]}, {:ssl_verify_fun, ">= 0.0.0", [hex: :ssl_verify_fun, repo: "hexpm", optional: true]}], "hexpm", "5f9562bda90bef7bd3f1b9a348520a5631b86c85145346bb7edb8a7ebbad8e86"}, "bcrypt_elixir": {:hex, :bcrypt_elixir, "3.1.0", "0b110a9a6c619b19a7f73fa3004aa11d6e719a67e672d1633dc36b6b2290a0f7", [:make, :mix], [{:comeonin, "~> 5.3", [hex: :comeonin, repo: "hexpm", optional: false]}, {:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "2ad2acb5a8bc049e8d5aa267802631912bb80d5f4110a178ae7999e69dca1bf7"}, "bunt": {:hex, :bunt, "0.2.1", "e2d4792f7bc0ced7583ab54922808919518d0e57ee162901a16a1b6664ef3b14", [:mix], [], "hexpm", "a330bfb4245239787b15005e66ae6845c9cd524a288f0d141c148b02603777a5"}, @@ -23,7 +23,7 @@ "earmark": {:hex, :earmark, "1.4.46", "8c7287bd3137e99d26ae4643e5b7ef2129a260e3dcf41f251750cb4563c8fb81", [:mix], [], "hexpm", "798d86db3d79964e759ddc0c077d5eb254968ed426399fbf5a62de2b5ff8910a"}, "earmark_parser": {:hex, :earmark_parser, "1.4.36", "487ea8ef9bdc659f085e6e654f3c3feea1d36ac3943edf9d2ef6c98de9174c13", [:mix], [], "hexpm", "a524e395634bdcf60a616efe77fd79561bec2e930d8b82745df06ab4e844400a"}, "ecto": {:hex, :ecto, "3.11.1", "4b4972b717e7ca83d30121b12998f5fcdc62ba0ed4f20fd390f16f3270d85c3e", [:mix], [{:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "ebd3d3772cd0dfcd8d772659e41ed527c28b2a8bde4b00fe03e0463da0f1983b"}, - "ecto_sql": {:hex, :ecto_sql, "3.11.0", "c787b24b224942b69c9ff7ab9107f258ecdc68326be04815c6cce2941b6fad1c", [:mix], [{:db_connection, "~> 2.5 or ~> 2.4.1", [hex: :db_connection, repo: "hexpm", optional: false]}, {:ecto, "~> 3.11.0", [hex: :ecto, repo: "hexpm", optional: false]}, {:myxql, "~> 0.6.0", [hex: :myxql, repo: "hexpm", optional: true]}, {:postgrex, "~> 0.16.0 or ~> 0.17.0 or ~> 1.0", [hex: :postgrex, repo: "hexpm", optional: true]}, {:tds, "~> 2.1.1 or ~> 2.2", [hex: :tds, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4.0 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "77aa3677169f55c2714dda7352d563002d180eb33c0dc29cd36d39c0a1a971f5"}, + "ecto_sql": {:hex, :ecto_sql, "3.11.1", "e9abf28ae27ef3916b43545f9578b4750956ccea444853606472089e7d169470", [:mix], [{:db_connection, "~> 2.4.1 or ~> 2.5", [hex: :db_connection, repo: "hexpm", optional: false]}, {:ecto, "~> 3.11.0", [hex: :ecto, repo: "hexpm", optional: false]}, {:myxql, "~> 0.6.0", [hex: :myxql, repo: "hexpm", optional: true]}, {:postgrex, "~> 0.16.0 or ~> 0.17.0 or ~> 1.0", [hex: :postgrex, repo: "hexpm", optional: true]}, {:tds, "~> 2.1.1 or ~> 2.2", [hex: :tds, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4.0 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "ce14063ab3514424276e7e360108ad6c2308f6d88164a076aac8a387e1fea634"}, "elixir_make": {:hex, :elixir_make, "0.7.7", "7128c60c2476019ed978210c245badf08b03dbec4f24d05790ef791da11aa17c", [:mix], [{:castore, "~> 0.1 or ~> 1.0", [hex: :castore, repo: "hexpm", optional: true]}], "hexpm", "5bc19fff950fad52bbe5f211b12db9ec82c6b34a9647da0c2224b8b8464c7e6c"}, "erlex": {:hex, :erlex, "0.2.6", "c7987d15e899c7a2f34f5420d2a2ea0d659682c06ac607572df55a43753aa12e", [:mix], [], "hexpm", "2ed2e25711feb44d52b17d2780eabf998452f6efda104877a3881c2f8c0c0c75"}, "ets": {:hex, :ets, "0.9.0", "79c6a6c205436780486f72d84230c6cba2f8a9920456750ddd1e47389107d5fd", [:mix], [], "hexpm", "2861fdfb04bcaeff370f1a5904eec864f0a56dcfebe5921ea9aadf2a481c822b"}, From 044d5ecd47d82704c14d9530129cec17f70238ef Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 27 Dec 2023 05:57:47 +1300 Subject: [PATCH 12/30] chore(deps-dev): Bump credo from 1.7.1 to 1.7.2 (#530) --- mix.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/mix.lock b/mix.lock index cd1f8bff..58d83f42 100644 --- a/mix.lock +++ b/mix.lock @@ -7,7 +7,7 @@ "ash_postgres": {:hex, :ash_postgres, "1.3.65", "b4f99c75040d245b75646567687ea85c4fe69f047d4037705fa6af945e88e583", [:mix], [{:ash, ">= 2.17.17 and < 3.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:ecto, "~> 3.9", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.9", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, ">= 0.0.0", [hex: :postgrex, repo: "hexpm", optional: false]}], "hexpm", "2390f80943326d325ee7bfe647d72988ee6a86e186c8c7297d316592e1d57875"}, "assent": {:hex, :assent, "0.2.9", "e3cdbc8f2e4f8d02c4c490ef8c2148bb1bc0d81aa0648f09addc5918d9a1cd5a", [:mix], [{:certifi, ">= 0.0.0", [hex: :certifi, repo: "hexpm", optional: true]}, {:finch, "~> 0.15", [hex: :finch, repo: "hexpm", optional: true]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:jose, "~> 1.8", [hex: :jose, repo: "hexpm", optional: true]}, {:mint, "~> 1.0", [hex: :mint, repo: "hexpm", optional: true]}, {:req, "~> 0.4", [hex: :req, repo: "hexpm", optional: true]}, {:ssl_verify_fun, ">= 0.0.0", [hex: :ssl_verify_fun, repo: "hexpm", optional: true]}], "hexpm", "5f9562bda90bef7bd3f1b9a348520a5631b86c85145346bb7edb8a7ebbad8e86"}, "bcrypt_elixir": {:hex, :bcrypt_elixir, "3.1.0", "0b110a9a6c619b19a7f73fa3004aa11d6e719a67e672d1633dc36b6b2290a0f7", [:make, :mix], [{:comeonin, "~> 5.3", [hex: :comeonin, repo: "hexpm", optional: false]}, {:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "2ad2acb5a8bc049e8d5aa267802631912bb80d5f4110a178ae7999e69dca1bf7"}, - "bunt": {:hex, :bunt, "0.2.1", "e2d4792f7bc0ced7583ab54922808919518d0e57ee162901a16a1b6664ef3b14", [:mix], [], "hexpm", "a330bfb4245239787b15005e66ae6845c9cd524a288f0d141c148b02603777a5"}, + "bunt": {:hex, :bunt, "1.0.0", "081c2c665f086849e6d57900292b3a161727ab40431219529f13c4ddcf3e7a44", [:mix], [], "hexpm", "dc5f86aa08a5f6fa6b8096f0735c4e76d54ae5c9fa2c143e5a1fc7c1cd9bb6b5"}, "castore": {:hex, :castore, "1.0.5", "9eeebb394cc9a0f3ae56b813459f990abb0a3dedee1be6b27fdb50301930502f", [:mix], [], "hexpm", "8d7c597c3e4a64c395980882d4bca3cebb8d74197c590dc272cfd3b6a6310578"}, "comeonin": {:hex, :comeonin, "5.4.0", "246a56ca3f41d404380fc6465650ddaa532c7f98be4bda1b4656b3a37cc13abe", [:mix], [], "hexpm", "796393a9e50d01999d56b7b8420ab0481a7538d0caf80919da493b4a6e51faf1"}, "comparable": {:hex, :comparable, "1.0.0", "bb669e91cedd14ae9937053e5bcbc3c52bb2f22422611f43b6e38367d94a495f", [:mix], [{:typable, "~> 0.1", [hex: :typable, repo: "hexpm", optional: false]}], "hexpm", "277c11eeb1cd726e7cd41c6c199e7e52fa16ee6830b45ad4cdc62e51f62eb60c"}, @@ -15,7 +15,7 @@ "cowboy": {:hex, :cowboy, "2.9.0", "865dd8b6607e14cf03282e10e934023a1bd8be6f6bacf921a7e2a96d800cd452", [:make, :rebar3], [{:cowlib, "2.11.0", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "1.8.0", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm", "2c729f934b4e1aa149aff882f57c6372c15399a20d54f65c8d67bef583021bde"}, "cowboy_telemetry": {:hex, :cowboy_telemetry, "0.4.0", "f239f68b588efa7707abce16a84d0d2acf3a0f50571f8bb7f56a15865aae820c", [:rebar3], [{:cowboy, "~> 2.7", [hex: :cowboy, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "7d98bac1ee4565d31b62d59f8823dfd8356a169e7fcbb83831b8a5397404c9de"}, "cowlib": {:hex, :cowlib, "2.11.0", "0b9ff9c346629256c42ebe1eeb769a83c6cb771a6ee5960bd110ab0b9b872063", [:make, :rebar3], [], "hexpm", "2b3e9da0b21c4565751a6d4901c20d1b4cc25cbb7fd50d91d2ab6dd287bc86a9"}, - "credo": {:hex, :credo, "1.7.1", "6e26bbcc9e22eefbff7e43188e69924e78818e2fe6282487d0703652bc20fd62", [:mix], [{:bunt, "~> 0.2.1", [hex: :bunt, repo: "hexpm", optional: false]}, {:file_system, "~> 0.2.8", [hex: :file_system, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "e9871c6095a4c0381c89b6aa98bc6260a8ba6addccf7f6a53da8849c748a58a2"}, + "credo": {:hex, :credo, "1.7.2", "fdee3a7cb553d8f2e773569181f0a4a2bb7d192e27e325404cc31b354f59d68c", [:mix], [{:bunt, "~> 0.2.1 or ~> 1.0", [hex: :bunt, repo: "hexpm", optional: false]}, {:file_system, "~> 0.2 or ~> 1.0", [hex: :file_system, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "dd15d6fbc280f6cf9b269f41df4e4992dee6615939653b164ef951f60afcb68e"}, "db_connection": {:hex, :db_connection, "2.6.0", "77d835c472b5b67fc4f29556dee74bf511bbafecdcaf98c27d27fa5918152086", [:mix], [{:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "c2f992d15725e721ec7fbc1189d4ecdb8afef76648c746a8e1cad35e3b8a35f3"}, "decimal": {:hex, :decimal, "2.1.1", "5611dca5d4b2c3dd497dec8f68751f1f1a54755e8ed2a966c2633cf885973ad6", [:mix], [], "hexpm", "53cfe5f497ed0e7771ae1a475575603d77425099ba5faef9394932b35020ffcc"}, "dialyxir": {:hex, :dialyxir, "1.4.2", "764a6e8e7a354f0ba95d58418178d486065ead1f69ad89782817c296d0d746a5", [:mix], [{:erlex, ">= 0.2.6", [hex: :erlex, repo: "hexpm", optional: false]}], "hexpm", "516603d8067b2fd585319e4b13d3674ad4f314a5902ba8130cd97dc902ce6bbd"}, @@ -30,7 +30,7 @@ "ex_check": {:hex, :ex_check, "0.15.0", "074b94c02de11c37bba1ca82ae5cc4926e6ccee862e57a485b6ba60fca2d8dc1", [:mix], [], "hexpm", "33848031a0c7e4209c3b4369ce154019788b5219956220c35ca5474299fb6a0e"}, "ex_doc": {:git, "https://github.com/elixir-lang/ex_doc.git", "16a8f536d1a0868293a30d63bcff6510bf023de3", []}, "faker": {:hex, :faker, "0.17.0", "671019d0652f63aefd8723b72167ecdb284baf7d47ad3a82a15e9b8a6df5d1fa", [:mix], [], "hexpm", "a7d4ad84a93fd25c5f5303510753789fc2433ff241bf3b4144d3f6f291658a6a"}, - "file_system": {:hex, :file_system, "0.2.10", "fb082005a9cd1711c05b5248710f8826b02d7d1784e7c3451f9c1231d4fc162d", [:mix], [], "hexpm", "41195edbfb562a593726eda3b3e8b103a309b733ad25f3d642ba49696bf715dc"}, + "file_system": {:hex, :file_system, "1.0.0", "b689cc7dcee665f774de94b5a832e578bd7963c8e637ef940cd44327db7de2cd", [:mix], [], "hexpm", "6752092d66aec5a10e662aefeed8ddb9531d79db0bc145bb8c40325ca1d8536d"}, "finch": {:hex, :finch, "0.16.0", "40733f02c89f94a112518071c0a91fe86069560f5dbdb39f9150042f44dcfb1a", [:mix], [{:castore, "~> 0.1 or ~> 1.0", [hex: :castore, repo: "hexpm", optional: false]}, {:mime, "~> 1.0 or ~> 2.0", [hex: :mime, repo: "hexpm", optional: false]}, {:mint, "~> 1.3", [hex: :mint, repo: "hexpm", optional: false]}, {:nimble_options, "~> 0.4 or ~> 1.0", [hex: :nimble_options, repo: "hexpm", optional: false]}, {:nimble_pool, "~> 0.2.6 or ~> 1.0", [hex: :nimble_pool, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "f660174c4d519e5fec629016054d60edd822cdfe2b7270836739ac2f97735ec5"}, "git_cli": {:hex, :git_cli, "0.3.0", "a5422f9b95c99483385b976f5d43f7e8233283a47cda13533d7c16131cb14df5", [:mix], [], "hexpm", "78cb952f4c86a41f4d3511f1d3ecb28edb268e3a7df278de2faa1bd4672eaf9b"}, "git_ops": {:hex, :git_ops, "2.6.0", "e0791ee1cf5db03f2c61b7ebd70e2e95cba2bb9b9793011f26609f22c0900087", [:mix], [{:git_cli, "~> 0.2", [hex: :git_cli, repo: "hexpm", optional: false]}, {:nimble_parsec, "~> 1.0", [hex: :nimble_parsec, repo: "hexpm", optional: false]}], "hexpm", "b98fca849b18aaf490f4ac7d1dd8c6c469b0cc3e6632562d366cab095e666ffe"}, From 3dd1b8ae5c2ab1ac48df452d82ea9d2e451b42c5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Jan 2024 20:12:30 +1300 Subject: [PATCH 13/30] chore(deps): Bump ash from 2.17.17 to 2.17.19 (#534) --- mix.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mix.lock b/mix.lock index 58d83f42..6ef313ba 100644 --- a/mix.lock +++ b/mix.lock @@ -1,7 +1,7 @@ %{ "absinthe": {:hex, :absinthe, "1.7.6", "0b897365f98d068cfcb4533c0200a8e58825a4aeeae6ec33633ebed6de11773b", [:mix], [{:dataloader, "~> 1.0.0 or ~> 2.0", [hex: :dataloader, repo: "hexpm", optional: true]}, {:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}, {:nimble_parsec, "~> 1.2.2 or ~> 1.3", [hex: :nimble_parsec, repo: "hexpm", optional: false]}, {:opentelemetry_process_propagator, "~> 0.2.1", [hex: :opentelemetry_process_propagator, repo: "hexpm", optional: true]}, {:telemetry, "~> 1.0 or ~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "e7626951ca5eec627da960615b51009f3a774765406ff02722b1d818f17e5778"}, "absinthe_plug": {:hex, :absinthe_plug, "1.5.8", "38d230641ba9dca8f72f1fed2dfc8abd53b3907d1996363da32434ab6ee5d6ab", [:mix], [{:absinthe, "~> 1.5", [hex: :absinthe, repo: "hexpm", optional: false]}, {:plug, "~> 1.4", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "bbb04176647b735828861e7b2705465e53e2cf54ccf5a73ddd1ebd855f996e5a"}, - "ash": {:hex, :ash, "2.17.17", "437688358c4f3fe18087e47b16388f0cc6c1eaaadfe44c0eeef1ef7c871ed9f4", [:mix], [{:comparable, "~> 1.0", [hex: :comparable, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: false]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:spark, ">= 1.1.50 and < 2.0.0-0", [hex: :spark, repo: "hexpm", optional: false]}, {:stream_data, "~> 0.6", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "df074e4246db04351344db23f36598535d568f7a91023eafd7af698e34804f0b"}, + "ash": {:hex, :ash, "2.17.19", "6cae99caf0e17c06780c2e9ec4553ee8799593e3c13d072be8199724a3c00922", [:mix], [{:comparable, "~> 1.0", [hex: :comparable, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: false]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:spark, ">= 1.1.50 and < 2.0.0-0", [hex: :spark, repo: "hexpm", optional: false]}, {:stream_data, "~> 0.6", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "f26f974e0e31e0bb4ae6923c9f24386f8ba2dec2e4657bb774d32bc265ad366c"}, "ash_graphql": {:hex, :ash_graphql, "0.26.8", "ca0af0d267d3cb8e7d1cf006b132f7120f7635b54187c7e150c373a652bff09f", [:mix], [{:absinthe, "~> 1.7", [hex: :absinthe, repo: "hexpm", optional: false]}, {:absinthe_plug, "~> 1.4", [hex: :absinthe_plug, repo: "hexpm", optional: false]}, {:ash, "~> 2.17", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.2", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "dfb0a6b9840715b77fce4b95e0e820133706de76c6b1f9bafc16fa9889e7e739"}, "ash_json_api": {:hex, :ash_json_api, "0.34.1", "6abe0369087b051956996233d0a9524b29ae74d16a7ffa37c8835f2e4f29a95b", [:mix], [{:ash, ">= 2.9.24 and < 3.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:json_xema, "~> 0.4.0", [hex: :json_xema, repo: "hexpm", optional: false]}, {:open_api_spex, "~> 3.16", [hex: :open_api_spex, repo: "hexpm", optional: true]}, {:plug, "~> 1.11", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "f48bf65dada604d5e876af63ba2d587d0bfff618f0bccf7774487301b3b3d43f"}, "ash_postgres": {:hex, :ash_postgres, "1.3.65", "b4f99c75040d245b75646567687ea85c4fe69f047d4037705fa6af945e88e583", [:mix], [{:ash, ">= 2.17.17 and < 3.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:ecto, "~> 3.9", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.9", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, ">= 0.0.0", [hex: :postgrex, repo: "hexpm", optional: false]}], "hexpm", "2390f80943326d325ee7bfe647d72988ee6a86e186c8c7297d316592e1d57875"}, From 7b8301e2e90ec5e98df9579a0dcfd3b076b362aa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 3 Jan 2024 20:13:29 +1300 Subject: [PATCH 14/30] chore(deps-dev): Bump dialyxir from 1.4.2 to 1.4.3 (#532) --- mix.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mix.lock b/mix.lock index 6ef313ba..522ab11d 100644 --- a/mix.lock +++ b/mix.lock @@ -18,7 +18,7 @@ "credo": {:hex, :credo, "1.7.2", "fdee3a7cb553d8f2e773569181f0a4a2bb7d192e27e325404cc31b354f59d68c", [:mix], [{:bunt, "~> 0.2.1 or ~> 1.0", [hex: :bunt, repo: "hexpm", optional: false]}, {:file_system, "~> 0.2 or ~> 1.0", [hex: :file_system, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "dd15d6fbc280f6cf9b269f41df4e4992dee6615939653b164ef951f60afcb68e"}, "db_connection": {:hex, :db_connection, "2.6.0", "77d835c472b5b67fc4f29556dee74bf511bbafecdcaf98c27d27fa5918152086", [:mix], [{:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "c2f992d15725e721ec7fbc1189d4ecdb8afef76648c746a8e1cad35e3b8a35f3"}, "decimal": {:hex, :decimal, "2.1.1", "5611dca5d4b2c3dd497dec8f68751f1f1a54755e8ed2a966c2633cf885973ad6", [:mix], [], "hexpm", "53cfe5f497ed0e7771ae1a475575603d77425099ba5faef9394932b35020ffcc"}, - "dialyxir": {:hex, :dialyxir, "1.4.2", "764a6e8e7a354f0ba95d58418178d486065ead1f69ad89782817c296d0d746a5", [:mix], [{:erlex, ">= 0.2.6", [hex: :erlex, repo: "hexpm", optional: false]}], "hexpm", "516603d8067b2fd585319e4b13d3674ad4f314a5902ba8130cd97dc902ce6bbd"}, + "dialyxir": {:hex, :dialyxir, "1.4.3", "edd0124f358f0b9e95bfe53a9fcf806d615d8f838e2202a9f430d59566b6b53b", [:mix], [{:erlex, ">= 0.2.6", [hex: :erlex, repo: "hexpm", optional: false]}], "hexpm", "bf2cfb75cd5c5006bec30141b131663299c661a864ec7fbbc72dfa557487a986"}, "doctor": {:hex, :doctor, "0.21.0", "20ef89355c67778e206225fe74913e96141c4d001cb04efdeba1a2a9704f1ab5", [:mix], [{:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}], "hexpm", "a227831daa79784eb24cdeedfa403c46a4cb7d0eab0e31232ec654314447e4e0"}, "earmark": {:hex, :earmark, "1.4.46", "8c7287bd3137e99d26ae4643e5b7ef2129a260e3dcf41f251750cb4563c8fb81", [:mix], [], "hexpm", "798d86db3d79964e759ddc0c077d5eb254968ed426399fbf5a62de2b5ff8910a"}, "earmark_parser": {:hex, :earmark_parser, "1.4.36", "487ea8ef9bdc659f085e6e654f3c3feea1d36ac3943edf9d2ef6c98de9174c13", [:mix], [], "hexpm", "a524e395634bdcf60a616efe77fd79561bec2e930d8b82745df06ab4e844400a"}, From f27f50a29e2dcd1addd9679c0d4fd9fa57f2422e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 4 Jan 2024 20:13:12 +1300 Subject: [PATCH 15/30] chore(deps-dev): Bump ash_postgres from 1.3.65 to 1.3.66 (#533) --- mix.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mix.lock b/mix.lock index 522ab11d..2596421d 100644 --- a/mix.lock +++ b/mix.lock @@ -4,7 +4,7 @@ "ash": {:hex, :ash, "2.17.19", "6cae99caf0e17c06780c2e9ec4553ee8799593e3c13d072be8199724a3c00922", [:mix], [{:comparable, "~> 1.0", [hex: :comparable, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: false]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:spark, ">= 1.1.50 and < 2.0.0-0", [hex: :spark, repo: "hexpm", optional: false]}, {:stream_data, "~> 0.6", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "f26f974e0e31e0bb4ae6923c9f24386f8ba2dec2e4657bb774d32bc265ad366c"}, "ash_graphql": {:hex, :ash_graphql, "0.26.8", "ca0af0d267d3cb8e7d1cf006b132f7120f7635b54187c7e150c373a652bff09f", [:mix], [{:absinthe, "~> 1.7", [hex: :absinthe, repo: "hexpm", optional: false]}, {:absinthe_plug, "~> 1.4", [hex: :absinthe_plug, repo: "hexpm", optional: false]}, {:ash, "~> 2.17", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.2", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "dfb0a6b9840715b77fce4b95e0e820133706de76c6b1f9bafc16fa9889e7e739"}, "ash_json_api": {:hex, :ash_json_api, "0.34.1", "6abe0369087b051956996233d0a9524b29ae74d16a7ffa37c8835f2e4f29a95b", [:mix], [{:ash, ">= 2.9.24 and < 3.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:json_xema, "~> 0.4.0", [hex: :json_xema, repo: "hexpm", optional: false]}, {:open_api_spex, "~> 3.16", [hex: :open_api_spex, repo: "hexpm", optional: true]}, {:plug, "~> 1.11", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "f48bf65dada604d5e876af63ba2d587d0bfff618f0bccf7774487301b3b3d43f"}, - "ash_postgres": {:hex, :ash_postgres, "1.3.65", "b4f99c75040d245b75646567687ea85c4fe69f047d4037705fa6af945e88e583", [:mix], [{:ash, ">= 2.17.17 and < 3.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:ecto, "~> 3.9", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.9", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, ">= 0.0.0", [hex: :postgrex, repo: "hexpm", optional: false]}], "hexpm", "2390f80943326d325ee7bfe647d72988ee6a86e186c8c7297d316592e1d57875"}, + "ash_postgres": {:hex, :ash_postgres, "1.3.66", "81c25a2782bab00e2a2415ca1f66de6bb75c5ad324e6f0c9f8a297271c17c343", [:mix], [{:ash, ">= 2.17.19 and < 3.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:ecto, "~> 3.9", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.9", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, ">= 0.0.0", [hex: :postgrex, repo: "hexpm", optional: false]}], "hexpm", "afc1d4f8829f92d8de974bf2660575d6ca6fd5d268c9222488c9e55cb0aabfd1"}, "assent": {:hex, :assent, "0.2.9", "e3cdbc8f2e4f8d02c4c490ef8c2148bb1bc0d81aa0648f09addc5918d9a1cd5a", [:mix], [{:certifi, ">= 0.0.0", [hex: :certifi, repo: "hexpm", optional: true]}, {:finch, "~> 0.15", [hex: :finch, repo: "hexpm", optional: true]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:jose, "~> 1.8", [hex: :jose, repo: "hexpm", optional: true]}, {:mint, "~> 1.0", [hex: :mint, repo: "hexpm", optional: true]}, {:req, "~> 0.4", [hex: :req, repo: "hexpm", optional: true]}, {:ssl_verify_fun, ">= 0.0.0", [hex: :ssl_verify_fun, repo: "hexpm", optional: true]}], "hexpm", "5f9562bda90bef7bd3f1b9a348520a5631b86c85145346bb7edb8a7ebbad8e86"}, "bcrypt_elixir": {:hex, :bcrypt_elixir, "3.1.0", "0b110a9a6c619b19a7f73fa3004aa11d6e719a67e672d1633dc36b6b2290a0f7", [:make, :mix], [{:comeonin, "~> 5.3", [hex: :comeonin, repo: "hexpm", optional: false]}, {:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "2ad2acb5a8bc049e8d5aa267802631912bb80d5f4110a178ae7999e69dca1bf7"}, "bunt": {:hex, :bunt, "1.0.0", "081c2c665f086849e6d57900292b3a161727ab40431219529f13c4ddcf3e7a44", [:mix], [], "hexpm", "dc5f86aa08a5f6fa6b8096f0735c4e76d54ae5c9fa2c143e5a1fc7c1cd9bb6b5"}, From d55383ed327c5c8e6806e3281476f5f818392e8a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 5 Jan 2024 07:12:01 +1300 Subject: [PATCH 16/30] chore(deps-dev): Bump ash_postgres from 1.3.66 to 1.3.67 (#537) --- mix.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mix.lock b/mix.lock index 2596421d..ecf506a9 100644 --- a/mix.lock +++ b/mix.lock @@ -1,10 +1,10 @@ %{ "absinthe": {:hex, :absinthe, "1.7.6", "0b897365f98d068cfcb4533c0200a8e58825a4aeeae6ec33633ebed6de11773b", [:mix], [{:dataloader, "~> 1.0.0 or ~> 2.0", [hex: :dataloader, repo: "hexpm", optional: true]}, {:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}, {:nimble_parsec, "~> 1.2.2 or ~> 1.3", [hex: :nimble_parsec, repo: "hexpm", optional: false]}, {:opentelemetry_process_propagator, "~> 0.2.1", [hex: :opentelemetry_process_propagator, repo: "hexpm", optional: true]}, {:telemetry, "~> 1.0 or ~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "e7626951ca5eec627da960615b51009f3a774765406ff02722b1d818f17e5778"}, "absinthe_plug": {:hex, :absinthe_plug, "1.5.8", "38d230641ba9dca8f72f1fed2dfc8abd53b3907d1996363da32434ab6ee5d6ab", [:mix], [{:absinthe, "~> 1.5", [hex: :absinthe, repo: "hexpm", optional: false]}, {:plug, "~> 1.4", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "bbb04176647b735828861e7b2705465e53e2cf54ccf5a73ddd1ebd855f996e5a"}, - "ash": {:hex, :ash, "2.17.19", "6cae99caf0e17c06780c2e9ec4553ee8799593e3c13d072be8199724a3c00922", [:mix], [{:comparable, "~> 1.0", [hex: :comparable, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: false]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:spark, ">= 1.1.50 and < 2.0.0-0", [hex: :spark, repo: "hexpm", optional: false]}, {:stream_data, "~> 0.6", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "f26f974e0e31e0bb4ae6923c9f24386f8ba2dec2e4657bb774d32bc265ad366c"}, + "ash": {:hex, :ash, "2.17.20", "8b201335fac2f9ec8eb89c71c7c9007d11a09089dd82aa070ed4214c7ae02400", [:mix], [{:comparable, "~> 1.0", [hex: :comparable, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: false]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:spark, ">= 1.1.50 and < 2.0.0-0", [hex: :spark, repo: "hexpm", optional: false]}, {:stream_data, "~> 0.6", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "c89da37cf7464803b09cdd6f20c0b944764ea124b782cdfc72eeb9ac43a11445"}, "ash_graphql": {:hex, :ash_graphql, "0.26.8", "ca0af0d267d3cb8e7d1cf006b132f7120f7635b54187c7e150c373a652bff09f", [:mix], [{:absinthe, "~> 1.7", [hex: :absinthe, repo: "hexpm", optional: false]}, {:absinthe_plug, "~> 1.4", [hex: :absinthe_plug, repo: "hexpm", optional: false]}, {:ash, "~> 2.17", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.2", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "dfb0a6b9840715b77fce4b95e0e820133706de76c6b1f9bafc16fa9889e7e739"}, "ash_json_api": {:hex, :ash_json_api, "0.34.1", "6abe0369087b051956996233d0a9524b29ae74d16a7ffa37c8835f2e4f29a95b", [:mix], [{:ash, ">= 2.9.24 and < 3.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:json_xema, "~> 0.4.0", [hex: :json_xema, repo: "hexpm", optional: false]}, {:open_api_spex, "~> 3.16", [hex: :open_api_spex, repo: "hexpm", optional: true]}, {:plug, "~> 1.11", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "f48bf65dada604d5e876af63ba2d587d0bfff618f0bccf7774487301b3b3d43f"}, - "ash_postgres": {:hex, :ash_postgres, "1.3.66", "81c25a2782bab00e2a2415ca1f66de6bb75c5ad324e6f0c9f8a297271c17c343", [:mix], [{:ash, ">= 2.17.19 and < 3.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:ecto, "~> 3.9", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.9", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, ">= 0.0.0", [hex: :postgrex, repo: "hexpm", optional: false]}], "hexpm", "afc1d4f8829f92d8de974bf2660575d6ca6fd5d268c9222488c9e55cb0aabfd1"}, + "ash_postgres": {:hex, :ash_postgres, "1.3.67", "37b924d7b31778143e80710849deda8d3e44df9950cf61d1e8fc24ae0000861d", [:mix], [{:ash, ">= 2.17.20 and < 3.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:ecto, "~> 3.9", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.9", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, ">= 0.0.0", [hex: :postgrex, repo: "hexpm", optional: false]}], "hexpm", "222fd5dac3151f552324fe6fd930e8cc2b9dc9879361e073cf39db10d11d34ff"}, "assent": {:hex, :assent, "0.2.9", "e3cdbc8f2e4f8d02c4c490ef8c2148bb1bc0d81aa0648f09addc5918d9a1cd5a", [:mix], [{:certifi, ">= 0.0.0", [hex: :certifi, repo: "hexpm", optional: true]}, {:finch, "~> 0.15", [hex: :finch, repo: "hexpm", optional: true]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:jose, "~> 1.8", [hex: :jose, repo: "hexpm", optional: true]}, {:mint, "~> 1.0", [hex: :mint, repo: "hexpm", optional: true]}, {:req, "~> 0.4", [hex: :req, repo: "hexpm", optional: true]}, {:ssl_verify_fun, ">= 0.0.0", [hex: :ssl_verify_fun, repo: "hexpm", optional: true]}], "hexpm", "5f9562bda90bef7bd3f1b9a348520a5631b86c85145346bb7edb8a7ebbad8e86"}, "bcrypt_elixir": {:hex, :bcrypt_elixir, "3.1.0", "0b110a9a6c619b19a7f73fa3004aa11d6e719a67e672d1633dc36b6b2290a0f7", [:make, :mix], [{:comeonin, "~> 5.3", [hex: :comeonin, repo: "hexpm", optional: false]}, {:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "2ad2acb5a8bc049e8d5aa267802631912bb80d5f4110a178ae7999e69dca1bf7"}, "bunt": {:hex, :bunt, "1.0.0", "081c2c665f086849e6d57900292b3a161727ab40431219529f13c4ddcf3e7a44", [:mix], [], "hexpm", "dc5f86aa08a5f6fa6b8096f0735c4e76d54ae5c9fa2c143e5a1fc7c1cd9bb6b5"}, From 53de612ad4b1c7951bb1bcacd465a5f317ec9fcb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 6 Jan 2024 13:13:45 +1300 Subject: [PATCH 17/30] chore(deps-dev): Bump ash_postgres from 1.3.67 to 1.3.68 (#540) --- mix.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mix.lock b/mix.lock index ecf506a9..4426fa91 100644 --- a/mix.lock +++ b/mix.lock @@ -4,7 +4,7 @@ "ash": {:hex, :ash, "2.17.20", "8b201335fac2f9ec8eb89c71c7c9007d11a09089dd82aa070ed4214c7ae02400", [:mix], [{:comparable, "~> 1.0", [hex: :comparable, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: false]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:spark, ">= 1.1.50 and < 2.0.0-0", [hex: :spark, repo: "hexpm", optional: false]}, {:stream_data, "~> 0.6", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "c89da37cf7464803b09cdd6f20c0b944764ea124b782cdfc72eeb9ac43a11445"}, "ash_graphql": {:hex, :ash_graphql, "0.26.8", "ca0af0d267d3cb8e7d1cf006b132f7120f7635b54187c7e150c373a652bff09f", [:mix], [{:absinthe, "~> 1.7", [hex: :absinthe, repo: "hexpm", optional: false]}, {:absinthe_plug, "~> 1.4", [hex: :absinthe_plug, repo: "hexpm", optional: false]}, {:ash, "~> 2.17", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.2", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "dfb0a6b9840715b77fce4b95e0e820133706de76c6b1f9bafc16fa9889e7e739"}, "ash_json_api": {:hex, :ash_json_api, "0.34.1", "6abe0369087b051956996233d0a9524b29ae74d16a7ffa37c8835f2e4f29a95b", [:mix], [{:ash, ">= 2.9.24 and < 3.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:json_xema, "~> 0.4.0", [hex: :json_xema, repo: "hexpm", optional: false]}, {:open_api_spex, "~> 3.16", [hex: :open_api_spex, repo: "hexpm", optional: true]}, {:plug, "~> 1.11", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "f48bf65dada604d5e876af63ba2d587d0bfff618f0bccf7774487301b3b3d43f"}, - "ash_postgres": {:hex, :ash_postgres, "1.3.67", "37b924d7b31778143e80710849deda8d3e44df9950cf61d1e8fc24ae0000861d", [:mix], [{:ash, ">= 2.17.20 and < 3.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:ecto, "~> 3.9", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.9", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, ">= 0.0.0", [hex: :postgrex, repo: "hexpm", optional: false]}], "hexpm", "222fd5dac3151f552324fe6fd930e8cc2b9dc9879361e073cf39db10d11d34ff"}, + "ash_postgres": {:hex, :ash_postgres, "1.3.68", "acad35de4111fd237d57718593cd5c30a624f5b7cb6686d179e0b6087d70f21f", [:mix], [{:ash, ">= 2.17.20 and < 3.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:ecto, "~> 3.9", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.9", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, ">= 0.0.0", [hex: :postgrex, repo: "hexpm", optional: false]}], "hexpm", "09c5ba51281dba15bde99ada573985d22f12cda76cce4b2ff63fc5f59707d061"}, "assent": {:hex, :assent, "0.2.9", "e3cdbc8f2e4f8d02c4c490ef8c2148bb1bc0d81aa0648f09addc5918d9a1cd5a", [:mix], [{:certifi, ">= 0.0.0", [hex: :certifi, repo: "hexpm", optional: true]}, {:finch, "~> 0.15", [hex: :finch, repo: "hexpm", optional: true]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:jose, "~> 1.8", [hex: :jose, repo: "hexpm", optional: true]}, {:mint, "~> 1.0", [hex: :mint, repo: "hexpm", optional: true]}, {:req, "~> 0.4", [hex: :req, repo: "hexpm", optional: true]}, {:ssl_verify_fun, ">= 0.0.0", [hex: :ssl_verify_fun, repo: "hexpm", optional: true]}], "hexpm", "5f9562bda90bef7bd3f1b9a348520a5631b86c85145346bb7edb8a7ebbad8e86"}, "bcrypt_elixir": {:hex, :bcrypt_elixir, "3.1.0", "0b110a9a6c619b19a7f73fa3004aa11d6e719a67e672d1633dc36b6b2290a0f7", [:make, :mix], [{:comeonin, "~> 5.3", [hex: :comeonin, repo: "hexpm", optional: false]}, {:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "2ad2acb5a8bc049e8d5aa267802631912bb80d5f4110a178ae7999e69dca1bf7"}, "bunt": {:hex, :bunt, "1.0.0", "081c2c665f086849e6d57900292b3a161727ab40431219529f13c4ddcf3e7a44", [:mix], [], "hexpm", "dc5f86aa08a5f6fa6b8096f0735c4e76d54ae5c9fa2c143e5a1fc7c1cd9bb6b5"}, From 4c04517eef8ecb55c732551bc49a930eb274ec93 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 6 Jan 2024 13:14:26 +1300 Subject: [PATCH 18/30] chore(deps-dev): Bump credo from 1.7.2 to 1.7.3 (#539) --- mix.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mix.lock b/mix.lock index 4426fa91..a3700635 100644 --- a/mix.lock +++ b/mix.lock @@ -15,7 +15,7 @@ "cowboy": {:hex, :cowboy, "2.9.0", "865dd8b6607e14cf03282e10e934023a1bd8be6f6bacf921a7e2a96d800cd452", [:make, :rebar3], [{:cowlib, "2.11.0", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "1.8.0", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm", "2c729f934b4e1aa149aff882f57c6372c15399a20d54f65c8d67bef583021bde"}, "cowboy_telemetry": {:hex, :cowboy_telemetry, "0.4.0", "f239f68b588efa7707abce16a84d0d2acf3a0f50571f8bb7f56a15865aae820c", [:rebar3], [{:cowboy, "~> 2.7", [hex: :cowboy, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "7d98bac1ee4565d31b62d59f8823dfd8356a169e7fcbb83831b8a5397404c9de"}, "cowlib": {:hex, :cowlib, "2.11.0", "0b9ff9c346629256c42ebe1eeb769a83c6cb771a6ee5960bd110ab0b9b872063", [:make, :rebar3], [], "hexpm", "2b3e9da0b21c4565751a6d4901c20d1b4cc25cbb7fd50d91d2ab6dd287bc86a9"}, - "credo": {:hex, :credo, "1.7.2", "fdee3a7cb553d8f2e773569181f0a4a2bb7d192e27e325404cc31b354f59d68c", [:mix], [{:bunt, "~> 0.2.1 or ~> 1.0", [hex: :bunt, repo: "hexpm", optional: false]}, {:file_system, "~> 0.2 or ~> 1.0", [hex: :file_system, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "dd15d6fbc280f6cf9b269f41df4e4992dee6615939653b164ef951f60afcb68e"}, + "credo": {:hex, :credo, "1.7.3", "05bb11eaf2f2b8db370ecaa6a6bda2ec49b2acd5e0418bc106b73b07128c0436", [:mix], [{:bunt, "~> 0.2.1 or ~> 1.0", [hex: :bunt, repo: "hexpm", optional: false]}, {:file_system, "~> 0.2 or ~> 1.0", [hex: :file_system, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "35ea675a094c934c22fb1dca3696f3c31f2728ae6ef5a53b5d648c11180a4535"}, "db_connection": {:hex, :db_connection, "2.6.0", "77d835c472b5b67fc4f29556dee74bf511bbafecdcaf98c27d27fa5918152086", [:mix], [{:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "c2f992d15725e721ec7fbc1189d4ecdb8afef76648c746a8e1cad35e3b8a35f3"}, "decimal": {:hex, :decimal, "2.1.1", "5611dca5d4b2c3dd497dec8f68751f1f1a54755e8ed2a966c2633cf885973ad6", [:mix], [], "hexpm", "53cfe5f497ed0e7771ae1a475575603d77425099ba5faef9394932b35020ffcc"}, "dialyxir": {:hex, :dialyxir, "1.4.3", "edd0124f358f0b9e95bfe53a9fcf806d615d8f838e2202a9f430d59566b6b53b", [:mix], [{:erlex, ">= 0.2.6", [hex: :erlex, repo: "hexpm", optional: false]}], "hexpm", "bf2cfb75cd5c5006bec30141b131663299c661a864ec7fbbc72dfa557487a986"}, From 2b1b1625b388d8147e65706c3c357d00acea781b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 13 Jan 2024 10:05:46 +1300 Subject: [PATCH 19/30] chore(deps): Bump finch from 0.16.0 to 0.17.0 (#543) --- mix.exs | 2 +- mix.lock | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/mix.exs b/mix.exs index a41f8790..c2d4c549 100644 --- a/mix.exs +++ b/mix.exs @@ -220,7 +220,7 @@ defmodule AshAuthentication.MixProject do {:assent, "~> 0.2 and >= 0.2.8"}, {:bcrypt_elixir, "~> 3.0"}, {:castore, "~> 1.0"}, - {:finch, "~> 0.16.0"}, + {:finch, "~> 0.17.0"}, {:jason, "~> 1.4"}, {:joken, "~> 2.5"}, {:plug, "~> 1.13"}, diff --git a/mix.lock b/mix.lock index a3700635..bd1a3ee4 100644 --- a/mix.lock +++ b/mix.lock @@ -31,7 +31,7 @@ "ex_doc": {:git, "https://github.com/elixir-lang/ex_doc.git", "16a8f536d1a0868293a30d63bcff6510bf023de3", []}, "faker": {:hex, :faker, "0.17.0", "671019d0652f63aefd8723b72167ecdb284baf7d47ad3a82a15e9b8a6df5d1fa", [:mix], [], "hexpm", "a7d4ad84a93fd25c5f5303510753789fc2433ff241bf3b4144d3f6f291658a6a"}, "file_system": {:hex, :file_system, "1.0.0", "b689cc7dcee665f774de94b5a832e578bd7963c8e637ef940cd44327db7de2cd", [:mix], [], "hexpm", "6752092d66aec5a10e662aefeed8ddb9531d79db0bc145bb8c40325ca1d8536d"}, - "finch": {:hex, :finch, "0.16.0", "40733f02c89f94a112518071c0a91fe86069560f5dbdb39f9150042f44dcfb1a", [:mix], [{:castore, "~> 0.1 or ~> 1.0", [hex: :castore, repo: "hexpm", optional: false]}, {:mime, "~> 1.0 or ~> 2.0", [hex: :mime, repo: "hexpm", optional: false]}, {:mint, "~> 1.3", [hex: :mint, repo: "hexpm", optional: false]}, {:nimble_options, "~> 0.4 or ~> 1.0", [hex: :nimble_options, repo: "hexpm", optional: false]}, {:nimble_pool, "~> 0.2.6 or ~> 1.0", [hex: :nimble_pool, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "f660174c4d519e5fec629016054d60edd822cdfe2b7270836739ac2f97735ec5"}, + "finch": {:hex, :finch, "0.17.0", "17d06e1d44d891d20dbd437335eebe844e2426a0cd7e3a3e220b461127c73f70", [:mix], [{:castore, "~> 0.1 or ~> 1.0", [hex: :castore, repo: "hexpm", optional: false]}, {:mime, "~> 1.0 or ~> 2.0", [hex: :mime, repo: "hexpm", optional: false]}, {:mint, "~> 1.3", [hex: :mint, repo: "hexpm", optional: false]}, {:nimble_options, "~> 0.4 or ~> 1.0", [hex: :nimble_options, repo: "hexpm", optional: false]}, {:nimble_pool, "~> 0.2.6 or ~> 1.0", [hex: :nimble_pool, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "8d014a661bb6a437263d4b5abf0bcbd3cf0deb26b1e8596f2a271d22e48934c7"}, "git_cli": {:hex, :git_cli, "0.3.0", "a5422f9b95c99483385b976f5d43f7e8233283a47cda13533d7c16131cb14df5", [:mix], [], "hexpm", "78cb952f4c86a41f4d3511f1d3ecb28edb268e3a7df278de2faa1bd4672eaf9b"}, "git_ops": {:hex, :git_ops, "2.6.0", "e0791ee1cf5db03f2c61b7ebd70e2e95cba2bb9b9793011f26609f22c0900087", [:mix], [{:git_cli, "~> 0.2", [hex: :git_cli, repo: "hexpm", optional: false]}, {:nimble_parsec, "~> 1.0", [hex: :nimble_parsec, repo: "hexpm", optional: false]}], "hexpm", "b98fca849b18aaf490f4ac7d1dd8c6c469b0cc3e6632562d366cab095e666ffe"}, "hpax": {:hex, :hpax, "0.1.2", "09a75600d9d8bbd064cdd741f21fc06fc1f4cf3d0fcc335e5aa19be1a7235c84", [:mix], [], "hexpm", "2c87843d5a23f5f16748ebe77969880e29809580efdaccd615cd3bed628a8c13"}, @@ -44,7 +44,7 @@ "makeup_erlang": {:hex, :makeup_erlang, "0.1.2", "ad87296a092a46e03b7e9b0be7631ddcf64c790fa68a9ef5323b6cbb36affc72", [:mix], [{:makeup, "~> 1.0", [hex: :makeup, repo: "hexpm", optional: false]}], "hexpm", "f3f5a1ca93ce6e092d92b6d9c049bcda58a3b617a8d888f8e7231c85630e8108"}, "mime": {:hex, :mime, "2.0.5", "dc34c8efd439abe6ae0343edbb8556f4d63f178594894720607772a041b04b02", [:mix], [], "hexpm", "da0d64a365c45bc9935cc5c8a7fc5e49a0e0f9932a761c55d6c52b142780a05c"}, "mimic": {:hex, :mimic, "1.7.4", "cd2772ffbc9edefe964bc668bfd4059487fa639a5b7f1cbdf4fd22946505aa4f", [:mix], [], "hexpm", "437c61041ecf8a7fae35763ce89859e4973bb0666e6ce76d75efc789204447c3"}, - "mint": {:hex, :mint, "1.5.1", "8db5239e56738552d85af398798c80648db0e90f343c8469f6c6d8898944fb6f", [:mix], [{:castore, "~> 0.1.0 or ~> 1.0", [hex: :castore, repo: "hexpm", optional: true]}, {:hpax, "~> 0.1.1", [hex: :hpax, repo: "hexpm", optional: false]}], "hexpm", "4a63e1e76a7c3956abd2c72f370a0d0aecddc3976dea5c27eccbecfa5e7d5b1e"}, + "mint": {:hex, :mint, "1.5.2", "4805e059f96028948870d23d7783613b7e6b0e2fb4e98d720383852a760067fd", [:mix], [{:castore, "~> 0.1.0 or ~> 1.0", [hex: :castore, repo: "hexpm", optional: true]}, {:hpax, "~> 0.1.1", [hex: :hpax, repo: "hexpm", optional: false]}], "hexpm", "d77d9e9ce4eb35941907f1d3df38d8f750c357865353e21d335bdcdf6d892a02"}, "mix_audit": {:hex, :mix_audit, "2.1.1", "653aa6d8f291fc4b017aa82bdb79a4017903902ebba57960ef199cbbc8c008a1", [:make, :mix], [{:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:yaml_elixir, "~> 2.9", [hex: :yaml_elixir, repo: "hexpm", optional: false]}], "hexpm", "541990c3ab3a7bb8c4aaa2ce2732a4ae160ad6237e5dcd5ad1564f4f85354db1"}, "nimble_options": {:hex, :nimble_options, "1.1.0", "3b31a57ede9cb1502071fade751ab0c7b8dbe75a9a4c2b5bbb0943a690b63172", [:mix], [], "hexpm", "8bbbb3941af3ca9acc7835f5655ea062111c9c27bcac53e004460dfd19008a99"}, "nimble_parsec": {:hex, :nimble_parsec, "1.4.0", "51f9b613ea62cfa97b25ccc2c1b4216e81df970acd8e16e8d1bdc58fef21370d", [:mix], [], "hexpm", "9c565862810fb383e9838c1dd2d7d2c437b3d13b267414ba6af33e50d2d1cf28"}, From 604c0e4d88d97c2632637cccac97a449b23db226 Mon Sep 17 00:00:00 2001 From: Zach Daniel Date: Fri, 12 Jan 2024 16:30:02 -0500 Subject: [PATCH 20/30] docs: update ex_doc, overhaul underlying doc structure docs: make all DSL docs one liners (now required by spark) --- ...L:-AshAuthentication.AddOn.Confirmation.md | 78 +----- .../DSL:-AshAuthentication.Strategy.Auth0.md | 224 ++--------------- .../DSL:-AshAuthentication.Strategy.Github.md | 226 ++--------------- .../DSL:-AshAuthentication.Strategy.Google.md | 225 ++--------------- ...L:-AshAuthentication.Strategy.MagicLink.md | 46 +--- .../DSL:-AshAuthentication.Strategy.OAuth2.md | 203 ++------------- .../DSL:-AshAuthentication.Strategy.Oidc.md | 234 ++---------------- ...SL:-AshAuthentication.Strategy.Password.md | 119 +-------- .../DSL:-AshAuthentication.TokenResource.md | 8 +- documentation/dsls/DSL:-AshAuthentication.md | 16 +- documentation/topics/confirmation.md | 7 + documentation/topics/tokens.md | 19 ++ .../add_ons/confirmation.ex | 4 - .../add_ons/confirmation/dsl.ex | 71 ++---- lib/ash_authentication/dsl.ex | 104 ++------ lib/ash_authentication/strategies/auth0.ex | 4 - .../strategies/auth0/dsl.ex | 2 - lib/ash_authentication/strategies/github.ex | 4 - .../strategies/github/dsl.ex | 2 - lib/ash_authentication/strategies/google.ex | 4 - .../strategies/google/dsl.ex | 2 - .../strategies/magic_link.ex | 4 - .../strategies/magic_link/dsl.ex | 39 +-- lib/ash_authentication/strategies/oauth2.ex | 5 - .../strategies/oauth2/dsl.ex | 211 +++------------- lib/ash_authentication/strategies/oidc.ex | 4 - lib/ash_authentication/strategies/oidc/dsl.ex | 30 +-- lib/ash_authentication/strategies/password.ex | 4 - .../strategies/password/dsl.ex | 120 +++------ lib/ash_authentication/token_resource.ex | 27 +- mix.exs | 181 ++++++-------- mix.lock | 8 +- 32 files changed, 325 insertions(+), 1910 deletions(-) create mode 100644 documentation/topics/confirmation.md create mode 100644 documentation/topics/tokens.md diff --git a/documentation/dsls/DSL:-AshAuthentication.AddOn.Confirmation.md b/documentation/dsls/DSL:-AshAuthentication.AddOn.Confirmation.md index d4a44878..9f8e263e 100644 --- a/documentation/dsls/DSL:-AshAuthentication.AddOn.Confirmation.md +++ b/documentation/dsls/DSL:-AshAuthentication.AddOn.Confirmation.md @@ -88,68 +88,6 @@ to interact with the plugs directly, you can do so via the ...> user.confirmed_at >= one_second_ago() true -## DSL Documentation - -User confirmation flow - - - - - -* `:name` (`t:atom/0`) - Required. Uniquely identifies the add-on. - -* `:token_lifetime` - How long should the confirmation token be valid. - If no unit is provided, then hours is assumed. - Defaults to 3 days. The default value is `{3, :days}`. - -* `:monitor_fields` (list of `t:atom/0`) - Required. A list of fields to monitor for changes (eg `[:email, :phone_number]`). - The confirmation will only be sent when one of these fields are changed. - -* `:confirmed_at_field` (`t:atom/0`) - The name of a field to store the time that the last confirmation took - place. - This attribute will be dynamically added to the resource if not already - present. The default value is `:confirmed_at`. - -* `:confirm_on_create?` (`t:boolean/0`) - Generate and send a confirmation token when a new resource is created? - Will only trigger when a create action is executed _and_ one of the - monitored fields is being set. The default value is `true`. - -* `:confirm_on_update?` (`t:boolean/0`) - Generate and send a confirmation token when a resource is changed? - Will only trigger when an update action is executed _and_ one of the - monitored fields is being set. The default value is `true`. - -* `:inhibit_updates?` (`t:boolean/0`) - Wait until confirmation is received before actually changing a monitored - field? - If a change to a monitored field is detected, then the change is stored - in the token resource and the changeset updated to not make the - requested change. When the token is confirmed, the change will be - applied. - This could be potentially weird for your users, but useful in the case - of a user changing their email address or phone number where you want - to verify that the new contact details are reachable. The default value is `true`. - -* `:sender` - Required. How to send the confirmation instructions to the user. - Allows you to glue sending of confirmation instructions to - [swoosh](https://hex.pm/packages/swoosh), - [ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification - system is appropriate for your application. - Accepts a module, module and opts, or a function that takes a record, - reset token and options. - The options will be a keyword list containing the original - changeset, before any changes were inhibited. This allows you - to send an email to the user's new email address if it is being - changed for example. - See `AshAuthentication.Sender` for more information. - -* `:confirm_action_name` (`t:atom/0`) - The name of the action to use when performing confirmation. - If this action is not already present on the resource, it will be - created for you. The default value is `:confirm`. - - - - - - ## authentication.add_ons.confirmation @@ -173,14 +111,14 @@ User confirmation flow | Name | Type | Default | Docs | |------|------|---------|------| -| [`monitor_fields`](#authentication-add_ons-confirmation-monitor_fields){: #authentication-add_ons-confirmation-monitor_fields .spark-required} | `list(atom)` | | A list of fields to monitor for changes (eg `[:email, :phone_number]`). The confirmation will only be sent when one of these fields are changed. | -| [`sender`](#authentication-add_ons-confirmation-sender){: #authentication-add_ons-confirmation-sender .spark-required} | `(any, any, any -> any) \| module` | | How to send the confirmation instructions to the user. Allows you to glue sending of confirmation instructions to [swoosh](https://hex.pm/packages/swoosh), [ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification system is appropriate for your application. Accepts a module, module and opts, or a function that takes a record, reset token and options. The options will be a keyword list containing the original changeset, before any changes were inhibited. This allows you to send an email to the user's new email address if it is being changed for example. See `AshAuthentication.Sender` for more information. | -| [`token_lifetime`](#authentication-add_ons-confirmation-token_lifetime){: #authentication-add_ons-confirmation-token_lifetime } | `pos_integer \| {pos_integer, :days \| :hours \| :minutes \| :seconds}` | `{3, :days}` | How long should the confirmation token be valid. If no unit is provided, then hours is assumed. Defaults to 3 days. | -| [`confirmed_at_field`](#authentication-add_ons-confirmation-confirmed_at_field){: #authentication-add_ons-confirmation-confirmed_at_field } | `atom` | `:confirmed_at` | The name of a field to store the time that the last confirmation took place. This attribute will be dynamically added to the resource if not already present. | -| [`confirm_on_create?`](#authentication-add_ons-confirmation-confirm_on_create?){: #authentication-add_ons-confirmation-confirm_on_create? } | `boolean` | `true` | Generate and send a confirmation token when a new resource is created? Will only trigger when a create action is executed _and_ one of the monitored fields is being set. | -| [`confirm_on_update?`](#authentication-add_ons-confirmation-confirm_on_update?){: #authentication-add_ons-confirmation-confirm_on_update? } | `boolean` | `true` | Generate and send a confirmation token when a resource is changed? Will only trigger when an update action is executed _and_ one of the monitored fields is being set. | -| [`inhibit_updates?`](#authentication-add_ons-confirmation-inhibit_updates?){: #authentication-add_ons-confirmation-inhibit_updates? } | `boolean` | `true` | Wait until confirmation is received before actually changing a monitored field? If a change to a monitored field is detected, then the change is stored in the token resource and the changeset updated to not make the requested change. When the token is confirmed, the change will be applied. This could be potentially weird for your users, but useful in the case of a user changing their email address or phone number where you want to verify that the new contact details are reachable. | -| [`confirm_action_name`](#authentication-add_ons-confirmation-confirm_action_name){: #authentication-add_ons-confirmation-confirm_action_name } | `atom` | `:confirm` | The name of the action to use when performing confirmation. If this action is not already present on the resource, it will be created for you. | +| [`monitor_fields`](#authentication-add_ons-confirmation-monitor_fields){: #authentication-add_ons-confirmation-monitor_fields .spark-required} | `list(atom)` | | A list of fields to monitor for changes. Confirmation will be sent when one of these fields are changed. | +| [`sender`](#authentication-add_ons-confirmation-sender){: #authentication-add_ons-confirmation-sender .spark-required} | `(any, any, any -> any) \| module` | | How to send the confirmation instructions to the user. | +| [`token_lifetime`](#authentication-add_ons-confirmation-token_lifetime){: #authentication-add_ons-confirmation-token_lifetime } | `pos_integer \| {pos_integer, :days \| :hours \| :minutes \| :seconds}` | `{3, :days}` | How long should the confirmation token be valid. If no unit is provided, then hours is assumed. | +| [`confirmed_at_field`](#authentication-add_ons-confirmation-confirmed_at_field){: #authentication-add_ons-confirmation-confirmed_at_field } | `atom` | `:confirmed_at` | The name of the field to store the time that the last confirmation took place. Created if it does not exist. | +| [`confirm_on_create?`](#authentication-add_ons-confirmation-confirm_on_create?){: #authentication-add_ons-confirmation-confirm_on_create? } | `boolean` | `true` | Generate and send a confirmation token when a new resource is created. Triggers when a create action is executed _and_ one of the monitored fields is being set. | +| [`confirm_on_update?`](#authentication-add_ons-confirmation-confirm_on_update?){: #authentication-add_ons-confirmation-confirm_on_update? } | `boolean` | `true` | Generate and send a confirmation token when a resource is changed. Triggers when an update action is executed _and_ one of the monitored fields is being set. | +| [`inhibit_updates?`](#authentication-add_ons-confirmation-inhibit_updates?){: #authentication-add_ons-confirmation-inhibit_updates? } | `boolean` | `true` | Whether or not to wait until confirmation is received before actually changing a monitored field. See [the confirmation guide](/documentation/topics/confirmation.md) for more. | +| [`confirm_action_name`](#authentication-add_ons-confirmation-confirm_action_name){: #authentication-add_ons-confirmation-confirm_action_name } | `atom` | `:confirm` | The name of the action to use when performing confirmation. Will be created if it does not already exist. | diff --git a/documentation/dsls/DSL:-AshAuthentication.Strategy.Auth0.md b/documentation/dsls/DSL:-AshAuthentication.Strategy.Auth0.md index ca3a1b9d..530a91a6 100644 --- a/documentation/dsls/DSL:-AshAuthentication.Strategy.Auth0.md +++ b/documentation/dsls/DSL:-AshAuthentication.Strategy.Auth0.md @@ -18,198 +18,6 @@ In order to use Auth0 you need to provide the following minimum configuration: See the [Auth0 quickstart guide](/documentation/tutorials/auth0-quickstart.md) for more information. -## DSL Documentation - -Provides a pre-configured authentication strategy for [Auth0](https://auth0.com/). - -This strategy is built using the `:oauth2` strategy, and thus provides all the same -configuration options should you need them. - -For more information see the [Auth0 Quick Start Guide](/documentation/tutorials/auth0-quickstart.md) -in our documentation. - -#### Strategy defaults: - -The following defaults are applied: - - * `:authorize_url` is set to `"/authorize"`. - * `:token_url` is set to `"/oauth/token"`. - * `:user_url` is set to `"/userinfo"`. - * `:authorization_params` is set to `[scope: "openid profile email"]`. - * `:auth_method` is set to `:client_secret_post`. - - -#### Schema: - - - - - - -* `:name` (`t:atom/0`) - Required. Uniquely identifies the strategy. - -* `:client_id` - Required. The OAuth2 client ID. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - client_id fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_client_id) - end - ``` - -* `:base_url` - The base URL of the OAuth2 server - including the leading protocol - (ie `https://`). - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - base_url fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) - end - ``` - -* `:site` - Deprecated: Use `base_url` instead. - -* `:auth_method` - The authentication strategy used, optional. If not set, no - authentication will be used during the access token request. The - value may be one of the following: - * `:client_secret_basic` - * `:client_secret_post` - * `:client_secret_jwt` - * `:private_key_jwt` - Valid values are nil, :client_secret_basic, :client_secret_post, :client_secret_jwt, :private_key_jwt The default value is `:client_secret_post`. - -* `:client_secret` - The OAuth2 client secret. - Required if :auth_method is `:client_secret_basic`, - `:client_secret_post` or `:client_secret_jwt`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - site fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) - end - ``` - -* `:authorize_url` - Required. The API url to the OAuth2 authorize endpoint. - Relative to the value of `site`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end - ``` - -* `:token_url` - Required. The API url to access the token endpoint. - Relative to the value of `site`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end - ``` - -* `:user_url` - Required. The API url to access the user endpoint. - Relative to the value of `site`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end - ``` - -* `:private_key` - The private key to use if `:auth_method` is `:private_key_jwt` - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - -* `:redirect_uri` - Required. The callback URI base. - Not the whole URI back to the callback endpoint, but the URI to your - `AuthPlug`. We can generate the rest. - Whilst not particularly secret, it seemed prudent to allow this to be - configured dynamically so that you can use different URIs for - different environments. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - -* `:authorization_params` (`t:keyword/0`) - Any additional parameters to encode in the request phase. - eg: `authorization_params scope: "openid profile email"` The default value is `[]`. - -* `:registration_enabled?` (`t:boolean/0`) - Is registration enabled for this provider? - If this option is enabled, then new users will be able to register for - your site when authenticating and not already present. - If not, then only existing users will be able to authenticate. The default value is `true`. - -* `:register_action_name` (`t:atom/0`) - The name of the action to use to register a user. - Only needed if `registration_enabled?` is `true`. - Because we we don't know the response format of the server, you must - implement your own registration action of the same name. - See the "Registration and Sign-in" section of the module - documentation for more information. - The default is computed from the strategy name eg: - `register_with_#{name}`. - -* `:sign_in_action_name` (`t:atom/0`) - The name of the action to use to sign in an existing user. - Only needed if `registration_enabled?` is `false`. - Because we don't know the response format of the server, you must - implement your own sign-in action of the same name. - See the "Registration and Sign-in" section of the module - documentation for more information. - The default is computed from the strategy name, eg: - `sign_in_with_#{name}`. - -* `:identity_resource` - The resource used to store user identities. - Given that a user can be signed into multiple different - authentication providers at once we use the - `AshAuthentication.UserIdentity` resource to build a mapping - between users, providers and that provider's uid. - See the Identities section of the module documentation for more - information. - Set to `false` to disable. The default value is `false`. - -* `:identity_relationship_name` (`t:atom/0`) - Name of the relationship to the provider identities resource The default value is `:identities`. - -* `:identity_relationship_user_id_attribute` (`t:atom/0`) - The name of the destination (user_id) attribute on your provider - identity resource. - The only reason to change this would be if you changed the - `user_id_attribute_name` option of the provider identity. The default value is `:user_id`. - -* `:icon` (`t:atom/0`) - The name of an icon to use in any potential UI. - This is a *hint* for UI generators to use, and not in any way canonical. The default value is `:oauth2`. - - - - - - ## authentication.strategies.auth0 @@ -237,8 +45,6 @@ The following defaults are applied: * `:auth_method` is set to `:client_secret_post`. -###### Schema: - @@ -253,23 +59,23 @@ The following defaults are applied: | Name | Type | Default | Docs | |------|------|---------|------| -| [`client_id`](#authentication-strategies-auth0-client_id){: #authentication-strategies-auth0-client_id .spark-required} | `(any, any -> any) \| module \| String.t` | | The OAuth2 client ID. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir client_id fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_client_id) end ``` | -| [`authorize_url`](#authentication-strategies-auth0-authorize_url){: #authentication-strategies-auth0-authorize_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to the OAuth2 authorize endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end ``` | -| [`token_url`](#authentication-strategies-auth0-token_url){: #authentication-strategies-auth0-token_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the token endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end ``` | -| [`user_url`](#authentication-strategies-auth0-user_url){: #authentication-strategies-auth0-user_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the user endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end ``` | -| [`redirect_uri`](#authentication-strategies-auth0-redirect_uri){: #authentication-strategies-auth0-redirect_uri .spark-required} | `(any, any -> any) \| module \| String.t` | | The callback URI base. Not the whole URI back to the callback endpoint, but the URI to your `AuthPlug`. We can generate the rest. Whilst not particularly secret, it seemed prudent to allow this to be configured dynamically so that you can use different URIs for different environments. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. | -| [`base_url`](#authentication-strategies-auth0-base_url){: #authentication-strategies-auth0-base_url } | `(any, any -> any) \| module \| String.t` | | The base URL of the OAuth2 server - including the leading protocol (ie `https://`). Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir base_url fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_site) end ``` | +| [`client_id`](#authentication-strategies-auth0-client_id){: #authentication-strategies-auth0-client_id .spark-required} | `(any, any -> any) \| module \| String.t` | | The OAuth2 client ID. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`authorize_url`](#authentication-strategies-auth0-authorize_url){: #authentication-strategies-auth0-authorize_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to the OAuth2 authorize endpoint, relative to `site`, e.g `authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`token_url`](#authentication-strategies-auth0-token_url){: #authentication-strategies-auth0-token_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the token endpoint, relative to `site`, e.g `token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`user_url`](#authentication-strategies-auth0-user_url){: #authentication-strategies-auth0-user_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the user endpoint, relative to `site`, e.g `user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`redirect_uri`](#authentication-strategies-auth0-redirect_uri){: #authentication-strategies-auth0-redirect_uri .spark-required} | `(any, any -> any) \| module \| String.t` | | The callback URI *base*. Not the whole URI back to the callback endpoint, but the URI to your `AuthPlug`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`base_url`](#authentication-strategies-auth0-base_url){: #authentication-strategies-auth0-base_url } | `(any, any -> any) \| module \| String.t` | | The base URL of the OAuth2 server - including the leading protocol (ie `https://`). Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | | [`site`](#authentication-strategies-auth0-site){: #authentication-strategies-auth0-site } | `(any, any -> any) \| module \| String.t` | | Deprecated: Use `base_url` instead. | -| [`auth_method`](#authentication-strategies-auth0-auth_method){: #authentication-strategies-auth0-auth_method } | `nil \| :client_secret_basic \| :client_secret_post \| :client_secret_jwt \| :private_key_jwt` | `:client_secret_post` | The authentication strategy used, optional. If not set, no authentication will be used during the access token request. The value may be one of the following: * `:client_secret_basic` * `:client_secret_post` * `:client_secret_jwt` * `:private_key_jwt` | -| [`client_secret`](#authentication-strategies-auth0-client_secret){: #authentication-strategies-auth0-client_secret } | `(any, any -> any) \| module \| String.t` | | The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir site fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_site) end ``` | -| [`private_key`](#authentication-strategies-auth0-private_key){: #authentication-strategies-auth0-private_key } | `(any, any -> any) \| module \| String.t` | | The private key to use if `:auth_method` is `:private_key_jwt` Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. | -| [`authorization_params`](#authentication-strategies-auth0-authorization_params){: #authentication-strategies-auth0-authorization_params } | `Keyword.t` | `[]` | Any additional parameters to encode in the request phase. eg: `authorization_params scope: "openid profile email"` | -| [`registration_enabled?`](#authentication-strategies-auth0-registration_enabled?){: #authentication-strategies-auth0-registration_enabled? } | `boolean` | `true` | Is registration enabled for this provider? If this option is enabled, then new users will be able to register for your site when authenticating and not already present. If not, then only existing users will be able to authenticate. | -| [`register_action_name`](#authentication-strategies-auth0-register_action_name){: #authentication-strategies-auth0-register_action_name } | `atom` | | The name of the action to use to register a user. Only needed if `registration_enabled?` is `true`. Because we we don't know the response format of the server, you must implement your own registration action of the same name. See the "Registration and Sign-in" section of the module documentation for more information. The default is computed from the strategy name eg: `register_with_#{name}`. | -| [`sign_in_action_name`](#authentication-strategies-auth0-sign_in_action_name){: #authentication-strategies-auth0-sign_in_action_name } | `atom` | | The name of the action to use to sign in an existing user. Only needed if `registration_enabled?` is `false`. Because we don't know the response format of the server, you must implement your own sign-in action of the same name. See the "Registration and Sign-in" section of the module documentation for more information. The default is computed from the strategy name, eg: `sign_in_with_#{name}`. | -| [`identity_resource`](#authentication-strategies-auth0-identity_resource){: #authentication-strategies-auth0-identity_resource } | `module \| false` | `false` | The resource used to store user identities. Given that a user can be signed into multiple different authentication providers at once we use the `AshAuthentication.UserIdentity` resource to build a mapping between users, providers and that provider's uid. See the Identities section of the module documentation for more information. Set to `false` to disable. | +| [`auth_method`](#authentication-strategies-auth0-auth_method){: #authentication-strategies-auth0-auth_method } | `nil \| :client_secret_basic \| :client_secret_post \| :client_secret_jwt \| :private_key_jwt` | `:client_secret_post` | The authentication strategy used, optional. If not set, no authentication will be used during the access token request. | +| [`client_secret`](#authentication-strategies-auth0-client_secret){: #authentication-strategies-auth0-client_secret } | `(any, any -> any) \| module \| String.t` | | The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`private_key`](#authentication-strategies-auth0-private_key){: #authentication-strategies-auth0-private_key } | `(any, any -> any) \| module \| String.t` | | The private key to use if `:auth_method` is `:private_key_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`authorization_params`](#authentication-strategies-auth0-authorization_params){: #authentication-strategies-auth0-authorization_params } | `keyword` | `[]` | Any additional parameters to encode in the request phase. eg: `authorization_params scope: "openid profile email"` | +| [`registration_enabled?`](#authentication-strategies-auth0-registration_enabled?){: #authentication-strategies-auth0-registration_enabled? } | `boolean` | `true` | If enabled, new users will be able to register for your site when authenticating and not already present. If not, only existing users will be able to authenticate. | +| [`register_action_name`](#authentication-strategies-auth0-register_action_name){: #authentication-strategies-auth0-register_action_name } | `atom` | | The name of the action to use to register a user, if `registration_enabled?` is `true`. Defaults to `register_with_` See the "Registration and Sign-in" section of the strategy docs for more. | +| [`sign_in_action_name`](#authentication-strategies-auth0-sign_in_action_name){: #authentication-strategies-auth0-sign_in_action_name } | `atom` | | The name of the action to use to sign in an existing user, if `sign_in_enabled?` is `true`. Defaults to `sign_in_with_`, which is generated for you by default. See the "Registration and Sign-in" section of the strategy docs for more information. | +| [`identity_resource`](#authentication-strategies-auth0-identity_resource){: #authentication-strategies-auth0-identity_resource } | `module \| false` | `false` | The resource used to store user identities, or `false` to disable. See the User Identities section of the strategy docs for more. | | [`identity_relationship_name`](#authentication-strategies-auth0-identity_relationship_name){: #authentication-strategies-auth0-identity_relationship_name } | `atom` | `:identities` | Name of the relationship to the provider identities resource | -| [`identity_relationship_user_id_attribute`](#authentication-strategies-auth0-identity_relationship_user_id_attribute){: #authentication-strategies-auth0-identity_relationship_user_id_attribute } | `atom` | `:user_id` | The name of the destination (user_id) attribute on your provider identity resource. The only reason to change this would be if you changed the `user_id_attribute_name` option of the provider identity. | +| [`identity_relationship_user_id_attribute`](#authentication-strategies-auth0-identity_relationship_user_id_attribute){: #authentication-strategies-auth0-identity_relationship_user_id_attribute } | `atom` | `:user_id` | The name of the destination (user_id) attribute on your provider identity resource. Only necessary if you've changed the `user_id_attribute_name` option of the provider identity. | | [`icon`](#authentication-strategies-auth0-icon){: #authentication-strategies-auth0-icon } | `atom` | `:oauth2` | The name of an icon to use in any potential UI. This is a *hint* for UI generators to use, and not in any way canonical. | diff --git a/documentation/dsls/DSL:-AshAuthentication.Strategy.Github.md b/documentation/dsls/DSL:-AshAuthentication.Strategy.Github.md index ffced151..b3b4d3cb 100644 --- a/documentation/dsls/DSL:-AshAuthentication.Strategy.Github.md +++ b/documentation/dsls/DSL:-AshAuthentication.Strategy.Github.md @@ -17,200 +17,6 @@ In order to use GitHub you need to provide the following minimum configuration: See the [GitHub quickstart guide](/documentation/tutorials/github-quickstart.html) for more information. -## DSL Documentation - -Provides a pre-configured authentication strategy for [GitHub](https://github.com/). - -This strategy is built using the `:oauth2` strategy, and thus provides all the same -configuration options should you need them. - -For more information see the [Github Quick Start Guide](/documentation/tutorials/github-quickstart.md) -in our documentation. - -#### Strategy defaults: - -The following defaults are applied: - - * `:base_url` is set to `"https://api.github.com"`. - * `:authorize_url` is set to `"https://github.com/login/oauth/authorize"`. - * `:token_url` is set to `"https://github.com/login/oauth/access_token"`. - * `:user_url` is set to `"/user"`. - * `:user_emails_url` is set to `"/user/emails"`. - * `:authorization_params` is set to `[scope: "read:user,user:email"]`. - * `:auth_method` is set to `:client_secret_post`. - - -#### Schema: - - - - - - -* `:name` (`t:atom/0`) - Required. Uniquely identifies the strategy. - -* `:client_id` - Required. The OAuth2 client ID. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - client_id fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_client_id) - end - ``` - -* `:base_url` - The base URL of the OAuth2 server - including the leading protocol - (ie `https://`). - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - base_url fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) - end - ``` - -* `:site` - Deprecated: Use `base_url` instead. - -* `:auth_method` - The authentication strategy used, optional. If not set, no - authentication will be used during the access token request. The - value may be one of the following: - * `:client_secret_basic` - * `:client_secret_post` - * `:client_secret_jwt` - * `:private_key_jwt` - Valid values are nil, :client_secret_basic, :client_secret_post, :client_secret_jwt, :private_key_jwt The default value is `:client_secret_post`. - -* `:client_secret` - The OAuth2 client secret. - Required if :auth_method is `:client_secret_basic`, - `:client_secret_post` or `:client_secret_jwt`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - site fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) - end - ``` - -* `:authorize_url` - Required. The API url to the OAuth2 authorize endpoint. - Relative to the value of `site`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end - ``` - -* `:token_url` - Required. The API url to access the token endpoint. - Relative to the value of `site`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end - ``` - -* `:user_url` - Required. The API url to access the user endpoint. - Relative to the value of `site`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end - ``` - -* `:private_key` - The private key to use if `:auth_method` is `:private_key_jwt` - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - -* `:redirect_uri` - Required. The callback URI base. - Not the whole URI back to the callback endpoint, but the URI to your - `AuthPlug`. We can generate the rest. - Whilst not particularly secret, it seemed prudent to allow this to be - configured dynamically so that you can use different URIs for - different environments. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - -* `:authorization_params` (`t:keyword/0`) - Any additional parameters to encode in the request phase. - eg: `authorization_params scope: "openid profile email"` The default value is `[]`. - -* `:registration_enabled?` (`t:boolean/0`) - Is registration enabled for this provider? - If this option is enabled, then new users will be able to register for - your site when authenticating and not already present. - If not, then only existing users will be able to authenticate. The default value is `true`. - -* `:register_action_name` (`t:atom/0`) - The name of the action to use to register a user. - Only needed if `registration_enabled?` is `true`. - Because we we don't know the response format of the server, you must - implement your own registration action of the same name. - See the "Registration and Sign-in" section of the module - documentation for more information. - The default is computed from the strategy name eg: - `register_with_#{name}`. - -* `:sign_in_action_name` (`t:atom/0`) - The name of the action to use to sign in an existing user. - Only needed if `registration_enabled?` is `false`. - Because we don't know the response format of the server, you must - implement your own sign-in action of the same name. - See the "Registration and Sign-in" section of the module - documentation for more information. - The default is computed from the strategy name, eg: - `sign_in_with_#{name}`. - -* `:identity_resource` - The resource used to store user identities. - Given that a user can be signed into multiple different - authentication providers at once we use the - `AshAuthentication.UserIdentity` resource to build a mapping - between users, providers and that provider's uid. - See the Identities section of the module documentation for more - information. - Set to `false` to disable. The default value is `false`. - -* `:identity_relationship_name` (`t:atom/0`) - Name of the relationship to the provider identities resource The default value is `:identities`. - -* `:identity_relationship_user_id_attribute` (`t:atom/0`) - The name of the destination (user_id) attribute on your provider - identity resource. - The only reason to change this would be if you changed the - `user_id_attribute_name` option of the provider identity. The default value is `:user_id`. - -* `:icon` (`t:atom/0`) - The name of an icon to use in any potential UI. - This is a *hint* for UI generators to use, and not in any way canonical. The default value is `:oauth2`. - - - - - - ## authentication.strategies.github @@ -240,8 +46,6 @@ The following defaults are applied: * `:auth_method` is set to `:client_secret_post`. -###### Schema: - @@ -256,23 +60,23 @@ The following defaults are applied: | Name | Type | Default | Docs | |------|------|---------|------| -| [`client_id`](#authentication-strategies-github-client_id){: #authentication-strategies-github-client_id .spark-required} | `(any, any -> any) \| module \| String.t` | | The OAuth2 client ID. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir client_id fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_client_id) end ``` | -| [`authorize_url`](#authentication-strategies-github-authorize_url){: #authentication-strategies-github-authorize_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to the OAuth2 authorize endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end ``` | -| [`token_url`](#authentication-strategies-github-token_url){: #authentication-strategies-github-token_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the token endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end ``` | -| [`user_url`](#authentication-strategies-github-user_url){: #authentication-strategies-github-user_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the user endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end ``` | -| [`redirect_uri`](#authentication-strategies-github-redirect_uri){: #authentication-strategies-github-redirect_uri .spark-required} | `(any, any -> any) \| module \| String.t` | | The callback URI base. Not the whole URI back to the callback endpoint, but the URI to your `AuthPlug`. We can generate the rest. Whilst not particularly secret, it seemed prudent to allow this to be configured dynamically so that you can use different URIs for different environments. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. | -| [`base_url`](#authentication-strategies-github-base_url){: #authentication-strategies-github-base_url } | `(any, any -> any) \| module \| String.t` | | The base URL of the OAuth2 server - including the leading protocol (ie `https://`). Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir base_url fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_site) end ``` | +| [`client_id`](#authentication-strategies-github-client_id){: #authentication-strategies-github-client_id .spark-required} | `(any, any -> any) \| module \| String.t` | | The OAuth2 client ID. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`authorize_url`](#authentication-strategies-github-authorize_url){: #authentication-strategies-github-authorize_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to the OAuth2 authorize endpoint, relative to `site`, e.g `authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`token_url`](#authentication-strategies-github-token_url){: #authentication-strategies-github-token_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the token endpoint, relative to `site`, e.g `token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`user_url`](#authentication-strategies-github-user_url){: #authentication-strategies-github-user_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the user endpoint, relative to `site`, e.g `user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`redirect_uri`](#authentication-strategies-github-redirect_uri){: #authentication-strategies-github-redirect_uri .spark-required} | `(any, any -> any) \| module \| String.t` | | The callback URI *base*. Not the whole URI back to the callback endpoint, but the URI to your `AuthPlug`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`base_url`](#authentication-strategies-github-base_url){: #authentication-strategies-github-base_url } | `(any, any -> any) \| module \| String.t` | | The base URL of the OAuth2 server - including the leading protocol (ie `https://`). Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | | [`site`](#authentication-strategies-github-site){: #authentication-strategies-github-site } | `(any, any -> any) \| module \| String.t` | | Deprecated: Use `base_url` instead. | -| [`auth_method`](#authentication-strategies-github-auth_method){: #authentication-strategies-github-auth_method } | `nil \| :client_secret_basic \| :client_secret_post \| :client_secret_jwt \| :private_key_jwt` | `:client_secret_post` | The authentication strategy used, optional. If not set, no authentication will be used during the access token request. The value may be one of the following: * `:client_secret_basic` * `:client_secret_post` * `:client_secret_jwt` * `:private_key_jwt` | -| [`client_secret`](#authentication-strategies-github-client_secret){: #authentication-strategies-github-client_secret } | `(any, any -> any) \| module \| String.t` | | The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir site fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_site) end ``` | -| [`private_key`](#authentication-strategies-github-private_key){: #authentication-strategies-github-private_key } | `(any, any -> any) \| module \| String.t` | | The private key to use if `:auth_method` is `:private_key_jwt` Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. | -| [`authorization_params`](#authentication-strategies-github-authorization_params){: #authentication-strategies-github-authorization_params } | `Keyword.t` | `[]` | Any additional parameters to encode in the request phase. eg: `authorization_params scope: "openid profile email"` | -| [`registration_enabled?`](#authentication-strategies-github-registration_enabled?){: #authentication-strategies-github-registration_enabled? } | `boolean` | `true` | Is registration enabled for this provider? If this option is enabled, then new users will be able to register for your site when authenticating and not already present. If not, then only existing users will be able to authenticate. | -| [`register_action_name`](#authentication-strategies-github-register_action_name){: #authentication-strategies-github-register_action_name } | `atom` | | The name of the action to use to register a user. Only needed if `registration_enabled?` is `true`. Because we we don't know the response format of the server, you must implement your own registration action of the same name. See the "Registration and Sign-in" section of the module documentation for more information. The default is computed from the strategy name eg: `register_with_#{name}`. | -| [`sign_in_action_name`](#authentication-strategies-github-sign_in_action_name){: #authentication-strategies-github-sign_in_action_name } | `atom` | | The name of the action to use to sign in an existing user. Only needed if `registration_enabled?` is `false`. Because we don't know the response format of the server, you must implement your own sign-in action of the same name. See the "Registration and Sign-in" section of the module documentation for more information. The default is computed from the strategy name, eg: `sign_in_with_#{name}`. | -| [`identity_resource`](#authentication-strategies-github-identity_resource){: #authentication-strategies-github-identity_resource } | `module \| false` | `false` | The resource used to store user identities. Given that a user can be signed into multiple different authentication providers at once we use the `AshAuthentication.UserIdentity` resource to build a mapping between users, providers and that provider's uid. See the Identities section of the module documentation for more information. Set to `false` to disable. | +| [`auth_method`](#authentication-strategies-github-auth_method){: #authentication-strategies-github-auth_method } | `nil \| :client_secret_basic \| :client_secret_post \| :client_secret_jwt \| :private_key_jwt` | `:client_secret_post` | The authentication strategy used, optional. If not set, no authentication will be used during the access token request. | +| [`client_secret`](#authentication-strategies-github-client_secret){: #authentication-strategies-github-client_secret } | `(any, any -> any) \| module \| String.t` | | The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`private_key`](#authentication-strategies-github-private_key){: #authentication-strategies-github-private_key } | `(any, any -> any) \| module \| String.t` | | The private key to use if `:auth_method` is `:private_key_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`authorization_params`](#authentication-strategies-github-authorization_params){: #authentication-strategies-github-authorization_params } | `keyword` | `[]` | Any additional parameters to encode in the request phase. eg: `authorization_params scope: "openid profile email"` | +| [`registration_enabled?`](#authentication-strategies-github-registration_enabled?){: #authentication-strategies-github-registration_enabled? } | `boolean` | `true` | If enabled, new users will be able to register for your site when authenticating and not already present. If not, only existing users will be able to authenticate. | +| [`register_action_name`](#authentication-strategies-github-register_action_name){: #authentication-strategies-github-register_action_name } | `atom` | | The name of the action to use to register a user, if `registration_enabled?` is `true`. Defaults to `register_with_` See the "Registration and Sign-in" section of the strategy docs for more. | +| [`sign_in_action_name`](#authentication-strategies-github-sign_in_action_name){: #authentication-strategies-github-sign_in_action_name } | `atom` | | The name of the action to use to sign in an existing user, if `sign_in_enabled?` is `true`. Defaults to `sign_in_with_`, which is generated for you by default. See the "Registration and Sign-in" section of the strategy docs for more information. | +| [`identity_resource`](#authentication-strategies-github-identity_resource){: #authentication-strategies-github-identity_resource } | `module \| false` | `false` | The resource used to store user identities, or `false` to disable. See the User Identities section of the strategy docs for more. | | [`identity_relationship_name`](#authentication-strategies-github-identity_relationship_name){: #authentication-strategies-github-identity_relationship_name } | `atom` | `:identities` | Name of the relationship to the provider identities resource | -| [`identity_relationship_user_id_attribute`](#authentication-strategies-github-identity_relationship_user_id_attribute){: #authentication-strategies-github-identity_relationship_user_id_attribute } | `atom` | `:user_id` | The name of the destination (user_id) attribute on your provider identity resource. The only reason to change this would be if you changed the `user_id_attribute_name` option of the provider identity. | +| [`identity_relationship_user_id_attribute`](#authentication-strategies-github-identity_relationship_user_id_attribute){: #authentication-strategies-github-identity_relationship_user_id_attribute } | `atom` | `:user_id` | The name of the destination (user_id) attribute on your provider identity resource. Only necessary if you've changed the `user_id_attribute_name` option of the provider identity. | | [`icon`](#authentication-strategies-github-icon){: #authentication-strategies-github-icon } | `atom` | `:oauth2` | The name of an icon to use in any potential UI. This is a *hint* for UI generators to use, and not in any way canonical. | diff --git a/documentation/dsls/DSL:-AshAuthentication.Strategy.Google.md b/documentation/dsls/DSL:-AshAuthentication.Strategy.Google.md index bd88cc56..47b10146 100644 --- a/documentation/dsls/DSL:-AshAuthentication.Strategy.Google.md +++ b/documentation/dsls/DSL:-AshAuthentication.Strategy.Google.md @@ -18,199 +18,6 @@ In order to use Google you need to provide the following minimum configuration: See the [Google OAuth 2.0 Overview](https://developers.google.com/identity/protocols/oauth2) for Google setup details. -## DSL Documentation - -Provides a pre-configured authentication strategy for [Google](https://google.com/). - -This strategy is built using the `:oauth2` strategy, and thus provides all the same -configuration options should you need them. - -See the [Google OAuth 2.0 Overview](https://developers.google.com/identity/protocols/oauth2) -for Google setup details. - -#### Strategy defaults: - -The following defaults are applied: - - * `:base_url` is set to `"https://www.googleapis.com"`. - * `:authorize_url` is set to `"https://accounts.google.com/o/oauth2/v2/auth"`. - * `:token_url` is set to `"/oauth2/v4/token"`. - * `:user_url` is set to `"/oauth2/v3/userinfo"`. - * `:authorization_params` is set to `[scope: "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"]`. - * `:auth_method` is set to `:client_secret_post`. - - -#### Schema: - - - - - - -* `:name` (`t:atom/0`) - Required. Uniquely identifies the strategy. - -* `:client_id` - Required. The OAuth2 client ID. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - client_id fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_client_id) - end - ``` - -* `:base_url` - The base URL of the OAuth2 server - including the leading protocol - (ie `https://`). - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - base_url fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) - end - ``` - -* `:site` - Deprecated: Use `base_url` instead. - -* `:auth_method` - The authentication strategy used, optional. If not set, no - authentication will be used during the access token request. The - value may be one of the following: - * `:client_secret_basic` - * `:client_secret_post` - * `:client_secret_jwt` - * `:private_key_jwt` - Valid values are nil, :client_secret_basic, :client_secret_post, :client_secret_jwt, :private_key_jwt The default value is `:client_secret_post`. - -* `:client_secret` - The OAuth2 client secret. - Required if :auth_method is `:client_secret_basic`, - `:client_secret_post` or `:client_secret_jwt`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - site fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) - end - ``` - -* `:authorize_url` - Required. The API url to the OAuth2 authorize endpoint. - Relative to the value of `site`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end - ``` - -* `:token_url` - Required. The API url to access the token endpoint. - Relative to the value of `site`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end - ``` - -* `:user_url` - Required. The API url to access the user endpoint. - Relative to the value of `site`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end - ``` - -* `:private_key` - The private key to use if `:auth_method` is `:private_key_jwt` - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - -* `:redirect_uri` - Required. The callback URI base. - Not the whole URI back to the callback endpoint, but the URI to your - `AuthPlug`. We can generate the rest. - Whilst not particularly secret, it seemed prudent to allow this to be - configured dynamically so that you can use different URIs for - different environments. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - -* `:authorization_params` (`t:keyword/0`) - Any additional parameters to encode in the request phase. - eg: `authorization_params scope: "openid profile email"` The default value is `[]`. - -* `:registration_enabled?` (`t:boolean/0`) - Is registration enabled for this provider? - If this option is enabled, then new users will be able to register for - your site when authenticating and not already present. - If not, then only existing users will be able to authenticate. The default value is `true`. - -* `:register_action_name` (`t:atom/0`) - The name of the action to use to register a user. - Only needed if `registration_enabled?` is `true`. - Because we we don't know the response format of the server, you must - implement your own registration action of the same name. - See the "Registration and Sign-in" section of the module - documentation for more information. - The default is computed from the strategy name eg: - `register_with_#{name}`. - -* `:sign_in_action_name` (`t:atom/0`) - The name of the action to use to sign in an existing user. - Only needed if `registration_enabled?` is `false`. - Because we don't know the response format of the server, you must - implement your own sign-in action of the same name. - See the "Registration and Sign-in" section of the module - documentation for more information. - The default is computed from the strategy name, eg: - `sign_in_with_#{name}`. - -* `:identity_resource` - The resource used to store user identities. - Given that a user can be signed into multiple different - authentication providers at once we use the - `AshAuthentication.UserIdentity` resource to build a mapping - between users, providers and that provider's uid. - See the Identities section of the module documentation for more - information. - Set to `false` to disable. The default value is `false`. - -* `:identity_relationship_name` (`t:atom/0`) - Name of the relationship to the provider identities resource The default value is `:identities`. - -* `:identity_relationship_user_id_attribute` (`t:atom/0`) - The name of the destination (user_id) attribute on your provider - identity resource. - The only reason to change this would be if you changed the - `user_id_attribute_name` option of the provider identity. The default value is `:user_id`. - -* `:icon` (`t:atom/0`) - The name of an icon to use in any potential UI. - This is a *hint* for UI generators to use, and not in any way canonical. The default value is `:oauth2`. - - - - - - ## authentication.strategies.google @@ -239,8 +46,6 @@ The following defaults are applied: * `:auth_method` is set to `:client_secret_post`. -###### Schema: - @@ -255,23 +60,23 @@ The following defaults are applied: | Name | Type | Default | Docs | |------|------|---------|------| -| [`client_id`](#authentication-strategies-google-client_id){: #authentication-strategies-google-client_id .spark-required} | `(any, any -> any) \| module \| String.t` | | The OAuth2 client ID. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir client_id fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_client_id) end ``` | -| [`authorize_url`](#authentication-strategies-google-authorize_url){: #authentication-strategies-google-authorize_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to the OAuth2 authorize endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end ``` | -| [`token_url`](#authentication-strategies-google-token_url){: #authentication-strategies-google-token_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the token endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end ``` | -| [`user_url`](#authentication-strategies-google-user_url){: #authentication-strategies-google-user_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the user endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end ``` | -| [`redirect_uri`](#authentication-strategies-google-redirect_uri){: #authentication-strategies-google-redirect_uri .spark-required} | `(any, any -> any) \| module \| String.t` | | The callback URI base. Not the whole URI back to the callback endpoint, but the URI to your `AuthPlug`. We can generate the rest. Whilst not particularly secret, it seemed prudent to allow this to be configured dynamically so that you can use different URIs for different environments. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. | -| [`base_url`](#authentication-strategies-google-base_url){: #authentication-strategies-google-base_url } | `(any, any -> any) \| module \| String.t` | | The base URL of the OAuth2 server - including the leading protocol (ie `https://`). Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir base_url fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_site) end ``` | +| [`client_id`](#authentication-strategies-google-client_id){: #authentication-strategies-google-client_id .spark-required} | `(any, any -> any) \| module \| String.t` | | The OAuth2 client ID. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`authorize_url`](#authentication-strategies-google-authorize_url){: #authentication-strategies-google-authorize_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to the OAuth2 authorize endpoint, relative to `site`, e.g `authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`token_url`](#authentication-strategies-google-token_url){: #authentication-strategies-google-token_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the token endpoint, relative to `site`, e.g `token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`user_url`](#authentication-strategies-google-user_url){: #authentication-strategies-google-user_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the user endpoint, relative to `site`, e.g `user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`redirect_uri`](#authentication-strategies-google-redirect_uri){: #authentication-strategies-google-redirect_uri .spark-required} | `(any, any -> any) \| module \| String.t` | | The callback URI *base*. Not the whole URI back to the callback endpoint, but the URI to your `AuthPlug`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`base_url`](#authentication-strategies-google-base_url){: #authentication-strategies-google-base_url } | `(any, any -> any) \| module \| String.t` | | The base URL of the OAuth2 server - including the leading protocol (ie `https://`). Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | | [`site`](#authentication-strategies-google-site){: #authentication-strategies-google-site } | `(any, any -> any) \| module \| String.t` | | Deprecated: Use `base_url` instead. | -| [`auth_method`](#authentication-strategies-google-auth_method){: #authentication-strategies-google-auth_method } | `nil \| :client_secret_basic \| :client_secret_post \| :client_secret_jwt \| :private_key_jwt` | `:client_secret_post` | The authentication strategy used, optional. If not set, no authentication will be used during the access token request. The value may be one of the following: * `:client_secret_basic` * `:client_secret_post` * `:client_secret_jwt` * `:private_key_jwt` | -| [`client_secret`](#authentication-strategies-google-client_secret){: #authentication-strategies-google-client_secret } | `(any, any -> any) \| module \| String.t` | | The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir site fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_site) end ``` | -| [`private_key`](#authentication-strategies-google-private_key){: #authentication-strategies-google-private_key } | `(any, any -> any) \| module \| String.t` | | The private key to use if `:auth_method` is `:private_key_jwt` Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. | -| [`authorization_params`](#authentication-strategies-google-authorization_params){: #authentication-strategies-google-authorization_params } | `Keyword.t` | `[]` | Any additional parameters to encode in the request phase. eg: `authorization_params scope: "openid profile email"` | -| [`registration_enabled?`](#authentication-strategies-google-registration_enabled?){: #authentication-strategies-google-registration_enabled? } | `boolean` | `true` | Is registration enabled for this provider? If this option is enabled, then new users will be able to register for your site when authenticating and not already present. If not, then only existing users will be able to authenticate. | -| [`register_action_name`](#authentication-strategies-google-register_action_name){: #authentication-strategies-google-register_action_name } | `atom` | | The name of the action to use to register a user. Only needed if `registration_enabled?` is `true`. Because we we don't know the response format of the server, you must implement your own registration action of the same name. See the "Registration and Sign-in" section of the module documentation for more information. The default is computed from the strategy name eg: `register_with_#{name}`. | -| [`sign_in_action_name`](#authentication-strategies-google-sign_in_action_name){: #authentication-strategies-google-sign_in_action_name } | `atom` | | The name of the action to use to sign in an existing user. Only needed if `registration_enabled?` is `false`. Because we don't know the response format of the server, you must implement your own sign-in action of the same name. See the "Registration and Sign-in" section of the module documentation for more information. The default is computed from the strategy name, eg: `sign_in_with_#{name}`. | -| [`identity_resource`](#authentication-strategies-google-identity_resource){: #authentication-strategies-google-identity_resource } | `module \| false` | `false` | The resource used to store user identities. Given that a user can be signed into multiple different authentication providers at once we use the `AshAuthentication.UserIdentity` resource to build a mapping between users, providers and that provider's uid. See the Identities section of the module documentation for more information. Set to `false` to disable. | +| [`auth_method`](#authentication-strategies-google-auth_method){: #authentication-strategies-google-auth_method } | `nil \| :client_secret_basic \| :client_secret_post \| :client_secret_jwt \| :private_key_jwt` | `:client_secret_post` | The authentication strategy used, optional. If not set, no authentication will be used during the access token request. | +| [`client_secret`](#authentication-strategies-google-client_secret){: #authentication-strategies-google-client_secret } | `(any, any -> any) \| module \| String.t` | | The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`private_key`](#authentication-strategies-google-private_key){: #authentication-strategies-google-private_key } | `(any, any -> any) \| module \| String.t` | | The private key to use if `:auth_method` is `:private_key_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`authorization_params`](#authentication-strategies-google-authorization_params){: #authentication-strategies-google-authorization_params } | `keyword` | `[]` | Any additional parameters to encode in the request phase. eg: `authorization_params scope: "openid profile email"` | +| [`registration_enabled?`](#authentication-strategies-google-registration_enabled?){: #authentication-strategies-google-registration_enabled? } | `boolean` | `true` | If enabled, new users will be able to register for your site when authenticating and not already present. If not, only existing users will be able to authenticate. | +| [`register_action_name`](#authentication-strategies-google-register_action_name){: #authentication-strategies-google-register_action_name } | `atom` | | The name of the action to use to register a user, if `registration_enabled?` is `true`. Defaults to `register_with_` See the "Registration and Sign-in" section of the strategy docs for more. | +| [`sign_in_action_name`](#authentication-strategies-google-sign_in_action_name){: #authentication-strategies-google-sign_in_action_name } | `atom` | | The name of the action to use to sign in an existing user, if `sign_in_enabled?` is `true`. Defaults to `sign_in_with_`, which is generated for you by default. See the "Registration and Sign-in" section of the strategy docs for more information. | +| [`identity_resource`](#authentication-strategies-google-identity_resource){: #authentication-strategies-google-identity_resource } | `module \| false` | `false` | The resource used to store user identities, or `false` to disable. See the User Identities section of the strategy docs for more. | | [`identity_relationship_name`](#authentication-strategies-google-identity_relationship_name){: #authentication-strategies-google-identity_relationship_name } | `atom` | `:identities` | Name of the relationship to the provider identities resource | -| [`identity_relationship_user_id_attribute`](#authentication-strategies-google-identity_relationship_user_id_attribute){: #authentication-strategies-google-identity_relationship_user_id_attribute } | `atom` | `:user_id` | The name of the destination (user_id) attribute on your provider identity resource. The only reason to change this would be if you changed the `user_id_attribute_name` option of the provider identity. | +| [`identity_relationship_user_id_attribute`](#authentication-strategies-google-identity_relationship_user_id_attribute){: #authentication-strategies-google-identity_relationship_user_id_attribute } | `atom` | `:user_id` | The name of the destination (user_id) attribute on your provider identity resource. Only necessary if you've changed the `user_id_attribute_name` option of the provider identity. | | [`icon`](#authentication-strategies-google-icon){: #authentication-strategies-google-icon } | `atom` | `:oauth2` | The name of an icon to use in any potential UI. This is a *hint* for UI generators to use, and not in any way canonical. | diff --git a/documentation/dsls/DSL:-AshAuthentication.Strategy.MagicLink.md b/documentation/dsls/DSL:-AshAuthentication.Strategy.MagicLink.md index 6b61e5a2..a8f90bc3 100644 --- a/documentation/dsls/DSL:-AshAuthentication.Strategy.MagicLink.md +++ b/documentation/dsls/DSL:-AshAuthentication.Strategy.MagicLink.md @@ -96,42 +96,6 @@ Dispatching to plugs directly: ...> signed_in_user.id == user.id true -## DSL Documentation - -Strategy for authenticating using local users with a magic link - - - - - -* `:identity_field` (`t:atom/0`) - The name of the attribute which uniquely identifies the user. - Usually something like `username` or `email_address`. The default value is `:username`. - -* `:token_lifetime` - How long the sign in token is valid. - If no unit is provided, then `minutes` is assumed. The default value is `{10, :minutes}`. - -* `:request_action_name` (`t:atom/0`) - The name to use for the request action. - If not present it will be generated by prepending the strategy name - with `request_`. - -* `:single_use_token?` (`t:boolean/0`) - Automatically revoke the token once it's been used for sign in. The default value is `true`. - -* `:sign_in_action_name` (`t:atom/0`) - The name to use for the sign in action. - If not present it will be generated by prepending the strategy name - with `sign_in_with_`. - -* `:token_param_name` (`t:atom/0`) - The name of the token parameter in the incoming sign-in request. The default value is `:token`. - -* `:sender` - Required. How to send the magic link to the user. - Allows you to glue sending of magic links to [swoosh](https://hex.pm/packages/swoosh), [ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification system is appropriate for your application. - Accepts a module, module and opts, or a function that takes a record, reset token and options. - See `AshAuthentication.Sender` for more information. - - - - - - ## authentication.strategies.magic_link @@ -151,12 +115,12 @@ Strategy for authenticating using local users with a magic link | Name | Type | Default | Docs | |------|------|---------|------| -| [`sender`](#authentication-strategies-magic_link-sender){: #authentication-strategies-magic_link-sender .spark-required} | `(any, any, any -> any) \| module` | | How to send the magic link to the user. Allows you to glue sending of magic links to [swoosh](https://hex.pm/packages/swoosh), [ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification system is appropriate for your application. Accepts a module, module and opts, or a function that takes a record, reset token and options. See `AshAuthentication.Sender` for more information. | -| [`identity_field`](#authentication-strategies-magic_link-identity_field){: #authentication-strategies-magic_link-identity_field } | `atom` | `:username` | The name of the attribute which uniquely identifies the user. Usually something like `username` or `email_address`. | -| [`token_lifetime`](#authentication-strategies-magic_link-token_lifetime){: #authentication-strategies-magic_link-token_lifetime } | `pos_integer \| {pos_integer, :days \| :hours \| :minutes \| :seconds}` | `{10, :minutes}` | How long the sign in token is valid. If no unit is provided, then `minutes` is assumed. | -| [`request_action_name`](#authentication-strategies-magic_link-request_action_name){: #authentication-strategies-magic_link-request_action_name } | `atom` | | The name to use for the request action. If not present it will be generated by prepending the strategy name with `request_`. | +| [`sender`](#authentication-strategies-magic_link-sender){: #authentication-strategies-magic_link-sender .spark-required} | `(any, any, any -> any) \| module` | | How to send the magic link to the user. | +| [`identity_field`](#authentication-strategies-magic_link-identity_field){: #authentication-strategies-magic_link-identity_field } | `atom` | `:username` | The name of the attribute which uniquely identifies the user, usually something like `username` or `email_address`. | +| [`token_lifetime`](#authentication-strategies-magic_link-token_lifetime){: #authentication-strategies-magic_link-token_lifetime } | `pos_integer \| {pos_integer, :days \| :hours \| :minutes \| :seconds}` | `{10, :minutes}` | How long the sign in token is valid. If no unit is provided, then `minutes` is assumed. | +| [`request_action_name`](#authentication-strategies-magic_link-request_action_name){: #authentication-strategies-magic_link-request_action_name } | `atom` | | The name to use for the request action. Defaults to `request_` | | [`single_use_token?`](#authentication-strategies-magic_link-single_use_token?){: #authentication-strategies-magic_link-single_use_token? } | `boolean` | `true` | Automatically revoke the token once it's been used for sign in. | -| [`sign_in_action_name`](#authentication-strategies-magic_link-sign_in_action_name){: #authentication-strategies-magic_link-sign_in_action_name } | `atom` | | The name to use for the sign in action. If not present it will be generated by prepending the strategy name with `sign_in_with_`. | +| [`sign_in_action_name`](#authentication-strategies-magic_link-sign_in_action_name){: #authentication-strategies-magic_link-sign_in_action_name } | `atom` | | The name to use for the sign in action. Defaults to `sign_in_with_` | | [`token_param_name`](#authentication-strategies-magic_link-token_param_name){: #authentication-strategies-magic_link-token_param_name } | `atom` | `:token` | The name of the token parameter in the incoming sign-in request. | diff --git a/documentation/dsls/DSL:-AshAuthentication.Strategy.OAuth2.md b/documentation/dsls/DSL:-AshAuthentication.Strategy.OAuth2.md index f15aa6fb..0e3a7d1a 100644 --- a/documentation/dsls/DSL:-AshAuthentication.Strategy.OAuth2.md +++ b/documentation/dsls/DSL:-AshAuthentication.Strategy.OAuth2.md @@ -218,179 +218,6 @@ authentication with OAuth 2.0: to create a local database record, session, etc. -## DSL Documentation - -OAuth2 authentication - - - - - -* `:name` (`t:atom/0`) - Required. Uniquely identifies the strategy. - -* `:client_id` - Required. The OAuth2 client ID. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - client_id fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_client_id) - end - ``` - -* `:base_url` - The base URL of the OAuth2 server - including the leading protocol - (ie `https://`). - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - base_url fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) - end - ``` - -* `:site` - Deprecated: Use `base_url` instead. - -* `:auth_method` - The authentication strategy used, optional. If not set, no - authentication will be used during the access token request. The - value may be one of the following: - * `:client_secret_basic` - * `:client_secret_post` - * `:client_secret_jwt` - * `:private_key_jwt` - Valid values are nil, :client_secret_basic, :client_secret_post, :client_secret_jwt, :private_key_jwt The default value is `:client_secret_post`. - -* `:client_secret` - The OAuth2 client secret. - Required if :auth_method is `:client_secret_basic`, - `:client_secret_post` or `:client_secret_jwt`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - site fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) - end - ``` - -* `:authorize_url` - Required. The API url to the OAuth2 authorize endpoint. - Relative to the value of `site`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end - ``` - -* `:token_url` - Required. The API url to access the token endpoint. - Relative to the value of `site`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end - ``` - -* `:user_url` - Required. The API url to access the user endpoint. - Relative to the value of `site`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end - ``` - -* `:private_key` - The private key to use if `:auth_method` is `:private_key_jwt` - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - -* `:redirect_uri` - Required. The callback URI base. - Not the whole URI back to the callback endpoint, but the URI to your - `AuthPlug`. We can generate the rest. - Whilst not particularly secret, it seemed prudent to allow this to be - configured dynamically so that you can use different URIs for - different environments. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - -* `:authorization_params` (`t:keyword/0`) - Any additional parameters to encode in the request phase. - eg: `authorization_params scope: "openid profile email"` The default value is `[]`. - -* `:registration_enabled?` (`t:boolean/0`) - Is registration enabled for this provider? - If this option is enabled, then new users will be able to register for - your site when authenticating and not already present. - If not, then only existing users will be able to authenticate. The default value is `true`. - -* `:register_action_name` (`t:atom/0`) - The name of the action to use to register a user. - Only needed if `registration_enabled?` is `true`. - Because we we don't know the response format of the server, you must - implement your own registration action of the same name. - See the "Registration and Sign-in" section of the module - documentation for more information. - The default is computed from the strategy name eg: - `register_with_#{name}`. - -* `:sign_in_action_name` (`t:atom/0`) - The name of the action to use to sign in an existing user. - Only needed if `registration_enabled?` is `false`. - Because we don't know the response format of the server, you must - implement your own sign-in action of the same name. - See the "Registration and Sign-in" section of the module - documentation for more information. - The default is computed from the strategy name, eg: - `sign_in_with_#{name}`. - -* `:identity_resource` - The resource used to store user identities. - Given that a user can be signed into multiple different - authentication providers at once we use the - `AshAuthentication.UserIdentity` resource to build a mapping - between users, providers and that provider's uid. - See the Identities section of the module documentation for more - information. - Set to `false` to disable. The default value is `false`. - -* `:identity_relationship_name` (`t:atom/0`) - Name of the relationship to the provider identities resource The default value is `:identities`. - -* `:identity_relationship_user_id_attribute` (`t:atom/0`) - The name of the destination (user_id) attribute on your provider - identity resource. - The only reason to change this would be if you changed the - `user_id_attribute_name` option of the provider identity. The default value is `:user_id`. - -* `:icon` (`t:atom/0`) - The name of an icon to use in any potential UI. - This is a *hint* for UI generators to use, and not in any way canonical. The default value is `:oauth2`. - - - - - - - ## authentication.strategies.oauth2 ```elixir @@ -413,23 +240,23 @@ OAuth2 authentication | Name | Type | Default | Docs | |------|------|---------|------| -| [`client_id`](#authentication-strategies-oauth2-client_id){: #authentication-strategies-oauth2-client_id .spark-required} | `(any, any -> any) \| module \| String.t` | | The OAuth2 client ID. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir client_id fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_client_id) end ``` | -| [`authorize_url`](#authentication-strategies-oauth2-authorize_url){: #authentication-strategies-oauth2-authorize_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to the OAuth2 authorize endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end ``` | -| [`token_url`](#authentication-strategies-oauth2-token_url){: #authentication-strategies-oauth2-token_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the token endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end ``` | -| [`user_url`](#authentication-strategies-oauth2-user_url){: #authentication-strategies-oauth2-user_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the user endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end ``` | -| [`redirect_uri`](#authentication-strategies-oauth2-redirect_uri){: #authentication-strategies-oauth2-redirect_uri .spark-required} | `(any, any -> any) \| module \| String.t` | | The callback URI base. Not the whole URI back to the callback endpoint, but the URI to your `AuthPlug`. We can generate the rest. Whilst not particularly secret, it seemed prudent to allow this to be configured dynamically so that you can use different URIs for different environments. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. | -| [`base_url`](#authentication-strategies-oauth2-base_url){: #authentication-strategies-oauth2-base_url } | `(any, any -> any) \| module \| String.t` | | The base URL of the OAuth2 server - including the leading protocol (ie `https://`). Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir base_url fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_site) end ``` | +| [`client_id`](#authentication-strategies-oauth2-client_id){: #authentication-strategies-oauth2-client_id .spark-required} | `(any, any -> any) \| module \| String.t` | | The OAuth2 client ID. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`authorize_url`](#authentication-strategies-oauth2-authorize_url){: #authentication-strategies-oauth2-authorize_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to the OAuth2 authorize endpoint, relative to `site`, e.g `authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`token_url`](#authentication-strategies-oauth2-token_url){: #authentication-strategies-oauth2-token_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the token endpoint, relative to `site`, e.g `token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`user_url`](#authentication-strategies-oauth2-user_url){: #authentication-strategies-oauth2-user_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the user endpoint, relative to `site`, e.g `user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`redirect_uri`](#authentication-strategies-oauth2-redirect_uri){: #authentication-strategies-oauth2-redirect_uri .spark-required} | `(any, any -> any) \| module \| String.t` | | The callback URI *base*. Not the whole URI back to the callback endpoint, but the URI to your `AuthPlug`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`base_url`](#authentication-strategies-oauth2-base_url){: #authentication-strategies-oauth2-base_url } | `(any, any -> any) \| module \| String.t` | | The base URL of the OAuth2 server - including the leading protocol (ie `https://`). Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | | [`site`](#authentication-strategies-oauth2-site){: #authentication-strategies-oauth2-site } | `(any, any -> any) \| module \| String.t` | | Deprecated: Use `base_url` instead. | -| [`auth_method`](#authentication-strategies-oauth2-auth_method){: #authentication-strategies-oauth2-auth_method } | `nil \| :client_secret_basic \| :client_secret_post \| :client_secret_jwt \| :private_key_jwt` | `:client_secret_post` | The authentication strategy used, optional. If not set, no authentication will be used during the access token request. The value may be one of the following: * `:client_secret_basic` * `:client_secret_post` * `:client_secret_jwt` * `:private_key_jwt` | -| [`client_secret`](#authentication-strategies-oauth2-client_secret){: #authentication-strategies-oauth2-client_secret } | `(any, any -> any) \| module \| String.t` | | The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir site fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_site) end ``` | -| [`private_key`](#authentication-strategies-oauth2-private_key){: #authentication-strategies-oauth2-private_key } | `(any, any -> any) \| module \| String.t` | | The private key to use if `:auth_method` is `:private_key_jwt` Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. | -| [`authorization_params`](#authentication-strategies-oauth2-authorization_params){: #authentication-strategies-oauth2-authorization_params } | `Keyword.t` | `[]` | Any additional parameters to encode in the request phase. eg: `authorization_params scope: "openid profile email"` | -| [`registration_enabled?`](#authentication-strategies-oauth2-registration_enabled?){: #authentication-strategies-oauth2-registration_enabled? } | `boolean` | `true` | Is registration enabled for this provider? If this option is enabled, then new users will be able to register for your site when authenticating and not already present. If not, then only existing users will be able to authenticate. | -| [`register_action_name`](#authentication-strategies-oauth2-register_action_name){: #authentication-strategies-oauth2-register_action_name } | `atom` | | The name of the action to use to register a user. Only needed if `registration_enabled?` is `true`. Because we we don't know the response format of the server, you must implement your own registration action of the same name. See the "Registration and Sign-in" section of the module documentation for more information. The default is computed from the strategy name eg: `register_with_#{name}`. | -| [`sign_in_action_name`](#authentication-strategies-oauth2-sign_in_action_name){: #authentication-strategies-oauth2-sign_in_action_name } | `atom` | | The name of the action to use to sign in an existing user. Only needed if `registration_enabled?` is `false`. Because we don't know the response format of the server, you must implement your own sign-in action of the same name. See the "Registration and Sign-in" section of the module documentation for more information. The default is computed from the strategy name, eg: `sign_in_with_#{name}`. | -| [`identity_resource`](#authentication-strategies-oauth2-identity_resource){: #authentication-strategies-oauth2-identity_resource } | `module \| false` | `false` | The resource used to store user identities. Given that a user can be signed into multiple different authentication providers at once we use the `AshAuthentication.UserIdentity` resource to build a mapping between users, providers and that provider's uid. See the Identities section of the module documentation for more information. Set to `false` to disable. | +| [`auth_method`](#authentication-strategies-oauth2-auth_method){: #authentication-strategies-oauth2-auth_method } | `nil \| :client_secret_basic \| :client_secret_post \| :client_secret_jwt \| :private_key_jwt` | `:client_secret_post` | The authentication strategy used, optional. If not set, no authentication will be used during the access token request. | +| [`client_secret`](#authentication-strategies-oauth2-client_secret){: #authentication-strategies-oauth2-client_secret } | `(any, any -> any) \| module \| String.t` | | The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`private_key`](#authentication-strategies-oauth2-private_key){: #authentication-strategies-oauth2-private_key } | `(any, any -> any) \| module \| String.t` | | The private key to use if `:auth_method` is `:private_key_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`authorization_params`](#authentication-strategies-oauth2-authorization_params){: #authentication-strategies-oauth2-authorization_params } | `keyword` | `[]` | Any additional parameters to encode in the request phase. eg: `authorization_params scope: "openid profile email"` | +| [`registration_enabled?`](#authentication-strategies-oauth2-registration_enabled?){: #authentication-strategies-oauth2-registration_enabled? } | `boolean` | `true` | If enabled, new users will be able to register for your site when authenticating and not already present. If not, only existing users will be able to authenticate. | +| [`register_action_name`](#authentication-strategies-oauth2-register_action_name){: #authentication-strategies-oauth2-register_action_name } | `atom` | | The name of the action to use to register a user, if `registration_enabled?` is `true`. Defaults to `register_with_` See the "Registration and Sign-in" section of the strategy docs for more. | +| [`sign_in_action_name`](#authentication-strategies-oauth2-sign_in_action_name){: #authentication-strategies-oauth2-sign_in_action_name } | `atom` | | The name of the action to use to sign in an existing user, if `sign_in_enabled?` is `true`. Defaults to `sign_in_with_`, which is generated for you by default. See the "Registration and Sign-in" section of the strategy docs for more information. | +| [`identity_resource`](#authentication-strategies-oauth2-identity_resource){: #authentication-strategies-oauth2-identity_resource } | `module \| false` | `false` | The resource used to store user identities, or `false` to disable. See the User Identities section of the strategy docs for more. | | [`identity_relationship_name`](#authentication-strategies-oauth2-identity_relationship_name){: #authentication-strategies-oauth2-identity_relationship_name } | `atom` | `:identities` | Name of the relationship to the provider identities resource | -| [`identity_relationship_user_id_attribute`](#authentication-strategies-oauth2-identity_relationship_user_id_attribute){: #authentication-strategies-oauth2-identity_relationship_user_id_attribute } | `atom` | `:user_id` | The name of the destination (user_id) attribute on your provider identity resource. The only reason to change this would be if you changed the `user_id_attribute_name` option of the provider identity. | +| [`identity_relationship_user_id_attribute`](#authentication-strategies-oauth2-identity_relationship_user_id_attribute){: #authentication-strategies-oauth2-identity_relationship_user_id_attribute } | `atom` | `:user_id` | The name of the destination (user_id) attribute on your provider identity resource. Only necessary if you've changed the `user_id_attribute_name` option of the provider identity. | | [`icon`](#authentication-strategies-oauth2-icon){: #authentication-strategies-oauth2-icon } | `atom` | `:oauth2` | The name of an icon to use in any potential UI. This is a *hint* for UI generators to use, and not in any way canonical. | diff --git a/documentation/dsls/DSL:-AshAuthentication.Strategy.Oidc.md b/documentation/dsls/DSL:-AshAuthentication.Strategy.Oidc.md index 8534c362..c322a77b 100644 --- a/documentation/dsls/DSL:-AshAuthentication.Strategy.Oidc.md +++ b/documentation/dsls/DSL:-AshAuthentication.Strategy.Oidc.md @@ -48,206 +48,6 @@ A random value generator can look like this: AshAuthentication will dynamically generate one for the session if `nonce` is set to `true`. -## DSL Documentation - -Provides an OpenID Connect authentication strategy. - -This strategy is built using the `:oauth2` strategy, and thus provides -all the same configuration options should you need them. - -#### Schema: - - - - - - -* `:name` (`t:atom/0`) - Required. Uniquely identifies the strategy. - -* `:client_id` - Required. The OAuth2 client ID. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - client_id fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_client_id) - end - ``` - -* `:base_url` - The base URL of the OAuth2 server - including the leading protocol - (ie `https://`). - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - base_url fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) - end - ``` - -* `:site` - Deprecated: Use `base_url` instead. - -* `:auth_method` - The authentication strategy used, optional. If not set, no - authentication will be used during the access token request. The - value may be one of the following: - * `:client_secret_basic` - * `:client_secret_post` - * `:client_secret_jwt` - * `:private_key_jwt` - Valid values are nil, :client_secret_basic, :client_secret_post, :client_secret_jwt, :private_key_jwt The default value is `:client_secret_post`. - -* `:client_secret` - The OAuth2 client secret. - Required if :auth_method is `:client_secret_basic`, - `:client_secret_post` or `:client_secret_jwt`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - site fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) - end - ``` - -* `:authorize_url` - Required. The API url to the OAuth2 authorize endpoint. - Relative to the value of `site`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end - ``` - -* `:token_url` - Required. The API url to access the token endpoint. - Relative to the value of `site`. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end - ``` - -* `:private_key` - The private key to use if `:auth_method` is `:private_key_jwt` - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - -* `:redirect_uri` - Required. The callback URI base. - Not the whole URI back to the callback endpoint, but the URI to your - `AuthPlug`. We can generate the rest. - Whilst not particularly secret, it seemed prudent to allow this to be - configured dynamically so that you can use different URIs for - different environments. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - -* `:authorization_params` (`t:keyword/0`) - Any additional parameters to encode in the request phase. - eg: `authorization_params scope: "openid profile email"` The default value is `[]`. - -* `:registration_enabled?` (`t:boolean/0`) - Is registration enabled for this provider? - If this option is enabled, then new users will be able to register for - your site when authenticating and not already present. - If not, then only existing users will be able to authenticate. The default value is `true`. - -* `:register_action_name` (`t:atom/0`) - The name of the action to use to register a user. - Only needed if `registration_enabled?` is `true`. - Because we we don't know the response format of the server, you must - implement your own registration action of the same name. - See the "Registration and Sign-in" section of the module - documentation for more information. - The default is computed from the strategy name eg: - `register_with_#{name}`. - -* `:sign_in_action_name` (`t:atom/0`) - The name of the action to use to sign in an existing user. - Only needed if `registration_enabled?` is `false`. - Because we don't know the response format of the server, you must - implement your own sign-in action of the same name. - See the "Registration and Sign-in" section of the module - documentation for more information. - The default is computed from the strategy name, eg: - `sign_in_with_#{name}`. - -* `:identity_resource` - The resource used to store user identities. - Given that a user can be signed into multiple different - authentication providers at once we use the - `AshAuthentication.UserIdentity` resource to build a mapping - between users, providers and that provider's uid. - See the Identities section of the module documentation for more - information. - Set to `false` to disable. The default value is `false`. - -* `:identity_relationship_name` (`t:atom/0`) - Name of the relationship to the provider identities resource The default value is `:identities`. - -* `:identity_relationship_user_id_attribute` (`t:atom/0`) - The name of the destination (user_id) attribute on your provider - identity resource. - The only reason to change this would be if you changed the - `user_id_attribute_name` option of the provider identity. The default value is `:user_id`. - -* `:icon` (`t:atom/0`) - The name of an icon to use in any potential UI. - This is a *hint* for UI generators to use, and not in any way canonical. The default value is `:oauth2`. - -* `:openid_configuration_uri` (`t:String.t/0`) - The URI for the OpenID provider The default value is `"/.well-known/openid-configuration"`. - -* `:client_authentication_method` - The client authentication method to use. Valid values are :client_secret_basic, :client_secret_post, :client_secret_jwt, :private_key_jwt The default value is `:client_secret_basic`. - -* `:openid_configuration` (`t:map/0`) - The OpenID configuration. - If not set, the configuration will be retrieved from `openid_configuration_uri`. The default value is `%{}`. - -* `:id_token_signed_response_alg` - The `id_token_signed_response_alg` parameter sent by the Client during Registration. - Valid values are "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512", "Ed25519", "Ed25519ph", "Ed448", "Ed448ph", "EdDSA" The default value is `"RS256"`. - -* `:id_token_ttl_seconds` - The number of seconds from `iat` that an ID Token will be considered valid. The default value is `nil`. - -* `:nonce` - A function for generating the session nonce. - When set to `true` the nonce will be automatically generated using - `AshAuthentication.Strategy.Oidc.NonceGenerator`. Set to `false` - to explicitly disable. - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - See the module documentation for `AshAuthentication.Secret` for more - information. - - Example: - ```elixir - nonce fn _, _ -> - 16 - |> :crypto.strong_rand_bytes() - |> Base.encode64(padding: false) - end - ``` - - The default value is `true`. - -* `:trusted_audiences` - A list of audiences which are trusted. The default value is `nil`. - - - - - - ## authentication.strategies.oidc @@ -261,8 +61,6 @@ Provides an OpenID Connect authentication strategy. This strategy is built using the `:oauth2` strategy, and thus provides all the same configuration options should you need them. -###### Schema: - @@ -277,29 +75,29 @@ all the same configuration options should you need them. | Name | Type | Default | Docs | |------|------|---------|------| -| [`client_id`](#authentication-strategies-oidc-client_id){: #authentication-strategies-oidc-client_id .spark-required} | `(any, any -> any) \| module \| String.t` | | The OAuth2 client ID. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir client_id fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_client_id) end ``` | -| [`authorize_url`](#authentication-strategies-oidc-authorize_url){: #authentication-strategies-oidc-authorize_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to the OAuth2 authorize endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end ``` | -| [`token_url`](#authentication-strategies-oidc-token_url){: #authentication-strategies-oidc-token_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the token endpoint. Relative to the value of `site`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end ``` | -| [`redirect_uri`](#authentication-strategies-oidc-redirect_uri){: #authentication-strategies-oidc-redirect_uri .spark-required} | `(any, any -> any) \| module \| String.t` | | The callback URI base. Not the whole URI back to the callback endpoint, but the URI to your `AuthPlug`. We can generate the rest. Whilst not particularly secret, it seemed prudent to allow this to be configured dynamically so that you can use different URIs for different environments. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. | -| [`base_url`](#authentication-strategies-oidc-base_url){: #authentication-strategies-oidc-base_url } | `(any, any -> any) \| module \| String.t` | | The base URL of the OAuth2 server - including the leading protocol (ie `https://`). Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir base_url fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_site) end ``` | +| [`client_id`](#authentication-strategies-oidc-client_id){: #authentication-strategies-oidc-client_id .spark-required} | `(any, any -> any) \| module \| String.t` | | The OAuth2 client ID. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`authorize_url`](#authentication-strategies-oidc-authorize_url){: #authentication-strategies-oidc-authorize_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to the OAuth2 authorize endpoint, relative to `site`, e.g `authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`token_url`](#authentication-strategies-oidc-token_url){: #authentication-strategies-oidc-token_url .spark-required} | `(any, any -> any) \| module \| String.t` | | The API url to access the token endpoint, relative to `site`, e.g `token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`redirect_uri`](#authentication-strategies-oidc-redirect_uri){: #authentication-strategies-oidc-redirect_uri .spark-required} | `(any, any -> any) \| module \| String.t` | | The callback URI *base*. Not the whole URI back to the callback endpoint, but the URI to your `AuthPlug`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`base_url`](#authentication-strategies-oidc-base_url){: #authentication-strategies-oidc-base_url } | `(any, any -> any) \| module \| String.t` | | The base URL of the OAuth2 server - including the leading protocol (ie `https://`). Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | | [`site`](#authentication-strategies-oidc-site){: #authentication-strategies-oidc-site } | `(any, any -> any) \| module \| String.t` | | Deprecated: Use `base_url` instead. | -| [`auth_method`](#authentication-strategies-oidc-auth_method){: #authentication-strategies-oidc-auth_method } | `nil \| :client_secret_basic \| :client_secret_post \| :client_secret_jwt \| :private_key_jwt` | `:client_secret_post` | The authentication strategy used, optional. If not set, no authentication will be used during the access token request. The value may be one of the following: * `:client_secret_basic` * `:client_secret_post` * `:client_secret_jwt` * `:private_key_jwt` | -| [`client_secret`](#authentication-strategies-oidc-client_secret){: #authentication-strategies-oidc-client_secret } | `(any, any -> any) \| module \| String.t` | | The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir site fn _, resource -> :my_app \|> Application.get_env(resource, []) \|> Keyword.fetch(:oauth_site) end ``` | -| [`private_key`](#authentication-strategies-oidc-private_key){: #authentication-strategies-oidc-private_key } | `(any, any -> any) \| module \| String.t` | | The private key to use if `:auth_method` is `:private_key_jwt` Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. | -| [`authorization_params`](#authentication-strategies-oidc-authorization_params){: #authentication-strategies-oidc-authorization_params } | `Keyword.t` | `[]` | Any additional parameters to encode in the request phase. eg: `authorization_params scope: "openid profile email"` | -| [`registration_enabled?`](#authentication-strategies-oidc-registration_enabled?){: #authentication-strategies-oidc-registration_enabled? } | `boolean` | `true` | Is registration enabled for this provider? If this option is enabled, then new users will be able to register for your site when authenticating and not already present. If not, then only existing users will be able to authenticate. | -| [`register_action_name`](#authentication-strategies-oidc-register_action_name){: #authentication-strategies-oidc-register_action_name } | `atom` | | The name of the action to use to register a user. Only needed if `registration_enabled?` is `true`. Because we we don't know the response format of the server, you must implement your own registration action of the same name. See the "Registration and Sign-in" section of the module documentation for more information. The default is computed from the strategy name eg: `register_with_#{name}`. | -| [`sign_in_action_name`](#authentication-strategies-oidc-sign_in_action_name){: #authentication-strategies-oidc-sign_in_action_name } | `atom` | | The name of the action to use to sign in an existing user. Only needed if `registration_enabled?` is `false`. Because we don't know the response format of the server, you must implement your own sign-in action of the same name. See the "Registration and Sign-in" section of the module documentation for more information. The default is computed from the strategy name, eg: `sign_in_with_#{name}`. | -| [`identity_resource`](#authentication-strategies-oidc-identity_resource){: #authentication-strategies-oidc-identity_resource } | `module \| false` | `false` | The resource used to store user identities. Given that a user can be signed into multiple different authentication providers at once we use the `AshAuthentication.UserIdentity` resource to build a mapping between users, providers and that provider's uid. See the Identities section of the module documentation for more information. Set to `false` to disable. | +| [`auth_method`](#authentication-strategies-oidc-auth_method){: #authentication-strategies-oidc-auth_method } | `nil \| :client_secret_basic \| :client_secret_post \| :client_secret_jwt \| :private_key_jwt` | `:client_secret_post` | The authentication strategy used, optional. If not set, no authentication will be used during the access token request. | +| [`client_secret`](#authentication-strategies-oidc-client_secret){: #authentication-strategies-oidc-client_secret } | `(any, any -> any) \| module \| String.t` | | The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`private_key`](#authentication-strategies-oidc-private_key){: #authentication-strategies-oidc-private_key } | `(any, any -> any) \| module \| String.t` | | The private key to use if `:auth_method` is `:private_key_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | +| [`authorization_params`](#authentication-strategies-oidc-authorization_params){: #authentication-strategies-oidc-authorization_params } | `keyword` | `[]` | Any additional parameters to encode in the request phase. eg: `authorization_params scope: "openid profile email"` | +| [`registration_enabled?`](#authentication-strategies-oidc-registration_enabled?){: #authentication-strategies-oidc-registration_enabled? } | `boolean` | `true` | If enabled, new users will be able to register for your site when authenticating and not already present. If not, only existing users will be able to authenticate. | +| [`register_action_name`](#authentication-strategies-oidc-register_action_name){: #authentication-strategies-oidc-register_action_name } | `atom` | | The name of the action to use to register a user, if `registration_enabled?` is `true`. Defaults to `register_with_` See the "Registration and Sign-in" section of the strategy docs for more. | +| [`sign_in_action_name`](#authentication-strategies-oidc-sign_in_action_name){: #authentication-strategies-oidc-sign_in_action_name } | `atom` | | The name of the action to use to sign in an existing user, if `sign_in_enabled?` is `true`. Defaults to `sign_in_with_`, which is generated for you by default. See the "Registration and Sign-in" section of the strategy docs for more information. | +| [`identity_resource`](#authentication-strategies-oidc-identity_resource){: #authentication-strategies-oidc-identity_resource } | `module \| false` | `false` | The resource used to store user identities, or `false` to disable. See the User Identities section of the strategy docs for more. | | [`identity_relationship_name`](#authentication-strategies-oidc-identity_relationship_name){: #authentication-strategies-oidc-identity_relationship_name } | `atom` | `:identities` | Name of the relationship to the provider identities resource | -| [`identity_relationship_user_id_attribute`](#authentication-strategies-oidc-identity_relationship_user_id_attribute){: #authentication-strategies-oidc-identity_relationship_user_id_attribute } | `atom` | `:user_id` | The name of the destination (user_id) attribute on your provider identity resource. The only reason to change this would be if you changed the `user_id_attribute_name` option of the provider identity. | +| [`identity_relationship_user_id_attribute`](#authentication-strategies-oidc-identity_relationship_user_id_attribute){: #authentication-strategies-oidc-identity_relationship_user_id_attribute } | `atom` | `:user_id` | The name of the destination (user_id) attribute on your provider identity resource. Only necessary if you've changed the `user_id_attribute_name` option of the provider identity. | | [`icon`](#authentication-strategies-oidc-icon){: #authentication-strategies-oidc-icon } | `atom` | `:oauth2` | The name of an icon to use in any potential UI. This is a *hint* for UI generators to use, and not in any way canonical. | | [`openid_configuration_uri`](#authentication-strategies-oidc-openid_configuration_uri){: #authentication-strategies-oidc-openid_configuration_uri } | `String.t` | `"/.well-known/openid-configuration"` | The URI for the OpenID provider | | [`client_authentication_method`](#authentication-strategies-oidc-client_authentication_method){: #authentication-strategies-oidc-client_authentication_method } | `:client_secret_basic \| :client_secret_post \| :client_secret_jwt \| :private_key_jwt` | `:client_secret_basic` | The client authentication method to use. | -| [`openid_configuration`](#authentication-strategies-oidc-openid_configuration){: #authentication-strategies-oidc-openid_configuration } | `map` | `%{}` | The OpenID configuration. If not set, the configuration will be retrieved from `openid_configuration_uri`. | +| [`openid_configuration`](#authentication-strategies-oidc-openid_configuration){: #authentication-strategies-oidc-openid_configuration } | `map` | `%{}` | The OpenID configuration. If not set, the configuration will be retrieved from `openid_configuration_uri`. | | [`id_token_signed_response_alg`](#authentication-strategies-oidc-id_token_signed_response_alg){: #authentication-strategies-oidc-id_token_signed_response_alg } | `"HS256" \| "HS384" \| "HS512" \| "RS256" \| "RS384" \| "RS512" \| "ES256" \| "ES384" \| "ES512" \| "PS256" \| "PS384" \| "PS512" \| "Ed25519" \| "Ed25519ph" \| "Ed448" \| "Ed448ph" \| "EdDSA"` | `"RS256"` | The `id_token_signed_response_alg` parameter sent by the Client during Registration. | | [`id_token_ttl_seconds`](#authentication-strategies-oidc-id_token_ttl_seconds){: #authentication-strategies-oidc-id_token_ttl_seconds } | `nil \| pos_integer` | | The number of seconds from `iat` that an ID Token will be considered valid. | -| [`nonce`](#authentication-strategies-oidc-nonce){: #authentication-strategies-oidc-nonce } | `boolean \| (any, any -> any) \| module \| String.t` | `true` | A function for generating the session nonce. When set to `true` the nonce will be automatically generated using `AshAuthentication.Strategy.Oidc.NonceGenerator`. Set to `false` to explicitly disable. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. Example: ```elixir nonce fn _, _ -> 16 \|> :crypto.strong_rand_bytes() \|> Base.encode64(padding: false) end ``` | +| [`nonce`](#authentication-strategies-oidc-nonce){: #authentication-strategies-oidc-nonce } | `boolean \| (any, any -> any) \| module \| String.t` | `true` | A function for generating the session nonce, `true` to automatically generate it with `AshAuthetnication.Strategy.Oidc.NonceGenerator`, or `false` to disable. | | [`trusted_audiences`](#authentication-strategies-oidc-trusted_audiences){: #authentication-strategies-oidc-trusted_audiences } | `nil \| list(String.t)` | | A list of audiences which are trusted. | diff --git a/documentation/dsls/DSL:-AshAuthentication.Strategy.Password.md b/documentation/dsls/DSL:-AshAuthentication.Strategy.Password.md index 88d36ce7..0f0c394e 100644 --- a/documentation/dsls/DSL:-AshAuthentication.Strategy.Password.md +++ b/documentation/dsls/DSL:-AshAuthentication.Strategy.Password.md @@ -95,105 +95,6 @@ Dispatching to plugs directly: See the [Testing guide](/documentation/topics/testing.md) for tips on testing resources using this strategy. -## DSL Documentation - -Strategy for authenticating using local resources as the source of truth. - - * resettable - -Examples: -``` -password :password do - identity_field :email - hashed_password_field :hashed_password - hash_provider AshAuthentication.BcryptProvider - confirmation_required? true -end - -``` - - -* `:identity_field` (`t:atom/0`) - The name of the attribute which uniquely identifies the user. - Usually something like `username` or `email_address`. The default value is `:username`. - -* `:hashed_password_field` (`t:atom/0`) - The name of the attribute within which to store the user's password - once it has been hashed. The default value is `:hashed_password`. - -* `:hash_provider` (`t:atom/0`) - A module which implements the `AshAuthentication.HashProvider` - behaviour. - Used to provide cryptographic hashing of passwords. The default value is `AshAuthentication.BcryptProvider`. - -* `:confirmation_required?` (`t:boolean/0`) - Whether a password confirmation field is required when registering or - changing passwords. The default value is `true`. - -* `:register_action_accept` (list of `t:atom/0`) - A list of additional fields to be accepted in the register action. The default value is `[]`. - -* `:password_field` (`t:atom/0`) - The name of the argument used to collect the user's password in - plaintext when registering, checking or changing passwords. The default value is `:password`. - -* `:password_confirmation_field` (`t:atom/0`) - The name of the argument used to confirm the user's password in - plaintext when registering or changing passwords. The default value is `:password_confirmation`. - -* `:register_action_name` (`t:atom/0`) - The name to use for the register action. - If not present it will be generated by prepending the strategy name - with `register_with_`. - -* `:registration_enabled?` (`t:boolean/0`) - If you do not want new users to be able to register using this - strategy, set this to false. The default value is `true`. - -* `:sign_in_action_name` (`t:atom/0`) - The name to use for the sign in action. - If not present it will be generated by prepending the strategy name - with `sign_in_with_`. - -* `:sign_in_enabled?` (`t:boolean/0`) - If you do not want new users to be able to sign in using this - strategy, set this to false. The default value is `true`. - -* `:sign_in_tokens_enabled?` (`t:boolean/0`) - Whether or not to support generating short lived sign in tokens. Requires the resource to have - tokens enabled. There is no drawback to supporting this, and in the future this default will - change from `false` to `true`. - Sign in tokens can be generated on request by setting the `:token_type` context to `:sign_in` - when calling the sign in action. You might do this when you need to generate a short lived token - to be exchanged for a real token using the `validate_sign_in_token` route. This is used, for example, - by `ash_authentication_phoenix` (since 1.7) to support signing in in a liveview, and then redirecting - with a valid token to a controller action, allowing the liveview to show invalid username/password errors. The default value is `false`. - -* `:sign_in_token_lifetime` - A lifetime for which a generated sign in token will be valid, if `sign_in_tokens_enabled?`. - If no unit is specified, defaults to `:seconds`. The default value is `{60, :seconds}`. - - - -### resettable - -Configure password reset options for the resource - - - - - -* `:token_lifetime` - How long should the reset token be valid. - If no unit is provided `:hours` is assumed. - Defaults to 3 days. The default value is `{3, :days}`. - -* `:request_password_reset_action_name` (`t:atom/0`) - The name to use for the action which generates a password reset token. - If not present it will be generated by prepending the strategy name - with `request_password_reset_with_`. - -* `:password_reset_action_name` (`t:atom/0`) - The name to use for the action which actually resets the user's - password. - If not present it will be generated by prepending the strategy name - with `password_reset_with_`. - -* `:sender` - Required. How to send the password reset instructions to the user. - Allows you to glue sending of reset instructions to [swoosh](https://hex.pm/packages/swoosh), [ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification system is appropriate for your application. - Accepts a module, module and opts, or a function that takes a record, reset token and options. - See `AshAuthentication.Sender` for more information. - - - - - - - ## authentication.strategies.password @@ -226,19 +127,19 @@ end | Name | Type | Default | Docs | |------|------|---------|------| -| [`identity_field`](#authentication-strategies-password-identity_field){: #authentication-strategies-password-identity_field } | `atom` | `:username` | The name of the attribute which uniquely identifies the user. Usually something like `username` or `email_address`. | +| [`identity_field`](#authentication-strategies-password-identity_field){: #authentication-strategies-password-identity_field } | `atom` | `:username` | The name of the attribute which uniquely identifies the user, usually something like `username` or `email_address`. | | [`hashed_password_field`](#authentication-strategies-password-hashed_password_field){: #authentication-strategies-password-hashed_password_field } | `atom` | `:hashed_password` | The name of the attribute within which to store the user's password once it has been hashed. | -| [`hash_provider`](#authentication-strategies-password-hash_provider){: #authentication-strategies-password-hash_provider } | `module` | `AshAuthentication.BcryptProvider` | A module which implements the `AshAuthentication.HashProvider` behaviour. Used to provide cryptographic hashing of passwords. | +| [`hash_provider`](#authentication-strategies-password-hash_provider){: #authentication-strategies-password-hash_provider } | `module` | `AshAuthentication.BcryptProvider` | A module which implements the `AshAuthentication.HashProvider` behaviour, to provide cryptographic hashing of passwords. | | [`confirmation_required?`](#authentication-strategies-password-confirmation_required?){: #authentication-strategies-password-confirmation_required? } | `boolean` | `true` | Whether a password confirmation field is required when registering or changing passwords. | | [`register_action_accept`](#authentication-strategies-password-register_action_accept){: #authentication-strategies-password-register_action_accept } | `list(atom)` | `[]` | A list of additional fields to be accepted in the register action. | | [`password_field`](#authentication-strategies-password-password_field){: #authentication-strategies-password-password_field } | `atom` | `:password` | The name of the argument used to collect the user's password in plaintext when registering, checking or changing passwords. | | [`password_confirmation_field`](#authentication-strategies-password-password_confirmation_field){: #authentication-strategies-password-password_confirmation_field } | `atom` | `:password_confirmation` | The name of the argument used to confirm the user's password in plaintext when registering or changing passwords. | -| [`register_action_name`](#authentication-strategies-password-register_action_name){: #authentication-strategies-password-register_action_name } | `atom` | | The name to use for the register action. If not present it will be generated by prepending the strategy name with `register_with_`. | +| [`register_action_name`](#authentication-strategies-password-register_action_name){: #authentication-strategies-password-register_action_name } | `atom` | | The name to use for the register action. Defaults to `register_with_` | | [`registration_enabled?`](#authentication-strategies-password-registration_enabled?){: #authentication-strategies-password-registration_enabled? } | `boolean` | `true` | If you do not want new users to be able to register using this strategy, set this to false. | -| [`sign_in_action_name`](#authentication-strategies-password-sign_in_action_name){: #authentication-strategies-password-sign_in_action_name } | `atom` | | The name to use for the sign in action. If not present it will be generated by prepending the strategy name with `sign_in_with_`. | +| [`sign_in_action_name`](#authentication-strategies-password-sign_in_action_name){: #authentication-strategies-password-sign_in_action_name } | `atom` | | The name to use for the sign in action. Defaults to `sign_in_with_` | | [`sign_in_enabled?`](#authentication-strategies-password-sign_in_enabled?){: #authentication-strategies-password-sign_in_enabled? } | `boolean` | `true` | If you do not want new users to be able to sign in using this strategy, set this to false. | -| [`sign_in_tokens_enabled?`](#authentication-strategies-password-sign_in_tokens_enabled?){: #authentication-strategies-password-sign_in_tokens_enabled? } | `boolean` | `false` | Whether or not to support generating short lived sign in tokens. Requires the resource to have tokens enabled. There is no drawback to supporting this, and in the future this default will change from `false` to `true`. Sign in tokens can be generated on request by setting the `:token_type` context to `:sign_in` when calling the sign in action. You might do this when you need to generate a short lived token to be exchanged for a real token using the `validate_sign_in_token` route. This is used, for example, by `ash_authentication_phoenix` (since 1.7) to support signing in in a liveview, and then redirecting with a valid token to a controller action, allowing the liveview to show invalid username/password errors. | -| [`sign_in_token_lifetime`](#authentication-strategies-password-sign_in_token_lifetime){: #authentication-strategies-password-sign_in_token_lifetime } | `pos_integer \| {pos_integer, :days \| :hours \| :minutes \| :seconds}` | `{60, :seconds}` | A lifetime for which a generated sign in token will be valid, if `sign_in_tokens_enabled?`. If no unit is specified, defaults to `:seconds`. | +| [`sign_in_tokens_enabled?`](#authentication-strategies-password-sign_in_tokens_enabled?){: #authentication-strategies-password-sign_in_tokens_enabled? } | `boolean` | `false` | Whether or not to support generating short lived sign in tokens. Requires the resource to have tokens enabled. There is no drawback to supporting this, and in the future this default will change from `false` to `true`. | +| [`sign_in_token_lifetime`](#authentication-strategies-password-sign_in_token_lifetime){: #authentication-strategies-password-sign_in_token_lifetime } | `pos_integer \| {pos_integer, :days \| :hours \| :minutes \| :seconds}` | `{60, :seconds}` | A lifetime for which a generated sign in token will be valid, if `sign_in_tokens_enabled?`. Unit defaults to `:seconds`. | ## authentication.strategies.password.resettable @@ -255,10 +156,10 @@ Configure password reset options for the resource | Name | Type | Default | Docs | |------|------|---------|------| -| [`sender`](#authentication-strategies-password-resettable-sender){: #authentication-strategies-password-resettable-sender .spark-required} | `(any, any, any -> any) \| module` | | How to send the password reset instructions to the user. Allows you to glue sending of reset instructions to [swoosh](https://hex.pm/packages/swoosh), [ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification system is appropriate for your application. Accepts a module, module and opts, or a function that takes a record, reset token and options. See `AshAuthentication.Sender` for more information. | -| [`token_lifetime`](#authentication-strategies-password-resettable-token_lifetime){: #authentication-strategies-password-resettable-token_lifetime } | `pos_integer \| {pos_integer, :days \| :hours \| :minutes \| :seconds}` | `{3, :days}` | How long should the reset token be valid. If no unit is provided `:hours` is assumed. Defaults to 3 days. | -| [`request_password_reset_action_name`](#authentication-strategies-password-resettable-request_password_reset_action_name){: #authentication-strategies-password-resettable-request_password_reset_action_name } | `atom` | | The name to use for the action which generates a password reset token. If not present it will be generated by prepending the strategy name with `request_password_reset_with_`. | -| [`password_reset_action_name`](#authentication-strategies-password-resettable-password_reset_action_name){: #authentication-strategies-password-resettable-password_reset_action_name } | `atom` | | The name to use for the action which actually resets the user's password. If not present it will be generated by prepending the strategy name with `password_reset_with_`. | +| [`sender`](#authentication-strategies-password-resettable-sender){: #authentication-strategies-password-resettable-sender .spark-required} | `(any, any, any -> any) \| module` | | The sender to use when sending password reset instructions. | +| [`token_lifetime`](#authentication-strategies-password-resettable-token_lifetime){: #authentication-strategies-password-resettable-token_lifetime } | `pos_integer \| {pos_integer, :days \| :hours \| :minutes \| :seconds}` | `{3, :days}` | How long should the reset token be valid. If no unit is provided `:hours` is assumed. | +| [`request_password_reset_action_name`](#authentication-strategies-password-resettable-request_password_reset_action_name){: #authentication-strategies-password-resettable-request_password_reset_action_name } | `atom` | | The name to use for the action which generates a password reset token. Defaults to `request_password_reset_with_`. | +| [`password_reset_action_name`](#authentication-strategies-password-resettable-password_reset_action_name){: #authentication-strategies-password-resettable-password_reset_action_name } | `atom` | | The name to use for the action which actually resets the user's password. Defaults to `password_reset_with_`. | diff --git a/documentation/dsls/DSL:-AshAuthentication.TokenResource.md b/documentation/dsls/DSL:-AshAuthentication.TokenResource.md index 70ef0002..0e2b1ef4 100644 --- a/documentation/dsls/DSL:-AshAuthentication.TokenResource.md +++ b/documentation/dsls/DSL:-AshAuthentication.TokenResource.md @@ -72,10 +72,10 @@ Configuration options for this token resource |------|------|---------|------| | [`api`](#token-api){: #token-api .spark-required} | `module` | | The Ash API to use to access this resource. | | [`expunge_expired_action_name`](#token-expunge_expired_action_name){: #token-expunge_expired_action_name } | `atom` | `:expunge_expired` | The name of the action used to remove expired tokens. | -| [`read_expired_action_name`](#token-read_expired_action_name){: #token-read_expired_action_name } | `atom` | `:read_expired` | The name of the action use to find all expired tokens. Used internally by the `expunge_expired` action. | -| [`expunge_interval`](#token-expunge_interval){: #token-expunge_interval } | `pos_integer` | `12` | How often to remove expired records. How often to scan this resource for records which have expired, and thus can be removed. | -| [`store_token_action_name`](#token-store_token_action_name){: #token-store_token_action_name } | `atom` | `:store_token` | The name of the action to use to store a token. Used if `store_all_tokens?` is enabled in your authentication resource. | -| [`get_token_action_name`](#token-get_token_action_name){: #token-get_token_action_name } | `atom` | `:get_token` | The name of the action used to retrieve tokens from the store. Used if `require_token_presence_for_authentication?` is enabled in your authentication resource. | +| [`read_expired_action_name`](#token-read_expired_action_name){: #token-read_expired_action_name } | `atom` | `:read_expired` | The name of the action use to find all expired tokens. | +| [`expunge_interval`](#token-expunge_interval){: #token-expunge_interval } | `pos_integer` | `12` | How often to scan this resource for records which have expired, and thus can be removed. | +| [`store_token_action_name`](#token-store_token_action_name){: #token-store_token_action_name } | `atom` | `:store_token` | The name of the action to use to store a token, if `require_tokens_for_authentication?` is enabled in your authentication resource. | +| [`get_token_action_name`](#token-get_token_action_name){: #token-get_token_action_name } | `atom` | `:get_token` | The name of the action used to retrieve tokens from the store, if `require_tokens_for_authentication?` is enabled in your authentication resource. | ## token.revocation diff --git a/documentation/dsls/DSL:-AshAuthentication.md b/documentation/dsls/DSL:-AshAuthentication.md index 50048c97..8c0ce241 100644 --- a/documentation/dsls/DSL:-AshAuthentication.md +++ b/documentation/dsls/DSL:-AshAuthentication.md @@ -101,9 +101,9 @@ Configure authentication for this resource | Name | Type | Default | Docs | |------|------|---------|------| | [`api`](#authentication-api){: #authentication-api .spark-required} | `module` | | The name of the Ash API to use to access this resource when doing anything authenticaiton related. | -| [`subject_name`](#authentication-subject_name){: #authentication-subject_name } | `atom` | | The subject name is used anywhere that a short version of your resource name is needed, eg: - generating token claims, - generating routes, - form parameter nesting. This needs to be unique system-wide and if not set will be inferred from the resource name (ie `MyApp.Accounts.User` will have a subject name of `user`). | -| [`get_by_subject_action_name`](#authentication-get_by_subject_action_name){: #authentication-get_by_subject_action_name } | `atom` | `:get_by_subject` | The name of the read action used to retrieve records. Used internally by `AshAuthentication.subject_to_user/2`. If the action doesn't exist, one will be generated for you. | -| [`select_for_senders`](#authentication-select_for_senders){: #authentication-select_for_senders } | `list(atom)` | | A list of fields that we will ensure are selected whenever a sender will be invoked. This is useful if using something like `ash_graphql` which by default only selects what fields appear in the query, and if you are exposing these actions that way. Defaults to `[:email]` if there is an `:email` attribute on the resource, and `[]` otherwise. | +| [`subject_name`](#authentication-subject_name){: #authentication-subject_name } | `atom` | | The subject name is used anywhere that a short version of your resource name is needed. Must be unique system-wide and will be inferred from the resource name by default (ie `MyApp.Accounts.User` -> `user`). | +| [`get_by_subject_action_name`](#authentication-get_by_subject_action_name){: #authentication-get_by_subject_action_name } | `atom` | `:get_by_subject` | The name of the read action used to retrieve records. If the action doesn't exist, one will be generated for you. | +| [`select_for_senders`](#authentication-select_for_senders){: #authentication-select_for_senders } | `list(atom)` | | A list of fields that we will ensure are selected whenever a sender will be invoked. Defaults to `[:email]` if there is an `:email` attribute on the resource, and `[]` otherwise. | ## authentication.tokens @@ -118,13 +118,13 @@ Configure JWT settings for this resource | Name | Type | Default | Docs | |------|------|---------|------| -| [`token_resource`](#authentication-tokens-token_resource){: #authentication-tokens-token_resource .spark-required} | `module \| false` | | The resource used to store token information. If token generation is enabled for this resource, we need a place to store information about tokens, such as revocations and in-flight confirmations. | +| [`token_resource`](#authentication-tokens-token_resource){: #authentication-tokens-token_resource .spark-required} | `module \| false` | | The resource used to store token information, such as in-flight confirmations, revocations, and if `store_all_tokens?` is enabled, authentication tokens themselves. | | [`enabled?`](#authentication-tokens-enabled?){: #authentication-tokens-enabled? } | `boolean` | `false` | Should JWTs be generated by this resource? | -| [`store_all_tokens?`](#authentication-tokens-store_all_tokens?){: #authentication-tokens-store_all_tokens? } | `boolean` | `false` | Store all tokens in the `token_resource`? Some applications need to keep track of all tokens issued to any user. This is optional behaviour with `ash_authentication` in order to preserve as much performance as possible. | -| [`require_token_presence_for_authentication?`](#authentication-tokens-require_token_presence_for_authentication?){: #authentication-tokens-require_token_presence_for_authentication? } | `boolean` | `false` | Require a locally-stored token for authentication? This inverts the token validation behaviour from requiring that tokens are not revoked to requiring any token presented by a client to be present in the token resource to be considered valid. Requires `store_all_tokens?` to be `true`. | +| [`store_all_tokens?`](#authentication-tokens-store_all_tokens?){: #authentication-tokens-store_all_tokens? } | `boolean` | `false` | Store all tokens in the `token_resource`. See the [tokens guide](/documentation/topics/tokens.md) for more. | +| [`require_token_presence_for_authentication?`](#authentication-tokens-require_token_presence_for_authentication?){: #authentication-tokens-require_token_presence_for_authentication? } | `boolean` | `false` | Require a locally-stored token for authentication. See the [tokens guide](/documentation/topics/tokens.md) for more. | | [`signing_algorithm`](#authentication-tokens-signing_algorithm){: #authentication-tokens-signing_algorithm } | `String.t` | `"HS256"` | The algorithm to use for token signing. Available signing algorithms are; EdDSA, Ed448ph, Ed448, Ed25519ph, Ed25519, PS512, PS384, PS256, ES512, ES384, ES256, RS512, RS384, RS256, HS512, HS384 and HS256. | -| [`token_lifetime`](#authentication-tokens-token_lifetime){: #authentication-tokens-token_lifetime } | `pos_integer \| {pos_integer, :days \| :hours \| :minutes \| :seconds}` | `{14, :days}` | How long a token should be valid. Since refresh tokens are not yet supported, you should probably set this to a reasonably long time to ensure a good user experience. You can either provide a tuple with a time unit, or a positive integer, in which case the unit is assumed to be hours. Defaults to 14 days. | -| [`signing_secret`](#authentication-tokens-signing_secret){: #authentication-tokens-signing_secret } | `(any, any -> any) \| module \| String.t` | | The secret used to sign tokens. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. See the module documentation for `AshAuthentication.Secret` for more information. | +| [`token_lifetime`](#authentication-tokens-token_lifetime){: #authentication-tokens-token_lifetime } | `pos_integer \| {pos_integer, :days \| :hours \| :minutes \| :seconds}` | `{14, :days}` | How long a token should be valid. See [the tokens guide](/documentation/topics/tokens.md) for more. | +| [`signing_secret`](#authentication-tokens-signing_secret){: #authentication-tokens-signing_secret } | `(any, any -> any) \| module \| String.t` | | The secret used to sign tokens. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. | diff --git a/documentation/topics/confirmation.md b/documentation/topics/confirmation.md new file mode 100644 index 00000000..1ede7066 --- /dev/null +++ b/documentation/topics/confirmation.md @@ -0,0 +1,7 @@ +# Confirmation + +## Inhibiting Updates + +Inhibiting updates can be done with `d:AshAuthentication.AddOn.Confirmation.**authentication**.add_ons.confirmation.inhibit_updates?`. + +If a change to a monitored field is detected, then the change is stored in the token resource and the changeset updated to not make the requested change. When the token is confirmed, the change will be applied. This could be potentially weird for your users, but useful in the case of a user changing their email address or phone number where you want to verify that the new contact details are reachable. \ No newline at end of file diff --git a/documentation/topics/tokens.md b/documentation/topics/tokens.md new file mode 100644 index 00000000..78dfd2ce --- /dev/null +++ b/documentation/topics/tokens.md @@ -0,0 +1,19 @@ +# Tokens + +## Token Lifetime + +Since refresh tokens are not yet included in `ash_authentication`, you should set the token lifetime to a reasonably long time to ensure a good user experience. Alternatively, refresh tokens can be implemented on your own. + +## Requiring Token Storage + +Using `d:AshAuthentication.Dsl.authentication.tokens.require_token_presence_for_authentication?` inverts the token validation behaviour from requiring that tokens are not revoked to requiring any token presented by a client to be present in the token resource to be considered valid. + +Requires `store_all_tokens?` to be `true`. + +`store_all_tokens?` instructs `AshAuthentication` to keep track of all tokens issued to any user. This is optional behaviour with `ash_authentication` in order to preserve as much performance as possible. + +## Sign in Tokens + +Enabled with `d:AshAuthentication.Strategy.Password.authentication.strategies.password.sign_in_tokens_enabled?` + +Sign in tokens can be generated on request by setting the `:token_type` context to `:sign_in` when calling the sign in action. You might do this when you need to generate a short lived token to be exchanged for a real token using the `validate_sign_in_token` route. This is used, for example, by `ash_authentication_phoenix` (since 1.7) to support signing in in a liveview, and then redirecting with a valid token to a controller action, allowing the liveview to show invalid username/password errors. \ No newline at end of file diff --git a/lib/ash_authentication/add_ons/confirmation.ex b/lib/ash_authentication/add_ons/confirmation.ex index 99d4e3a5..d341cf6d 100644 --- a/lib/ash_authentication/add_ons/confirmation.ex +++ b/lib/ash_authentication/add_ons/confirmation.ex @@ -86,10 +86,6 @@ defmodule AshAuthentication.AddOn.Confirmation do ...> {_conn, {:ok, user}} = Plug.Helpers.get_authentication_result(conn) ...> user.confirmed_at >= one_second_ago() true - - ## DSL Documentation - - #{Spark.Dsl.Extension.doc_entity(Dsl.dsl())} """ defstruct confirm_action_name: :confirm, diff --git a/lib/ash_authentication/add_ons/confirmation/dsl.ex b/lib/ash_authentication/add_ons/confirmation/dsl.ex index dd63af72..e4062226 100644 --- a/lib/ash_authentication/add_ons/confirmation/dsl.ex +++ b/lib/ash_authentication/add_ons/confirmation/dsl.ex @@ -37,90 +37,49 @@ defmodule AshAuthentication.AddOn.Confirmation.Dsl do :pos_integer, {:tuple, [:pos_integer, {:in, [:days, :hours, :minutes, :seconds]}]} ]}, - doc: """ - How long should the confirmation token be valid. - If no unit is provided, then hours is assumed. - - Defaults to #{@default_confirmation_lifetime_days} days. - """, + doc: + "How long should the confirmation token be valid. If no unit is provided, then hours is assumed.", default: {@default_confirmation_lifetime_days, :days} ], monitor_fields: [ type: {:list, :atom}, - doc: """ - A list of fields to monitor for changes (eg `[:email, :phone_number]`). - The confirmation will only be sent when one of these fields are changed. - """, + doc: + "A list of fields to monitor for changes. Confirmation will be sent when one of these fields are changed.", required: true ], confirmed_at_field: [ type: :atom, - doc: """ - The name of a field to store the time that the last confirmation took - place. - This attribute will be dynamically added to the resource if not already - present. - """, + doc: + "The name of the field to store the time that the last confirmation took place. Created if it does not exist.", default: :confirmed_at ], confirm_on_create?: [ type: :boolean, - doc: """ - Generate and send a confirmation token when a new resource is created? - Will only trigger when a create action is executed _and_ one of the - monitored fields is being set. - """, + doc: + "Generate and send a confirmation token when a new resource is created. Triggers when a create action is executed _and_ one of the monitored fields is being set.", default: true ], confirm_on_update?: [ type: :boolean, - doc: """ - Generate and send a confirmation token when a resource is changed? - Will only trigger when an update action is executed _and_ one of the - monitored fields is being set. - """, + doc: + "Generate and send a confirmation token when a resource is changed. Triggers when an update action is executed _and_ one of the monitored fields is being set.", default: true ], inhibit_updates?: [ type: :boolean, - doc: """ - Wait until confirmation is received before actually changing a monitored - field? - If a change to a monitored field is detected, then the change is stored - in the token resource and the changeset updated to not make the - requested change. When the token is confirmed, the change will be - applied. - This could be potentially weird for your users, but useful in the case - of a user changing their email address or phone number where you want - to verify that the new contact details are reachable. - """, + doc: + "Whether or not to wait until confirmation is received before actually changing a monitored field. See [the confirmation guide](/documentation/topics/confirmation.md) for more.", default: true ], sender: [ type: {:spark_function_behaviour, Sender, {SenderFunction, 3}}, - doc: """ - How to send the confirmation instructions to the user. - Allows you to glue sending of confirmation instructions to - [swoosh](https://hex.pm/packages/swoosh), - [ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification - system is appropriate for your application. - Accepts a module, module and opts, or a function that takes a record, - reset token and options. - The options will be a keyword list containing the original - changeset, before any changes were inhibited. This allows you - to send an email to the user's new email address if it is being - changed for example. - See `AshAuthentication.Sender` for more information. - """, + doc: "How to send the confirmation instructions to the user.", required: true ], confirm_action_name: [ type: :atom, - doc: """ - The name of the action to use when performing confirmation. - If this action is not already present on the resource, it will be - created for you. - """, + doc: + "The name of the action to use when performing confirmation. Will be created if it does not already exist.", default: :confirm ] ] diff --git a/lib/ash_authentication/dsl.ex b/lib/ash_authentication/dsl.ex index 1f4f0658..5674d43c 100644 --- a/lib/ash_authentication/dsl.ex +++ b/lib/ash_authentication/dsl.ex @@ -28,13 +28,8 @@ defmodule AshAuthentication.Dsl do @doc false @spec secret_doc :: String.t() def secret_doc, - do: """ - Takes either a module which implements the `AshAuthentication.Secret` - behaviour, a 2 arity anonymous function or a string. - - See the module documentation for `AshAuthentication.Secret` for more - information. - """ + do: + "Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string." @doc false @spec dsl :: [Section.t()] @@ -50,46 +45,25 @@ defmodule AshAuthentication.Dsl do schema: [ subject_name: [ type: :atom, - doc: """ - The subject name is used anywhere that a short version of your - resource name is needed, eg: - - - generating token claims, - - generating routes, - - form parameter nesting. - - This needs to be unique system-wide and if not set will be inferred - from the resource name (ie `MyApp.Accounts.User` will have a subject - name of `user`). - """ + doc: + "The subject name is used anywhere that a short version of your resource name is needed. Must be unique system-wide and will be inferred from the resource name by default (ie `MyApp.Accounts.User` -> `user`)." ], api: [ type: {:behaviour, Api}, - doc: """ - The name of the Ash API to use to access this resource when - doing anything authenticaiton related. - """, + doc: + "The name of the Ash API to use to access this resource when doing anything authenticaiton related.", required: true ], get_by_subject_action_name: [ type: :atom, - doc: """ - The name of the read action used to retrieve records. - - Used internally by `AshAuthentication.subject_to_user/2`. If the - action doesn't exist, one will be generated for you. - """, + doc: + "The name of the read action used to retrieve records. If the action doesn't exist, one will be generated for you.", default: :get_by_subject ], select_for_senders: [ type: {:list, :atom}, - doc: """ - A list of fields that we will ensure are selected whenever a sender will be invoked. - This is useful if using something like `ash_graphql` which by default only selects - what fields appear in the query, and if you are exposing these actions that way. - Defaults to `[:email]` if there is an `:email` attribute on the resource, and `[]` - otherwise. - """ + doc: + "A list of fields that we will ensure are selected whenever a sender will be invoked. Defaults to `[:email]` if there is an `:email` attribute on the resource, and `[]` otherwise." ] ], sections: [ @@ -107,37 +81,20 @@ defmodule AshAuthentication.Dsl do ], store_all_tokens?: [ type: :boolean, - doc: """ - Store all tokens in the `token_resource`? - - Some applications need to keep track of all tokens issued to - any user. This is optional behaviour with `ash_authentication` - in order to preserve as much performance as possible. - """, + doc: + "Store all tokens in the `token_resource`. See the [tokens guide](/documentation/topics/tokens.md) for more.", default: false ], require_token_presence_for_authentication?: [ type: :boolean, - doc: """ - Require a locally-stored token for authentication? - - This inverts the token validation behaviour from requiring that - tokens are not revoked to requiring any token presented by a - client to be present in the token resource to be considered - valid. - - Requires `store_all_tokens?` to be `true`. - """, + doc: + "Require a locally-stored token for authentication. See the [tokens guide](/documentation/topics/tokens.md) for more.", default: false ], signing_algorithm: [ type: :string, - doc: """ - The algorithm to use for token signing. - - Available signing algorithms are; - #{to_sentence(algorithms(), final: "and")}. - """, + doc: + "The algorithm to use for token signing. Available signing algorithms are; #{to_sentence(algorithms(), final: "and")}.", default: hd(algorithms()) ], token_lifetime: [ @@ -147,38 +104,19 @@ defmodule AshAuthentication.Dsl do :pos_integer, {:tuple, [:pos_integer, {:in, [:days, :hours, :minutes, :seconds]}]} ]}, - doc: """ - How long a token should be valid. - - Since refresh tokens are not yet supported, you should - probably set this to a reasonably long time to ensure - a good user experience. - - You can either provide a tuple with a time unit, or a positive - integer, in which case the unit is assumed to be hours. - - Defaults to #{@default_token_lifetime_days} days. - """, + doc: + "How long a token should be valid. See [the tokens guide](/documentation/topics/tokens.md) for more.", default: {@default_token_lifetime_days, :days} ], token_resource: [ type: {:or, [{:behaviour, Resource}, {:in, [false]}]}, - doc: """ - The resource used to store token information. - - If token generation is enabled for this resource, we need a place to - store information about tokens, such as revocations and in-flight - confirmations. - """, + doc: + "The resource used to store token information, such as in-flight confirmations, revocations, and if `store_all_tokens?` is enabled, authentication tokens themselves.", required: true ], signing_secret: [ type: secret_type, - doc: """ - The secret used to sign tokens. - - #{secret_doc} - """ + doc: "The secret used to sign tokens. #{secret_doc}" ] ] }, diff --git a/lib/ash_authentication/strategies/auth0.ex b/lib/ash_authentication/strategies/auth0.ex index d961e19e..9d5533b9 100644 --- a/lib/ash_authentication/strategies/auth0.ex +++ b/lib/ash_authentication/strategies/auth0.ex @@ -16,10 +16,6 @@ defmodule AshAuthentication.Strategy.Auth0 do See the [Auth0 quickstart guide](/documentation/tutorials/auth0-quickstart.md) for more information. - - ## DSL Documentation - - #{Spark.Dsl.Extension.doc_entity(Dsl.dsl())} """ alias AshAuthentication.Strategy.{Custom, OAuth2} diff --git a/lib/ash_authentication/strategies/auth0/dsl.ex b/lib/ash_authentication/strategies/auth0/dsl.ex index bf3a67f6..b17de2b9 100644 --- a/lib/ash_authentication/strategies/auth0/dsl.ex +++ b/lib/ash_authentication/strategies/auth0/dsl.ex @@ -22,8 +22,6 @@ defmodule AshAuthentication.Strategy.Auth0.Dsl do #### Strategy defaults: #{strategy_override_docs(Assent.Strategy.Auth0)} - - #### Schema: """, auto_set_fields: strategy_fields(Assent.Strategy.Auth0, icon: :auth0) }) diff --git a/lib/ash_authentication/strategies/github.ex b/lib/ash_authentication/strategies/github.ex index 945fc020..af196b89 100644 --- a/lib/ash_authentication/strategies/github.ex +++ b/lib/ash_authentication/strategies/github.ex @@ -15,10 +15,6 @@ defmodule AshAuthentication.Strategy.Github do See the [GitHub quickstart guide](/documentation/tutorials/github-quickstart.html) for more information. - - ## DSL Documentation - - #{Spark.Dsl.Extension.doc_entity(Dsl.dsl())} """ alias AshAuthentication.Strategy.{Custom, OAuth2} diff --git a/lib/ash_authentication/strategies/github/dsl.ex b/lib/ash_authentication/strategies/github/dsl.ex index 82c8d74c..b503f5ed 100644 --- a/lib/ash_authentication/strategies/github/dsl.ex +++ b/lib/ash_authentication/strategies/github/dsl.ex @@ -22,8 +22,6 @@ defmodule AshAuthentication.Strategy.Github.Dsl do #### Strategy defaults: #{strategy_override_docs(Assent.Strategy.Github)} - - #### Schema: """, auto_set_fields: strategy_fields(Assent.Strategy.Github, icon: :github) }) diff --git a/lib/ash_authentication/strategies/google.ex b/lib/ash_authentication/strategies/google.ex index 868f439d..3b398ec8 100644 --- a/lib/ash_authentication/strategies/google.ex +++ b/lib/ash_authentication/strategies/google.ex @@ -16,10 +16,6 @@ defmodule AshAuthentication.Strategy.Google do See the [Google OAuth 2.0 Overview](https://developers.google.com/identity/protocols/oauth2) for Google setup details. - - ## DSL Documentation - - #{Spark.Dsl.Extension.doc_entity(Dsl.dsl())} """ alias AshAuthentication.Strategy.{Custom, OAuth2} diff --git a/lib/ash_authentication/strategies/google/dsl.ex b/lib/ash_authentication/strategies/google/dsl.ex index db303132..dd9f9847 100644 --- a/lib/ash_authentication/strategies/google/dsl.ex +++ b/lib/ash_authentication/strategies/google/dsl.ex @@ -22,8 +22,6 @@ defmodule AshAuthentication.Strategy.Google.Dsl do #### Strategy defaults: #{strategy_override_docs(Assent.Strategy.Google)} - - #### Schema: """, auto_set_fields: strategy_fields(Assent.Strategy.Google, icon: :google) }) diff --git a/lib/ash_authentication/strategies/magic_link.ex b/lib/ash_authentication/strategies/magic_link.ex index ffaf75dd..2af88301 100644 --- a/lib/ash_authentication/strategies/magic_link.ex +++ b/lib/ash_authentication/strategies/magic_link.ex @@ -94,10 +94,6 @@ defmodule AshAuthentication.Strategy.MagicLink do ...> {_conn, {:ok, signed_in_user}} = Plug.Helpers.get_authentication_result(conn) ...> signed_in_user.id == user.id true - - ## DSL Documentation - - #{Spark.Dsl.Extension.doc_entity(Dsl.dsl())} """ defstruct identity_field: :username, diff --git a/lib/ash_authentication/strategies/magic_link/dsl.ex b/lib/ash_authentication/strategies/magic_link/dsl.ex index 28db1075..5f04c6b1 100644 --- a/lib/ash_authentication/strategies/magic_link/dsl.ex +++ b/lib/ash_authentication/strategies/magic_link/dsl.ex @@ -21,11 +21,8 @@ defmodule AshAuthentication.Strategy.MagicLink.Dsl do ], identity_field: [ type: :atom, - doc: """ - The name of the attribute which uniquely identifies the user. - - Usually something like `username` or `email_address`. - """, + doc: + "The name of the attribute which uniquely identifies the user, usually something like `username` or `email_address`.", default: :username ], token_lifetime: [ @@ -35,21 +32,13 @@ defmodule AshAuthentication.Strategy.MagicLink.Dsl do :pos_integer, {:tuple, [:pos_integer, {:in, [:days, :hours, :minutes, :seconds]}]} ]}, - doc: """ - How long the sign in token is valid. - - If no unit is provided, then `minutes` is assumed. - """, + doc: + "How long the sign in token is valid. If no unit is provided, then `minutes` is assumed.", default: {10, :minutes} ], request_action_name: [ type: :atom, - doc: """ - The name to use for the request action. - - If not present it will be generated by prepending the strategy name - with `request_`. - """, + doc: "The name to use for the request action. Defaults to `request_`", required: false ], single_use_token?: [ @@ -61,12 +50,8 @@ defmodule AshAuthentication.Strategy.MagicLink.Dsl do ], sign_in_action_name: [ type: :atom, - doc: """ - The name to use for the sign in action. - - If not present it will be generated by prepending the strategy name - with `sign_in_with_`. - """, + doc: + "The name to use for the sign in action. Defaults to `sign_in_with_`", required: false ], token_param_name: [ @@ -81,15 +66,7 @@ defmodule AshAuthentication.Strategy.MagicLink.Dsl do type: {:spark_function_behaviour, AshAuthentication.Sender, {AshAuthentication.SenderFunction, 3}}, - doc: """ - How to send the magic link to the user. - - Allows you to glue sending of magic links to [swoosh](https://hex.pm/packages/swoosh), [ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification system is appropriate for your application. - - Accepts a module, module and opts, or a function that takes a record, reset token and options. - - See `AshAuthentication.Sender` for more information. - """, + doc: "How to send the magic link to the user.", required: true ] ] diff --git a/lib/ash_authentication/strategies/oauth2.ex b/lib/ash_authentication/strategies/oauth2.ex index 5b983b9f..2f8ebe69 100644 --- a/lib/ash_authentication/strategies/oauth2.ex +++ b/lib/ash_authentication/strategies/oauth2.ex @@ -215,11 +215,6 @@ defmodule AshAuthentication.Strategy.OAuth2 do authentication provider for authentication. 2. The callback phase, where the provider redirects the user back to your app to create a local database record, session, etc. - - - ## DSL Documentation - - #{Spark.Dsl.Extension.doc_entity(Dsl.dsl())} """ @struct_fields [ diff --git a/lib/ash_authentication/strategies/oauth2/dsl.ex b/lib/ash_authentication/strategies/oauth2/dsl.ex index f0e916e7..40f46983 100644 --- a/lib/ash_authentication/strategies/oauth2/dsl.ex +++ b/lib/ash_authentication/strategies/oauth2/dsl.ex @@ -39,41 +39,13 @@ defmodule AshAuthentication.Strategy.OAuth2.Dsl do ], client_id: [ type: secret_type, - doc: """ - The OAuth2 client ID. - - #{secret_doc} - - Example: - - ```elixir - client_id fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_client_id) - end - ``` - """, + doc: "The OAuth2 client ID. #{secret_doc}", required: true ], base_url: [ type: secret_type, - doc: """ - The base URL of the OAuth2 server - including the leading protocol - (ie `https://`). - - #{secret_doc} - - Example: - - ```elixir - base_url fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) - end - ``` - """, + doc: + "The base URL of the OAuth2 server - including the leading protocol (ie `https://`). #{secret_doc}", required: false ], site: [ @@ -91,188 +63,73 @@ defmodule AshAuthentication.Strategy.OAuth2.Dsl do :client_secret_jwt, :private_key_jwt ]}, - doc: """ - The authentication strategy used, optional. If not set, no - authentication will be used during the access token request. The - value may be one of the following: - - * `:client_secret_basic` - * `:client_secret_post` - * `:client_secret_jwt` - * `:private_key_jwt` - """, + doc: + "The authentication strategy used, optional. If not set, no authentication will be used during the access token request.", default: :client_secret_post ], client_secret: [ type: secret_type, - doc: """ - The OAuth2 client secret. - - Required if :auth_method is `:client_secret_basic`, - `:client_secret_post` or `:client_secret_jwt`. - - #{secret_doc} - - Example: - - ```elixir - site fn _, resource -> - :my_app - |> Application.get_env(resource, []) - |> Keyword.fetch(:oauth_site) - end - ``` - """, + doc: + "The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. #{secret_doc}", required: false ], authorize_url: [ type: secret_type, - doc: """ - The API url to the OAuth2 authorize endpoint. - - Relative to the value of `site`. - - #{secret_doc} - - Example: - - ```elixir - authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end - ``` - """, + doc: + "The API url to the OAuth2 authorize endpoint, relative to `site`, e.g `authorize_url fn _, _ -> {:ok, \"https://exampe.com/authorize\"} end`. #{secret_doc}", required: true ], token_url: [ type: secret_type, - doc: """ - The API url to access the token endpoint. - - Relative to the value of `site`. - - #{secret_doc} - - Example: - - ```elixir - token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end - ``` - """, + doc: + "The API url to access the token endpoint, relative to `site`, e.g `token_url fn _, _ -> {:ok, \"https://example.com/oauth_token\"} end`. #{secret_doc}", required: true ], user_url: [ type: secret_type, - doc: """ - The API url to access the user endpoint. - - Relative to the value of `site`. - - #{secret_doc} - - Example: - - ```elixir - user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end - ``` - """, + doc: + "The API url to access the user endpoint, relative to `site`, e.g `user_url fn _, _ -> {:ok, \"https://example.com/userinfo\"} end`. #{secret_doc}", required: true ], private_key: [ type: secret_type, - doc: """ - The private key to use if `:auth_method` is `:private_key_jwt` - - #{secret_doc} - """, + doc: "The private key to use if `:auth_method` is `:private_key_jwt`. #{secret_doc}", required: false ], redirect_uri: [ type: secret_type, - doc: """ - The callback URI base. - - Not the whole URI back to the callback endpoint, but the URI to your - `AuthPlug`. We can generate the rest. - - Whilst not particularly secret, it seemed prudent to allow this to be - configured dynamically so that you can use different URIs for - different environments. - - #{secret_doc} - """, + doc: + "The callback URI *base*. Not the whole URI back to the callback endpoint, but the URI to your `AuthPlug`. #{secret_doc}", required: true ], authorization_params: [ type: :keyword_list, - doc: """ - Any additional parameters to encode in the request phase. - - eg: `authorization_params scope: "openid profile email"` - """, + doc: + "Any additional parameters to encode in the request phase. eg: `authorization_params scope: \"openid profile email\"`", default: [] ], registration_enabled?: [ type: :boolean, - doc: """ - Is registration enabled for this provider? - - If this option is enabled, then new users will be able to register for - your site when authenticating and not already present. - - If not, then only existing users will be able to authenticate. - """, + doc: + "If enabled, new users will be able to register for your site when authenticating and not already present. If not, only existing users will be able to authenticate.", default: true ], register_action_name: [ type: :atom, - doc: ~S""" - The name of the action to use to register a user. - - Only needed if `registration_enabled?` is `true`. - - Because we we don't know the response format of the server, you must - implement your own registration action of the same name. - - See the "Registration and Sign-in" section of the module - documentation for more information. - - The default is computed from the strategy name eg: - `register_with_#{name}`. - """, + doc: + "The name of the action to use to register a user, if `registration_enabled?` is `true`. Defaults to `register_with_` See the \"Registration and Sign-in\" section of the strategy docs for more.", required: false ], sign_in_action_name: [ type: :atom, - doc: ~S""" - The name of the action to use to sign in an existing user. - - Only needed if `registration_enabled?` is `false`. - - Because we don't know the response format of the server, you must - implement your own sign-in action of the same name. - - See the "Registration and Sign-in" section of the module - documentation for more information. - - The default is computed from the strategy name, eg: - `sign_in_with_#{name}`. - """, + doc: + "The name of the action to use to sign in an existing user, if `sign_in_enabled?` is `true`. Defaults to `sign_in_with_`, which is generated for you by default. See the \"Registration and Sign-in\" section of the strategy docs for more information.", required: false ], identity_resource: [ type: {:or, [{:behaviour, Ash.Resource}, {:in, [false]}]}, - doc: """ - The resource used to store user identities. - - Given that a user can be signed into multiple different - authentication providers at once we use the - `AshAuthentication.UserIdentity` resource to build a mapping - between users, providers and that provider's uid. - - See the Identities section of the module documentation for more - information. - - Set to `false` to disable. - """, + doc: + "The resource used to store user identities, or `false` to disable. See the User Identities section of the strategy docs for more.", default: false ], identity_relationship_name: [ @@ -282,22 +139,14 @@ defmodule AshAuthentication.Strategy.OAuth2.Dsl do ], identity_relationship_user_id_attribute: [ type: :atom, - doc: """ - The name of the destination (user_id) attribute on your provider - identity resource. - - The only reason to change this would be if you changed the - `user_id_attribute_name` option of the provider identity. - """, + doc: + "The name of the destination (user_id) attribute on your provider identity resource. Only necessary if you've changed the `user_id_attribute_name` option of the provider identity.", default: :user_id ], icon: [ type: :atom, - doc: """ - The name of an icon to use in any potential UI. - - This is a *hint* for UI generators to use, and not in any way canonical. - """, + doc: + " The name of an icon to use in any potential UI. This is a *hint* for UI generators to use, and not in any way canonical.", required: false, default: :oauth2 ] diff --git a/lib/ash_authentication/strategies/oidc.ex b/lib/ash_authentication/strategies/oidc.ex index a1f3c810..965f5a1c 100644 --- a/lib/ash_authentication/strategies/oidc.ex +++ b/lib/ash_authentication/strategies/oidc.ex @@ -46,10 +46,6 @@ defmodule AshAuthentication.Strategy.Oidc do AshAuthentication will dynamically generate one for the session if `nonce` is set to `true`. - - ## DSL Documentation - - #{Spark.Dsl.Extension.doc_entity(Dsl.dsl())} """ alias AshAuthentication.Strategy.{Custom, Oidc} diff --git a/lib/ash_authentication/strategies/oidc/dsl.ex b/lib/ash_authentication/strategies/oidc/dsl.ex index bc654280..20df2ef9 100644 --- a/lib/ash_authentication/strategies/oidc/dsl.ex +++ b/lib/ash_authentication/strategies/oidc/dsl.ex @@ -15,8 +15,6 @@ defmodule AshAuthentication.Strategy.Oidc.Dsl do This strategy is built using the `:oauth2` strategy, and thus provides all the same configuration options should you need them. - - #### Schema: """, auto_set_fields: [assent_strategy: Assent.Strategy.OIDC, icon: :oidc], schema: patch_schema() @@ -43,11 +41,8 @@ defmodule AshAuthentication.Strategy.Oidc.Dsl do ], openid_configuration: [ type: :map, - doc: """ - The OpenID configuration. - - If not set, the configuration will be retrieved from `openid_configuration_uri`. - """, + doc: + "The OpenID configuration. If not set, the configuration will be retrieved from `openid_configuration_uri`.", required: false, default: %{} ], @@ -69,25 +64,8 @@ defmodule AshAuthentication.Strategy.Oidc.Dsl do ], nonce: [ type: {:or, [:boolean, AshAuthentication.Dsl.secret_type()]}, - doc: """ - A function for generating the session nonce. - - When set to `true` the nonce will be automatically generated using - `AshAuthentication.Strategy.Oidc.NonceGenerator`. Set to `false` - to explicitly disable. - - #{AshAuthentication.Dsl.secret_doc()} - - Example: - - ```elixir - nonce fn _, _ -> - 16 - |> :crypto.strong_rand_bytes() - |> Base.encode64(padding: false) - end - ``` - """, + doc: + "A function for generating the session nonce, `true` to automatically generate it with `AshAuthetnication.Strategy.Oidc.NonceGenerator`, or `false` to disable.", default: true, required: false ], diff --git a/lib/ash_authentication/strategies/password.ex b/lib/ash_authentication/strategies/password.ex index 00836069..f545a9ab 100644 --- a/lib/ash_authentication/strategies/password.ex +++ b/lib/ash_authentication/strategies/password.ex @@ -93,10 +93,6 @@ defmodule AshAuthentication.Strategy.Password do ## Testing See the [Testing guide](/documentation/topics/testing.md) for tips on testing resources using this strategy. - - ## DSL Documentation - - #{Spark.Dsl.Extension.doc_entity(Dsl.dsl())} """ defstruct confirmation_required?: false, diff --git a/lib/ash_authentication/strategies/password/dsl.ex b/lib/ash_authentication/strategies/password/dsl.ex index 07c3facc..bfafeac7 100644 --- a/lib/ash_authentication/strategies/password/dsl.ex +++ b/lib/ash_authentication/strategies/password/dsl.ex @@ -39,38 +39,27 @@ defmodule AshAuthentication.Strategy.Password.Dsl do ], identity_field: [ type: :atom, - doc: """ - The name of the attribute which uniquely identifies the user. - - Usually something like `username` or `email_address`. - """, + doc: + "The name of the attribute which uniquely identifies the user, usually something like `username` or `email_address`.", default: :username ], hashed_password_field: [ type: :atom, - doc: """ - The name of the attribute within which to store the user's password - once it has been hashed. - """, + doc: + "The name of the attribute within which to store the user's password once it has been hashed.", default: :hashed_password ], hash_provider: [ type: {:behaviour, AshAuthentication.HashProvider}, - doc: """ - A module which implements the `AshAuthentication.HashProvider` - behaviour. - - Used to provide cryptographic hashing of passwords. - """, + doc: + "A module which implements the `AshAuthentication.HashProvider` behaviour, to provide cryptographic hashing of passwords.", default: AshAuthentication.BcryptProvider ], confirmation_required?: [ type: :boolean, required: false, - doc: """ - Whether a password confirmation field is required when registering or - changing passwords. - """, + doc: + "Whether a password confirmation field is required when registering or changing passwords.", default: true ], register_action_accept: [ @@ -80,71 +69,47 @@ defmodule AshAuthentication.Strategy.Password.Dsl do ], password_field: [ type: :atom, - doc: """ - The name of the argument used to collect the user's password in - plaintext when registering, checking or changing passwords. - """, + doc: + "The name of the argument used to collect the user's password in plaintext when registering, checking or changing passwords.", default: :password ], password_confirmation_field: [ type: :atom, doc: """ - The name of the argument used to confirm the user's password in - plaintext when registering or changing passwords. + The name of the argument used to confirm the user's password in plaintext when registering or changing passwords. """, default: :password_confirmation ], register_action_name: [ type: :atom, - doc: """ - The name to use for the register action. - - If not present it will be generated by prepending the strategy name - with `register_with_`. - """, + doc: + "The name to use for the register action. Defaults to `register_with_`", required: false ], registration_enabled?: [ type: :boolean, - doc: """ - If you do not want new users to be able to register using this - strategy, set this to false. - """, + doc: + "If you do not want new users to be able to register using this strategy, set this to false.", required: false, default: true ], sign_in_action_name: [ type: :atom, - doc: """ - The name to use for the sign in action. - - If not present it will be generated by prepending the strategy name - with `sign_in_with_`. - """, + doc: + "The name to use for the sign in action. Defaults to `sign_in_with_`", required: false ], sign_in_enabled?: [ type: :boolean, - doc: """ - If you do not want new users to be able to sign in using this - strategy, set this to false. - """, + doc: + "If you do not want new users to be able to sign in using this strategy, set this to false.", required: false, default: true ], sign_in_tokens_enabled?: [ type: :boolean, - doc: """ - Whether or not to support generating short lived sign in tokens. Requires the resource to have - tokens enabled. There is no drawback to supporting this, and in the future this default will - change from `false` to `true`. - - Sign in tokens can be generated on request by setting the `:token_type` context to `:sign_in` - when calling the sign in action. You might do this when you need to generate a short lived token - to be exchanged for a real token using the `validate_sign_in_token` route. This is used, for example, - by `ash_authentication_phoenix` (since 1.7) to support signing in in a liveview, and then redirecting - with a valid token to a controller action, allowing the liveview to show invalid username/password errors. - """, + doc: + "Whether or not to support generating short lived sign in tokens. Requires the resource to have tokens enabled. There is no drawback to supporting this, and in the future this default will change from `false` to `true`.", required: false, default: false ], @@ -156,11 +121,8 @@ defmodule AshAuthentication.Strategy.Password.Dsl do {:tuple, [:pos_integer, {:in, [:days, :hours, :minutes, :seconds]}]} ]}, default: {60, :seconds}, - doc: """ - A lifetime for which a generated sign in token will be valid, if `sign_in_tokens_enabled?`. - - If no unit is specified, defaults to `:seconds`. - """ + doc: + "A lifetime for which a generated sign in token will be valid, if `sign_in_tokens_enabled?`. Unit defaults to `:seconds`." ] ], entities: [ @@ -177,49 +139,27 @@ defmodule AshAuthentication.Strategy.Password.Dsl do :pos_integer, {:tuple, [:pos_integer, {:in, [:days, :hours, :minutes, :seconds]}]} ]}, - doc: """ - How long should the reset token be valid. - - If no unit is provided `:hours` is assumed. - - Defaults to #{@default_token_lifetime_days} days. - """, + doc: + "How long should the reset token be valid. If no unit is provided `:hours` is assumed.", default: {@default_token_lifetime_days, :days} ], request_password_reset_action_name: [ type: :atom, - doc: """ - The name to use for the action which generates a password reset token. - - If not present it will be generated by prepending the strategy name - with `request_password_reset_with_`. - """, + doc: + "The name to use for the action which generates a password reset token. Defaults to `request_password_reset_with_`.", required: false ], password_reset_action_name: [ type: :atom, - doc: """ - The name to use for the action which actually resets the user's - password. - - If not present it will be generated by prepending the strategy name - with `password_reset_with_`. - """, + doc: + "The name to use for the action which actually resets the user's password. Defaults to `password_reset_with_`.", required: false ], sender: [ type: {:spark_function_behaviour, AshAuthentication.Sender, {AshAuthentication.SenderFunction, 3}}, - doc: """ - How to send the password reset instructions to the user. - - Allows you to glue sending of reset instructions to [swoosh](https://hex.pm/packages/swoosh), [ex_twilio](https://hex.pm/packages/ex_twilio) or whatever notification system is appropriate for your application. - - Accepts a module, module and opts, or a function that takes a record, reset token and options. - - See `AshAuthentication.Sender` for more information. - """, + doc: "The sender to use when sending password reset instructions.", required: true ] ] diff --git a/lib/ash_authentication/token_resource.ex b/lib/ash_authentication/token_resource.ex index 8a8a3c5f..594e39c9 100644 --- a/lib/ash_authentication/token_resource.ex +++ b/lib/ash_authentication/token_resource.ex @@ -23,38 +23,25 @@ defmodule AshAuthentication.TokenResource do ], read_expired_action_name: [ type: :atom, - doc: """ - The name of the action use to find all expired tokens. - - Used internally by the `expunge_expired` action. - """, + doc: "The name of the action use to find all expired tokens.", default: :read_expired ], expunge_interval: [ type: :pos_integer, - doc: """ - How often to remove expired records. - - How often to scan this resource for records which have expired, and thus can be removed. - """, + doc: + "How often to scan this resource for records which have expired, and thus can be removed.", default: @default_expunge_interval_hrs ], store_token_action_name: [ type: :atom, - doc: """ - The name of the action to use to store a token. - - Used if `store_all_tokens?` is enabled in your authentication resource. - """, + doc: + "The name of the action to use to store a token, if `require_tokens_for_authentication?` is enabled in your authentication resource.", default: :store_token ], get_token_action_name: [ type: :atom, - doc: """ - The name of the action used to retrieve tokens from the store. - - Used if `require_token_presence_for_authentication?` is enabled in your authentication resource. - """, + doc: + "The name of the action used to retrieve tokens from the store, if `require_tokens_for_authentication?` is enabled in your authentication resource.", default: :get_token ] ], diff --git a/mix.exs b/mix.exs index c2d4c549..93a91f88 100644 --- a/mix.exs +++ b/mix.exs @@ -24,8 +24,38 @@ defmodule AshAuthentication.MixProject do ], docs: [ main: "readme", - extras: extra_documentation(), - groups_for_extras: extra_documentation_groups(), + extras: [ + {"README.md", name: "READ ME"}, + "documentation/tutorials/getting-started-with-authentication.md", + "documentation/tutorials/auth0-quickstart.md", + "documentation/tutorials/github-quickstart.md", + "documentation/tutorials/google-quickstart.md", + "documentation/tutorials/integrating-ash-authentication-and-phoenix.md", + "documentation/tutorials/magic-links-quickstart.md", + "documentation/topics/custom-strategy.md", + "documentation/topics/policies-on-authentication-resources.md", + "documentation/topics/testing.md", + "documentation/topics/tokens.md", + "documentation/topics/confirmation.md", + "documentation/topics/upgrading.md", + "documentation/dsls/DSL:-AshAuthentication.md", + "documentation/dsls/DSL:-AshAuthentication.AddOn.Confirmation.md", + "documentation/dsls/DSL:-AshAuthentication.Strategy.Auth0.md", + "documentation/dsls/DSL:-AshAuthentication.Strategy.Github.md", + "documentation/dsls/DSL:-AshAuthentication.Strategy.Google.md", + "documentation/dsls/DSL:-AshAuthentication.Strategy.MagicLink.md", + "documentation/dsls/DSL:-AshAuthentication.Strategy.OAuth2.md", + "documentation/dsls/DSL:-AshAuthentication.Strategy.Oidc.md", + "documentation/dsls/DSL:-AshAuthentication.Strategy.Password.md", + "documentation/dsls/DSL:-AshAuthentication.TokenResource.md", + "documentation/dsls/DSL:-AshAuthentication.UserIdentity.md" + ], + groups_for_extras: [ + Tutorials: ~r'documentation/tutorials', + "How To": ~r'documentation/how_to', + Topics: ~r'documentation/topics', + DSLs: ~r'documentation/dsls' + ], extra_section: "GUIDES", formatters: ["html"], before_closing_head_tag: fn type -> @@ -46,69 +76,11 @@ defmodule AshAuthentication.MixProject do filter_modules: ~r/^Elixir.AshAuthentication/, source_url_pattern: "https://github.com/team-alembic/ash_authentication/blob/main/%{path}#L%{line}", - spark: [ - extensions: [ - %{ - module: AshAuthentication, - name: "Authentication", - target: "Ash.Resource", - type: "Authentication" - }, - %{ - module: AshAuthentication.TokenResource, - name: "Token Resource", - target: "Ash.Resource", - type: "Token" - }, - %{ - module: AshAuthentication.UserIdentity, - name: "User Identity", - target: "Ash.Resource", - type: "User identity" - }, - %{ - module: AshAuthentication.Strategy.MagicLink, - name: "Magic Link", - target: "Ash.Resource", - type: "Authentication Strategy" - }, - %{ - module: AshAuthentication.AddOn.Confirmation, - name: "Confirmation", - target: "Ash.Resource", - type: "Authentication Add On" - }, - %{ - module: AshAuthentication.Strategy.Auth0, - name: "Auth0", - target: "Ash.Resource", - type: "Authentication Strategy" - }, - %{ - module: AshAuthentication.Strategy.Github, - name: "Github", - target: "Ash.Resource", - type: "Authentication Strategy" - }, - %{ - module: AshAuthentication.Strategy.Google, - name: "Google", - target: "Ash.Resource", - type: "Authentication Strategy" - }, - %{ - module: AshAuthentication.Strategy.OAuth2, - name: "OAuth2", - target: "Ash.Resource", - type: "Authentication Strategy" - }, - %{ - module: AshAuthentication.Strategy.Password, - name: "Password", - target: "Ash.Resource", - type: "Authentication Strategy" - } - ] + nest_modules_by_prefix: [ + AshAuthentication.Strategy, + AshAuthentication.AddOn, + AshAuthentication.Plug, + AshAuthentication.Validations ], groups_for_modules: [ Extensions: [ @@ -125,6 +97,9 @@ defmodule AshAuthentication.MixProject do AshAuthentication.Strategy.OAuth2, AshAuthentication.Strategy.Password ], + CustomStrategies: [ + ~r/AshAuthentication.Strategy.Custom/ + ], "Add ons": [ AshAuthentication.AddOn.Confirmation ], @@ -133,58 +108,40 @@ defmodule AshAuthentication.MixProject do AshAuthentication.BcryptProvider, AshAuthentication.Jwt ], - Plug: ~r/^AshAuthentication\.Plug.*/, - Internals: ~r/^AshAuthentication.*/ + Introspection: [ + AshAuthentication.Info, + AshAuthentication.TokenResource.Info, + AshAuthentication.UserIdentity.Info + ], + Utilities: [ + AshAuthentication.Debug, + AshAuthentication.Secret, + AshAuthentication.Sender, + AshAuthentication.Supervisor, + ~r/.*Actions$/, + AshAuthentication.Strategy.Password.Actions, + AshAuthentication.TokenResource.Expunger + ], + Plugs: [~r/^AshAuthentication\.Plug.*/, AshAuthentication.Strategy.MagicLink.Plug], + "Reusable Components": [ + AshAuthentication.GenerateTokenChange, + AshAuthentication.Strategy.Password.HashPasswordChange, + AshAuthentication.Strategy.Password.PasswordConfirmationValidation, + AshAuthentication.Strategy.Password.PasswordValidation, + AshAuthentication.Checks.AshAuthenticationInteraction, + AshAuthentication.Password.Plug, + ~r/AshAuthentication.Validations/ + ], + Errors: ~r/AshAuthentication.Errors/, + "DSL Transformers": [ + ~r/Transformer/, + ~r/Verifier/ + ] ] ] ] end - defp extra_documentation do - ["README.md"] - |> Enum.concat(Path.wildcard("documentation/**/*.{md,livemd,cheatmd}")) - |> Enum.map(fn - "README.md" -> - {:"README.md", title: "Read Me", ash_hq?: false} - - "documentation/tutorials/integrating-ash-authentication-and-phoenix.md" = name -> - {String.to_atom(name), ash_hq?: false} - - "documentation/tutorials/" <> _ = path -> - {String.to_atom(path), []} - - "documentation/topics/" <> _ = path -> - {String.to_atom(path), []} - - "documentation/dsls/" <> _ = path -> - {String.to_atom(path), []} - end) - end - - defp extra_documentation_groups do - "documentation/*" - |> Path.wildcard() - |> Enum.map(fn dir -> - name = - dir - |> Path.basename() - |> String.split(~r/_+/) - |> Enum.join(" ") - |> capitalize() - - {name, dir |> Path.join("**") |> Path.wildcard()} - end) - end - - defp capitalize(string) do - string - |> String.split(" ") - |> Enum.map(fn string -> - [hd | tail] = String.graphemes(string) - String.capitalize(hd) <> Enum.join(tail) - end) - end - def package do [ maintainers: [ diff --git a/mix.lock b/mix.lock index bd1a3ee4..1bf4a6c9 100644 --- a/mix.lock +++ b/mix.lock @@ -1,7 +1,7 @@ %{ "absinthe": {:hex, :absinthe, "1.7.6", "0b897365f98d068cfcb4533c0200a8e58825a4aeeae6ec33633ebed6de11773b", [:mix], [{:dataloader, "~> 1.0.0 or ~> 2.0", [hex: :dataloader, repo: "hexpm", optional: true]}, {:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}, {:nimble_parsec, "~> 1.2.2 or ~> 1.3", [hex: :nimble_parsec, repo: "hexpm", optional: false]}, {:opentelemetry_process_propagator, "~> 0.2.1", [hex: :opentelemetry_process_propagator, repo: "hexpm", optional: true]}, {:telemetry, "~> 1.0 or ~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "e7626951ca5eec627da960615b51009f3a774765406ff02722b1d818f17e5778"}, "absinthe_plug": {:hex, :absinthe_plug, "1.5.8", "38d230641ba9dca8f72f1fed2dfc8abd53b3907d1996363da32434ab6ee5d6ab", [:mix], [{:absinthe, "~> 1.5", [hex: :absinthe, repo: "hexpm", optional: false]}, {:plug, "~> 1.4", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "bbb04176647b735828861e7b2705465e53e2cf54ccf5a73ddd1ebd855f996e5a"}, - "ash": {:hex, :ash, "2.17.20", "8b201335fac2f9ec8eb89c71c7c9007d11a09089dd82aa070ed4214c7ae02400", [:mix], [{:comparable, "~> 1.0", [hex: :comparable, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: false]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:spark, ">= 1.1.50 and < 2.0.0-0", [hex: :spark, repo: "hexpm", optional: false]}, {:stream_data, "~> 0.6", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "c89da37cf7464803b09cdd6f20c0b944764ea124b782cdfc72eeb9ac43a11445"}, + "ash": {:hex, :ash, "2.18.1", "d6abf51a38f0aff3448743fe2cc4a07a1104d55934fd1bf06183f6ebef0c85df", [:mix], [{:comparable, "~> 1.0", [hex: :comparable, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: false]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:spark, ">= 1.1.50 and < 2.0.0-0", [hex: :spark, repo: "hexpm", optional: false]}, {:stream_data, "~> 0.6", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "0dda3a3bdfb0dd24ea12acc9914bd8b6c6f965ec19c1655af7a59b1e7c3b8cf2"}, "ash_graphql": {:hex, :ash_graphql, "0.26.8", "ca0af0d267d3cb8e7d1cf006b132f7120f7635b54187c7e150c373a652bff09f", [:mix], [{:absinthe, "~> 1.7", [hex: :absinthe, repo: "hexpm", optional: false]}, {:absinthe_plug, "~> 1.4", [hex: :absinthe_plug, repo: "hexpm", optional: false]}, {:ash, "~> 2.17", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.2", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "dfb0a6b9840715b77fce4b95e0e820133706de76c6b1f9bafc16fa9889e7e739"}, "ash_json_api": {:hex, :ash_json_api, "0.34.1", "6abe0369087b051956996233d0a9524b29ae74d16a7ffa37c8835f2e4f29a95b", [:mix], [{:ash, ">= 2.9.24 and < 3.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:json_xema, "~> 0.4.0", [hex: :json_xema, repo: "hexpm", optional: false]}, {:open_api_spex, "~> 3.16", [hex: :open_api_spex, repo: "hexpm", optional: true]}, {:plug, "~> 1.11", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "f48bf65dada604d5e876af63ba2d587d0bfff618f0bccf7774487301b3b3d43f"}, "ash_postgres": {:hex, :ash_postgres, "1.3.68", "acad35de4111fd237d57718593cd5c30a624f5b7cb6686d179e0b6087d70f21f", [:mix], [{:ash, ">= 2.17.20 and < 3.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:ecto, "~> 3.9", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.9", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, ">= 0.0.0", [hex: :postgrex, repo: "hexpm", optional: false]}], "hexpm", "09c5ba51281dba15bde99ada573985d22f12cda76cce4b2ff63fc5f59707d061"}, @@ -21,14 +21,14 @@ "dialyxir": {:hex, :dialyxir, "1.4.3", "edd0124f358f0b9e95bfe53a9fcf806d615d8f838e2202a9f430d59566b6b53b", [:mix], [{:erlex, ">= 0.2.6", [hex: :erlex, repo: "hexpm", optional: false]}], "hexpm", "bf2cfb75cd5c5006bec30141b131663299c661a864ec7fbbc72dfa557487a986"}, "doctor": {:hex, :doctor, "0.21.0", "20ef89355c67778e206225fe74913e96141c4d001cb04efdeba1a2a9704f1ab5", [:mix], [{:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}], "hexpm", "a227831daa79784eb24cdeedfa403c46a4cb7d0eab0e31232ec654314447e4e0"}, "earmark": {:hex, :earmark, "1.4.46", "8c7287bd3137e99d26ae4643e5b7ef2129a260e3dcf41f251750cb4563c8fb81", [:mix], [], "hexpm", "798d86db3d79964e759ddc0c077d5eb254968ed426399fbf5a62de2b5ff8910a"}, - "earmark_parser": {:hex, :earmark_parser, "1.4.36", "487ea8ef9bdc659f085e6e654f3c3feea1d36ac3943edf9d2ef6c98de9174c13", [:mix], [], "hexpm", "a524e395634bdcf60a616efe77fd79561bec2e930d8b82745df06ab4e844400a"}, + "earmark_parser": {:hex, :earmark_parser, "1.4.39", "424642f8335b05bb9eb611aa1564c148a8ee35c9c8a8bba6e129d51a3e3c6769", [:mix], [], "hexpm", "06553a88d1f1846da9ef066b87b57c6f605552cfbe40d20bd8d59cc6bde41944"}, "ecto": {:hex, :ecto, "3.11.1", "4b4972b717e7ca83d30121b12998f5fcdc62ba0ed4f20fd390f16f3270d85c3e", [:mix], [{:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "ebd3d3772cd0dfcd8d772659e41ed527c28b2a8bde4b00fe03e0463da0f1983b"}, "ecto_sql": {:hex, :ecto_sql, "3.11.1", "e9abf28ae27ef3916b43545f9578b4750956ccea444853606472089e7d169470", [:mix], [{:db_connection, "~> 2.4.1 or ~> 2.5", [hex: :db_connection, repo: "hexpm", optional: false]}, {:ecto, "~> 3.11.0", [hex: :ecto, repo: "hexpm", optional: false]}, {:myxql, "~> 0.6.0", [hex: :myxql, repo: "hexpm", optional: true]}, {:postgrex, "~> 0.16.0 or ~> 0.17.0 or ~> 1.0", [hex: :postgrex, repo: "hexpm", optional: true]}, {:tds, "~> 2.1.1 or ~> 2.2", [hex: :tds, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4.0 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "ce14063ab3514424276e7e360108ad6c2308f6d88164a076aac8a387e1fea634"}, "elixir_make": {:hex, :elixir_make, "0.7.7", "7128c60c2476019ed978210c245badf08b03dbec4f24d05790ef791da11aa17c", [:mix], [{:castore, "~> 0.1 or ~> 1.0", [hex: :castore, repo: "hexpm", optional: true]}], "hexpm", "5bc19fff950fad52bbe5f211b12db9ec82c6b34a9647da0c2224b8b8464c7e6c"}, "erlex": {:hex, :erlex, "0.2.6", "c7987d15e899c7a2f34f5420d2a2ea0d659682c06ac607572df55a43753aa12e", [:mix], [], "hexpm", "2ed2e25711feb44d52b17d2780eabf998452f6efda104877a3881c2f8c0c0c75"}, "ets": {:hex, :ets, "0.9.0", "79c6a6c205436780486f72d84230c6cba2f8a9920456750ddd1e47389107d5fd", [:mix], [], "hexpm", "2861fdfb04bcaeff370f1a5904eec864f0a56dcfebe5921ea9aadf2a481c822b"}, "ex_check": {:hex, :ex_check, "0.15.0", "074b94c02de11c37bba1ca82ae5cc4926e6ccee862e57a485b6ba60fca2d8dc1", [:mix], [], "hexpm", "33848031a0c7e4209c3b4369ce154019788b5219956220c35ca5474299fb6a0e"}, - "ex_doc": {:git, "https://github.com/elixir-lang/ex_doc.git", "16a8f536d1a0868293a30d63bcff6510bf023de3", []}, + "ex_doc": {:git, "https://github.com/elixir-lang/ex_doc.git", "a663c13478a49d29ae0267b6e45badb803267cf0", []}, "faker": {:hex, :faker, "0.17.0", "671019d0652f63aefd8723b72167ecdb284baf7d47ad3a82a15e9b8a6df5d1fa", [:mix], [], "hexpm", "a7d4ad84a93fd25c5f5303510753789fc2433ff241bf3b4144d3f6f291658a6a"}, "file_system": {:hex, :file_system, "1.0.0", "b689cc7dcee665f774de94b5a832e578bd7963c8e637ef940cd44327db7de2cd", [:mix], [], "hexpm", "6752092d66aec5a10e662aefeed8ddb9531d79db0bc145bb8c40325ca1d8536d"}, "finch": {:hex, :finch, "0.17.0", "17d06e1d44d891d20dbd437335eebe844e2426a0cd7e3a3e220b461127c73f70", [:mix], [{:castore, "~> 0.1 or ~> 1.0", [hex: :castore, repo: "hexpm", optional: false]}, {:mime, "~> 1.0 or ~> 2.0", [hex: :mime, repo: "hexpm", optional: false]}, {:mint, "~> 1.3", [hex: :mint, repo: "hexpm", optional: false]}, {:nimble_options, "~> 0.4 or ~> 1.0", [hex: :nimble_options, repo: "hexpm", optional: false]}, {:nimble_pool, "~> 0.2.6 or ~> 1.0", [hex: :nimble_pool, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "8d014a661bb6a437263d4b5abf0bcbd3cf0deb26b1e8596f2a271d22e48934c7"}, @@ -57,7 +57,7 @@ "ranch": {:hex, :ranch, "1.8.0", "8c7a100a139fd57f17327b6413e4167ac559fbc04ca7448e9be9057311597a1d", [:make, :rebar3], [], "hexpm", "49fbcfd3682fab1f5d109351b61257676da1a2fdbe295904176d5e521a2ddfe5"}, "sobelow": {:hex, :sobelow, "0.13.0", "218afe9075904793f5c64b8837cc356e493d88fddde126a463839351870b8d1e", [:mix], [{:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "cd6e9026b85fc35d7529da14f95e85a078d9dd1907a9097b3ba6ac7ebbe34a0d"}, "sourceror": {:hex, :sourceror, "0.14.1", "c6fb848d55bd34362880da671debc56e77fd722fa13b4dcbeac89a8998fc8b09", [:mix], [], "hexpm", "8b488a219e4c4d7d9ff29d16346fd4a5858085ccdd010e509101e226bbfd8efc"}, - "spark": {:hex, :spark, "1.1.53", "db8a374ef6ada4f38389386bec76b2fa6331d4755308a6e359acad16472e29ea", [:mix], [{:jason, "~> 1.4", [hex: :jason, repo: "hexpm", optional: false]}, {:nimble_options, "~> 0.5 or ~> 1.0", [hex: :nimble_options, repo: "hexpm", optional: false]}, {:sourceror, "~> 0.1", [hex: :sourceror, repo: "hexpm", optional: false]}], "hexpm", "5f8a8e2b4abd2544517bb8d29c28576239254b5979d66d9781b154706c4199dd"}, + "spark": {:hex, :spark, "1.1.54", "54dac39403a2960f738ba5d60678d20b30de7381fb51b787b6bcb6aeabb73d9d", [:mix], [{:jason, "~> 1.4", [hex: :jason, repo: "hexpm", optional: false]}, {:nimble_options, "~> 0.5 or ~> 1.0", [hex: :nimble_options, repo: "hexpm", optional: false]}, {:sourceror, "~> 0.1", [hex: :sourceror, repo: "hexpm", optional: false]}], "hexpm", "abc9a67cfb60a97d2f3c7e270fa968a2ace94f389e2741d406239d237ec6dbb1"}, "stream_data": {:hex, :stream_data, "0.6.0", "e87a9a79d7ec23d10ff83eb025141ef4915eeb09d4491f79e52f2562b73e5f47", [:mix], [], "hexpm", "b92b5031b650ca480ced047578f1d57ea6dd563f5b57464ad274718c9c29501c"}, "telemetry": {:hex, :telemetry, "1.2.1", "68fdfe8d8f05a8428483a97d7aab2f268aaff24b49e0f599faa091f1d4e7f61c", [:rebar3], [], "hexpm", "dad9ce9d8effc621708f99eac538ef1cbe05d6a874dd741de2e689c47feafed5"}, "typable": {:hex, :typable, "0.3.0", "0431e121d124cd26f312123e313d2689b9a5322b15add65d424c07779eaa3ca1", [:mix], [], "hexpm", "880a0797752da1a4c508ac48f94711e04c86156f498065a83d160eef945858f8"}, From c433465330df8bef00d597991160f0b4b890fec6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 13 Jan 2024 18:27:35 +1300 Subject: [PATCH 21/30] chore(deps-dev): Bump ash_json_api from 0.34.1 to 0.34.2 (#545) --- mix.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mix.lock b/mix.lock index 1bf4a6c9..66b97e15 100644 --- a/mix.lock +++ b/mix.lock @@ -3,7 +3,7 @@ "absinthe_plug": {:hex, :absinthe_plug, "1.5.8", "38d230641ba9dca8f72f1fed2dfc8abd53b3907d1996363da32434ab6ee5d6ab", [:mix], [{:absinthe, "~> 1.5", [hex: :absinthe, repo: "hexpm", optional: false]}, {:plug, "~> 1.4", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "bbb04176647b735828861e7b2705465e53e2cf54ccf5a73ddd1ebd855f996e5a"}, "ash": {:hex, :ash, "2.18.1", "d6abf51a38f0aff3448743fe2cc4a07a1104d55934fd1bf06183f6ebef0c85df", [:mix], [{:comparable, "~> 1.0", [hex: :comparable, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: false]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:spark, ">= 1.1.50 and < 2.0.0-0", [hex: :spark, repo: "hexpm", optional: false]}, {:stream_data, "~> 0.6", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "0dda3a3bdfb0dd24ea12acc9914bd8b6c6f965ec19c1655af7a59b1e7c3b8cf2"}, "ash_graphql": {:hex, :ash_graphql, "0.26.8", "ca0af0d267d3cb8e7d1cf006b132f7120f7635b54187c7e150c373a652bff09f", [:mix], [{:absinthe, "~> 1.7", [hex: :absinthe, repo: "hexpm", optional: false]}, {:absinthe_plug, "~> 1.4", [hex: :absinthe_plug, repo: "hexpm", optional: false]}, {:ash, "~> 2.17", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.2", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "dfb0a6b9840715b77fce4b95e0e820133706de76c6b1f9bafc16fa9889e7e739"}, - "ash_json_api": {:hex, :ash_json_api, "0.34.1", "6abe0369087b051956996233d0a9524b29ae74d16a7ffa37c8835f2e4f29a95b", [:mix], [{:ash, ">= 2.9.24 and < 3.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:json_xema, "~> 0.4.0", [hex: :json_xema, repo: "hexpm", optional: false]}, {:open_api_spex, "~> 3.16", [hex: :open_api_spex, repo: "hexpm", optional: true]}, {:plug, "~> 1.11", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "f48bf65dada604d5e876af63ba2d587d0bfff618f0bccf7774487301b3b3d43f"}, + "ash_json_api": {:hex, :ash_json_api, "0.34.2", "21a1f935d1208d7f419f08cb44ae379ffa9919dc4860e6bbc6e7499762986e7e", [:mix], [{:ash, ">= 2.9.24 and < 3.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:json_xema, "~> 0.4.0", [hex: :json_xema, repo: "hexpm", optional: false]}, {:open_api_spex, "~> 3.16", [hex: :open_api_spex, repo: "hexpm", optional: true]}, {:plug, "~> 1.11", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "620658e495ac745807d8eab0e752836f44e1368c98c7beaad5d4c2bd8c286cf4"}, "ash_postgres": {:hex, :ash_postgres, "1.3.68", "acad35de4111fd237d57718593cd5c30a624f5b7cb6686d179e0b6087d70f21f", [:mix], [{:ash, ">= 2.17.20 and < 3.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:ecto, "~> 3.9", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.9", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, ">= 0.0.0", [hex: :postgrex, repo: "hexpm", optional: false]}], "hexpm", "09c5ba51281dba15bde99ada573985d22f12cda76cce4b2ff63fc5f59707d061"}, "assent": {:hex, :assent, "0.2.9", "e3cdbc8f2e4f8d02c4c490ef8c2148bb1bc0d81aa0648f09addc5918d9a1cd5a", [:mix], [{:certifi, ">= 0.0.0", [hex: :certifi, repo: "hexpm", optional: true]}, {:finch, "~> 0.15", [hex: :finch, repo: "hexpm", optional: true]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:jose, "~> 1.8", [hex: :jose, repo: "hexpm", optional: true]}, {:mint, "~> 1.0", [hex: :mint, repo: "hexpm", optional: true]}, {:req, "~> 0.4", [hex: :req, repo: "hexpm", optional: true]}, {:ssl_verify_fun, ">= 0.0.0", [hex: :ssl_verify_fun, repo: "hexpm", optional: true]}], "hexpm", "5f9562bda90bef7bd3f1b9a348520a5631b86c85145346bb7edb8a7ebbad8e86"}, "bcrypt_elixir": {:hex, :bcrypt_elixir, "3.1.0", "0b110a9a6c619b19a7f73fa3004aa11d6e719a67e672d1633dc36b6b2290a0f7", [:make, :mix], [{:comeonin, "~> 5.3", [hex: :comeonin, repo: "hexpm", optional: false]}, {:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "2ad2acb5a8bc049e8d5aa267802631912bb80d5f4110a178ae7999e69dca1bf7"}, From 38533eaac2cb696b9d8515b06f1600ea51202e13 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 13 Jan 2024 18:27:51 +1300 Subject: [PATCH 22/30] chore(deps-dev): Bump mix_audit from 2.1.1 to 2.1.2 (#541) --- mix.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mix.lock b/mix.lock index 66b97e15..fccd3998 100644 --- a/mix.lock +++ b/mix.lock @@ -45,7 +45,7 @@ "mime": {:hex, :mime, "2.0.5", "dc34c8efd439abe6ae0343edbb8556f4d63f178594894720607772a041b04b02", [:mix], [], "hexpm", "da0d64a365c45bc9935cc5c8a7fc5e49a0e0f9932a761c55d6c52b142780a05c"}, "mimic": {:hex, :mimic, "1.7.4", "cd2772ffbc9edefe964bc668bfd4059487fa639a5b7f1cbdf4fd22946505aa4f", [:mix], [], "hexpm", "437c61041ecf8a7fae35763ce89859e4973bb0666e6ce76d75efc789204447c3"}, "mint": {:hex, :mint, "1.5.2", "4805e059f96028948870d23d7783613b7e6b0e2fb4e98d720383852a760067fd", [:mix], [{:castore, "~> 0.1.0 or ~> 1.0", [hex: :castore, repo: "hexpm", optional: true]}, {:hpax, "~> 0.1.1", [hex: :hpax, repo: "hexpm", optional: false]}], "hexpm", "d77d9e9ce4eb35941907f1d3df38d8f750c357865353e21d335bdcdf6d892a02"}, - "mix_audit": {:hex, :mix_audit, "2.1.1", "653aa6d8f291fc4b017aa82bdb79a4017903902ebba57960ef199cbbc8c008a1", [:make, :mix], [{:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:yaml_elixir, "~> 2.9", [hex: :yaml_elixir, repo: "hexpm", optional: false]}], "hexpm", "541990c3ab3a7bb8c4aaa2ce2732a4ae160ad6237e5dcd5ad1564f4f85354db1"}, + "mix_audit": {:hex, :mix_audit, "2.1.2", "6cd5c5e2edbc9298629c85347b39fb3210656e541153826efd0b2a63767f3395", [:make, :mix], [{:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:yaml_elixir, "~> 2.9", [hex: :yaml_elixir, repo: "hexpm", optional: false]}], "hexpm", "68d2f06f96b9c445a23434c9d5f09682866a5b4e90f631829db1c64f140e795b"}, "nimble_options": {:hex, :nimble_options, "1.1.0", "3b31a57ede9cb1502071fade751ab0c7b8dbe75a9a4c2b5bbb0943a690b63172", [:mix], [], "hexpm", "8bbbb3941af3ca9acc7835f5655ea062111c9c27bcac53e004460dfd19008a99"}, "nimble_parsec": {:hex, :nimble_parsec, "1.4.0", "51f9b613ea62cfa97b25ccc2c1b4216e81df970acd8e16e8d1bdc58fef21370d", [:mix], [], "hexpm", "9c565862810fb383e9838c1dd2d7d2c437b3d13b267414ba6af33e50d2d1cf28"}, "nimble_pool": {:hex, :nimble_pool, "1.0.0", "5eb82705d138f4dd4423f69ceb19ac667b3b492ae570c9f5c900bb3d2f50a847", [:mix], [], "hexpm", "80be3b882d2d351882256087078e1b1952a28bf98d0a287be87e4a24a710b67a"}, From b7ac6a00bda7a1b115a80e609584f7a2e6e1636d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 13 Jan 2024 18:46:44 +1300 Subject: [PATCH 23/30] chore(deps-dev): Bump ash_postgres from 1.3.68 to 1.4.0 (#547) --- mix.exs | 2 +- mix.lock | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/mix.exs b/mix.exs index 93a91f88..8d496ba7 100644 --- a/mix.exs +++ b/mix.exs @@ -185,7 +185,7 @@ defmodule AshAuthentication.MixProject do {:absinthe_plug, "~> 1.5", only: [:dev, :test]}, {:ash_graphql, "~> 0.21", only: [:dev, :test]}, {:ash_json_api, "~> 0.30", only: [:dev, :test]}, - {:ash_postgres, "~> 1.3.64", optional: true}, + {:ash_postgres, "~> 1.4.0", optional: true}, {:credo, "~> 1.6", only: [:dev, :test], runtime: false}, {:dialyxir, "~> 1.2", only: [:dev, :test], runtime: false}, {:doctor, "~> 0.18", only: [:dev, :test]}, diff --git a/mix.lock b/mix.lock index fccd3998..7769efa6 100644 --- a/mix.lock +++ b/mix.lock @@ -4,7 +4,7 @@ "ash": {:hex, :ash, "2.18.1", "d6abf51a38f0aff3448743fe2cc4a07a1104d55934fd1bf06183f6ebef0c85df", [:mix], [{:comparable, "~> 1.0", [hex: :comparable, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: false]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:spark, ">= 1.1.50 and < 2.0.0-0", [hex: :spark, repo: "hexpm", optional: false]}, {:stream_data, "~> 0.6", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "0dda3a3bdfb0dd24ea12acc9914bd8b6c6f965ec19c1655af7a59b1e7c3b8cf2"}, "ash_graphql": {:hex, :ash_graphql, "0.26.8", "ca0af0d267d3cb8e7d1cf006b132f7120f7635b54187c7e150c373a652bff09f", [:mix], [{:absinthe, "~> 1.7", [hex: :absinthe, repo: "hexpm", optional: false]}, {:absinthe_plug, "~> 1.4", [hex: :absinthe_plug, repo: "hexpm", optional: false]}, {:ash, "~> 2.17", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.2", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "dfb0a6b9840715b77fce4b95e0e820133706de76c6b1f9bafc16fa9889e7e739"}, "ash_json_api": {:hex, :ash_json_api, "0.34.2", "21a1f935d1208d7f419f08cb44ae379ffa9919dc4860e6bbc6e7499762986e7e", [:mix], [{:ash, ">= 2.9.24 and < 3.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:json_xema, "~> 0.4.0", [hex: :json_xema, repo: "hexpm", optional: false]}, {:open_api_spex, "~> 3.16", [hex: :open_api_spex, repo: "hexpm", optional: true]}, {:plug, "~> 1.11", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "620658e495ac745807d8eab0e752836f44e1368c98c7beaad5d4c2bd8c286cf4"}, - "ash_postgres": {:hex, :ash_postgres, "1.3.68", "acad35de4111fd237d57718593cd5c30a624f5b7cb6686d179e0b6087d70f21f", [:mix], [{:ash, ">= 2.17.20 and < 3.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:ecto, "~> 3.9", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.9", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, ">= 0.0.0", [hex: :postgrex, repo: "hexpm", optional: false]}], "hexpm", "09c5ba51281dba15bde99ada573985d22f12cda76cce4b2ff63fc5f59707d061"}, + "ash_postgres": {:hex, :ash_postgres, "1.4.0", "d5f6f7a3b4f1328524e39743dcfc4a47244f8227ad04a67df1695510d8d69d68", [:mix], [{:ash, "~> 2.18", [hex: :ash, repo: "hexpm", optional: false]}, {:ecto, "~> 3.9", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.9", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, ">= 0.0.0", [hex: :postgrex, repo: "hexpm", optional: false]}], "hexpm", "d962cc60dd05b5139d98d6c06313a905971aad5b4181e1b0e14b908ac8762dc6"}, "assent": {:hex, :assent, "0.2.9", "e3cdbc8f2e4f8d02c4c490ef8c2148bb1bc0d81aa0648f09addc5918d9a1cd5a", [:mix], [{:certifi, ">= 0.0.0", [hex: :certifi, repo: "hexpm", optional: true]}, {:finch, "~> 0.15", [hex: :finch, repo: "hexpm", optional: true]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:jose, "~> 1.8", [hex: :jose, repo: "hexpm", optional: true]}, {:mint, "~> 1.0", [hex: :mint, repo: "hexpm", optional: true]}, {:req, "~> 0.4", [hex: :req, repo: "hexpm", optional: true]}, {:ssl_verify_fun, ">= 0.0.0", [hex: :ssl_verify_fun, repo: "hexpm", optional: true]}], "hexpm", "5f9562bda90bef7bd3f1b9a348520a5631b86c85145346bb7edb8a7ebbad8e86"}, "bcrypt_elixir": {:hex, :bcrypt_elixir, "3.1.0", "0b110a9a6c619b19a7f73fa3004aa11d6e719a67e672d1633dc36b6b2290a0f7", [:make, :mix], [{:comeonin, "~> 5.3", [hex: :comeonin, repo: "hexpm", optional: false]}, {:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "2ad2acb5a8bc049e8d5aa267802631912bb80d5f4110a178ae7999e69dca1bf7"}, "bunt": {:hex, :bunt, "1.0.0", "081c2c665f086849e6d57900292b3a161727ab40431219529f13c4ddcf3e7a44", [:mix], [], "hexpm", "dc5f86aa08a5f6fa6b8096f0735c4e76d54ae5c9fa2c143e5a1fc7c1cd9bb6b5"}, From addd522d0b9ee3d56823b387c6e16a9071c106fe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 16 Jan 2024 06:46:29 +1300 Subject: [PATCH 24/30] chore(deps-dev): Bump ash_graphql from 0.26.8 to 0.26.9 (#550) --- mix.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mix.lock b/mix.lock index 7769efa6..7206f127 100644 --- a/mix.lock +++ b/mix.lock @@ -2,7 +2,7 @@ "absinthe": {:hex, :absinthe, "1.7.6", "0b897365f98d068cfcb4533c0200a8e58825a4aeeae6ec33633ebed6de11773b", [:mix], [{:dataloader, "~> 1.0.0 or ~> 2.0", [hex: :dataloader, repo: "hexpm", optional: true]}, {:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}, {:nimble_parsec, "~> 1.2.2 or ~> 1.3", [hex: :nimble_parsec, repo: "hexpm", optional: false]}, {:opentelemetry_process_propagator, "~> 0.2.1", [hex: :opentelemetry_process_propagator, repo: "hexpm", optional: true]}, {:telemetry, "~> 1.0 or ~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "e7626951ca5eec627da960615b51009f3a774765406ff02722b1d818f17e5778"}, "absinthe_plug": {:hex, :absinthe_plug, "1.5.8", "38d230641ba9dca8f72f1fed2dfc8abd53b3907d1996363da32434ab6ee5d6ab", [:mix], [{:absinthe, "~> 1.5", [hex: :absinthe, repo: "hexpm", optional: false]}, {:plug, "~> 1.4", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "bbb04176647b735828861e7b2705465e53e2cf54ccf5a73ddd1ebd855f996e5a"}, "ash": {:hex, :ash, "2.18.1", "d6abf51a38f0aff3448743fe2cc4a07a1104d55934fd1bf06183f6ebef0c85df", [:mix], [{:comparable, "~> 1.0", [hex: :comparable, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: false]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:spark, ">= 1.1.50 and < 2.0.0-0", [hex: :spark, repo: "hexpm", optional: false]}, {:stream_data, "~> 0.6", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "0dda3a3bdfb0dd24ea12acc9914bd8b6c6f965ec19c1655af7a59b1e7c3b8cf2"}, - "ash_graphql": {:hex, :ash_graphql, "0.26.8", "ca0af0d267d3cb8e7d1cf006b132f7120f7635b54187c7e150c373a652bff09f", [:mix], [{:absinthe, "~> 1.7", [hex: :absinthe, repo: "hexpm", optional: false]}, {:absinthe_plug, "~> 1.4", [hex: :absinthe_plug, repo: "hexpm", optional: false]}, {:ash, "~> 2.17", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.2", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "dfb0a6b9840715b77fce4b95e0e820133706de76c6b1f9bafc16fa9889e7e739"}, + "ash_graphql": {:hex, :ash_graphql, "0.26.9", "b2e383355ed07d4e4f904d4447158eb118d8cc49969c0d13c2772039de1cdf09", [:mix], [{:absinthe, "~> 1.7", [hex: :absinthe, repo: "hexpm", optional: false]}, {:absinthe_plug, "~> 1.4", [hex: :absinthe_plug, repo: "hexpm", optional: false]}, {:ash, "~> 2.17", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.2", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "7d7d2249785cf196ada1b1903642386bdf3f07a1e6907fa8ac59d1af4e79279f"}, "ash_json_api": {:hex, :ash_json_api, "0.34.2", "21a1f935d1208d7f419f08cb44ae379ffa9919dc4860e6bbc6e7499762986e7e", [:mix], [{:ash, ">= 2.9.24 and < 3.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:json_xema, "~> 0.4.0", [hex: :json_xema, repo: "hexpm", optional: false]}, {:open_api_spex, "~> 3.16", [hex: :open_api_spex, repo: "hexpm", optional: true]}, {:plug, "~> 1.11", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "620658e495ac745807d8eab0e752836f44e1368c98c7beaad5d4c2bd8c286cf4"}, "ash_postgres": {:hex, :ash_postgres, "1.4.0", "d5f6f7a3b4f1328524e39743dcfc4a47244f8227ad04a67df1695510d8d69d68", [:mix], [{:ash, "~> 2.18", [hex: :ash, repo: "hexpm", optional: false]}, {:ecto, "~> 3.9", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.9", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, ">= 0.0.0", [hex: :postgrex, repo: "hexpm", optional: false]}], "hexpm", "d962cc60dd05b5139d98d6c06313a905971aad5b4181e1b0e14b908ac8762dc6"}, "assent": {:hex, :assent, "0.2.9", "e3cdbc8f2e4f8d02c4c490ef8c2148bb1bc0d81aa0648f09addc5918d9a1cd5a", [:mix], [{:certifi, ">= 0.0.0", [hex: :certifi, repo: "hexpm", optional: true]}, {:finch, "~> 0.15", [hex: :finch, repo: "hexpm", optional: true]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:jose, "~> 1.8", [hex: :jose, repo: "hexpm", optional: true]}, {:mint, "~> 1.0", [hex: :mint, repo: "hexpm", optional: true]}, {:req, "~> 0.4", [hex: :req, repo: "hexpm", optional: true]}, {:ssl_verify_fun, ">= 0.0.0", [hex: :ssl_verify_fun, repo: "hexpm", optional: true]}], "hexpm", "5f9562bda90bef7bd3f1b9a348520a5631b86c85145346bb7edb8a7ebbad8e86"}, From f7d6edf0c8b653a8e51091b8a3b984ab4724466b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 17 Jan 2024 08:08:17 +1300 Subject: [PATCH 25/30] chore(deps): Bump plug from 1.15.2 to 1.15.3 (#551) Bumps [plug](https://github.com/elixir-plug/plug) from 1.15.2 to 1.15.3. - [Changelog](https://github.com/elixir-plug/plug/blob/main/CHANGELOG.md) - [Commits](https://github.com/elixir-plug/plug/compare/v1.15.2...v1.15.3) --- updated-dependencies: - dependency-name: plug dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- mix.lock | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mix.lock b/mix.lock index 7206f127..21ff478a 100644 --- a/mix.lock +++ b/mix.lock @@ -50,7 +50,7 @@ "nimble_parsec": {:hex, :nimble_parsec, "1.4.0", "51f9b613ea62cfa97b25ccc2c1b4216e81df970acd8e16e8d1bdc58fef21370d", [:mix], [], "hexpm", "9c565862810fb383e9838c1dd2d7d2c437b3d13b267414ba6af33e50d2d1cf28"}, "nimble_pool": {:hex, :nimble_pool, "1.0.0", "5eb82705d138f4dd4423f69ceb19ac667b3b492ae570c9f5c900bb3d2f50a847", [:mix], [], "hexpm", "80be3b882d2d351882256087078e1b1952a28bf98d0a287be87e4a24a710b67a"}, "picosat_elixir": {:hex, :picosat_elixir, "0.2.3", "bf326d0f179fbb3b706bb2c15fbc367dacfa2517157d090fdfc32edae004c597", [:make, :mix], [{:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "f76c9db2dec9d2561ffaa9be35f65403d53e984e8cd99c832383b7ab78c16c66"}, - "plug": {:hex, :plug, "1.15.2", "94cf1fa375526f30ff8770837cb804798e0045fd97185f0bb9e5fcd858c792a3", [:mix], [{:mime, "~> 1.0 or ~> 2.0", [hex: :mime, repo: "hexpm", optional: false]}, {:plug_crypto, "~> 1.1.1 or ~> 1.2 or ~> 2.0", [hex: :plug_crypto, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4.3 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "02731fa0c2dcb03d8d21a1d941bdbbe99c2946c0db098eee31008e04c6283615"}, + "plug": {:hex, :plug, "1.15.3", "712976f504418f6dff0a3e554c40d705a9bcf89a7ccef92fc6a5ef8f16a30a97", [:mix], [{:mime, "~> 1.0 or ~> 2.0", [hex: :mime, repo: "hexpm", optional: false]}, {:plug_crypto, "~> 1.1.1 or ~> 1.2 or ~> 2.0", [hex: :plug_crypto, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4.3 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "cc4365a3c010a56af402e0809208873d113e9c38c401cabd88027ef4f5c01fd2"}, "plug_cowboy": {:hex, :plug_cowboy, "2.6.1", "9a3bbfceeb65eff5f39dab529e5cd79137ac36e913c02067dba3963a26efe9b2", [:mix], [{:cowboy, "~> 2.7", [hex: :cowboy, repo: "hexpm", optional: false]}, {:cowboy_telemetry, "~> 0.3", [hex: :cowboy_telemetry, repo: "hexpm", optional: false]}, {:plug, "~> 1.14", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "de36e1a21f451a18b790f37765db198075c25875c64834bcc82d90b309eb6613"}, "plug_crypto": {:hex, :plug_crypto, "2.0.0", "77515cc10af06645abbfb5e6ad7a3e9714f805ae118fa1a70205f80d2d70fe73", [:mix], [], "hexpm", "53695bae57cc4e54566d993eb01074e4d894b65a3766f1c43e2c61a1b0f45ea9"}, "postgrex": {:hex, :postgrex, "0.17.4", "5777781f80f53b7c431a001c8dad83ee167bcebcf3a793e3906efff680ab62b3", [:mix], [{:db_connection, "~> 2.1", [hex: :db_connection, repo: "hexpm", optional: false]}, {:decimal, "~> 1.5 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:table, "~> 0.1.0", [hex: :table, repo: "hexpm", optional: true]}], "hexpm", "6458f7d5b70652bc81c3ea759f91736c16a31be000f306d3c64bcdfe9a18b3cc"}, From d29e546061fa120264c810bfbcae1044e2efd63b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 19 Jan 2024 07:43:52 +1300 Subject: [PATCH 26/30] chore(deps): Bump ash from 2.18.1 to 2.18.2 (#552) --- mix.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mix.lock b/mix.lock index 21ff478a..b407ca9d 100644 --- a/mix.lock +++ b/mix.lock @@ -1,7 +1,7 @@ %{ "absinthe": {:hex, :absinthe, "1.7.6", "0b897365f98d068cfcb4533c0200a8e58825a4aeeae6ec33633ebed6de11773b", [:mix], [{:dataloader, "~> 1.0.0 or ~> 2.0", [hex: :dataloader, repo: "hexpm", optional: true]}, {:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}, {:nimble_parsec, "~> 1.2.2 or ~> 1.3", [hex: :nimble_parsec, repo: "hexpm", optional: false]}, {:opentelemetry_process_propagator, "~> 0.2.1", [hex: :opentelemetry_process_propagator, repo: "hexpm", optional: true]}, {:telemetry, "~> 1.0 or ~> 0.4", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "e7626951ca5eec627da960615b51009f3a774765406ff02722b1d818f17e5778"}, "absinthe_plug": {:hex, :absinthe_plug, "1.5.8", "38d230641ba9dca8f72f1fed2dfc8abd53b3907d1996363da32434ab6ee5d6ab", [:mix], [{:absinthe, "~> 1.5", [hex: :absinthe, repo: "hexpm", optional: false]}, {:plug, "~> 1.4", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "bbb04176647b735828861e7b2705465e53e2cf54ccf5a73ddd1ebd855f996e5a"}, - "ash": {:hex, :ash, "2.18.1", "d6abf51a38f0aff3448743fe2cc4a07a1104d55934fd1bf06183f6ebef0c85df", [:mix], [{:comparable, "~> 1.0", [hex: :comparable, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: false]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:spark, ">= 1.1.50 and < 2.0.0-0", [hex: :spark, repo: "hexpm", optional: false]}, {:stream_data, "~> 0.6", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "0dda3a3bdfb0dd24ea12acc9914bd8b6c6f965ec19c1655af7a59b1e7c3b8cf2"}, + "ash": {:hex, :ash, "2.18.2", "3c20d3eb029011972f2ed434c0d267ba8e45d69f2b8bbda42621493b91138213", [:mix], [{:comparable, "~> 1.0", [hex: :comparable, repo: "hexpm", optional: false]}, {:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:earmark, "~> 1.4", [hex: :earmark, repo: "hexpm", optional: false]}, {:ecto, "~> 3.7", [hex: :ecto, repo: "hexpm", optional: false]}, {:ets, "~> 0.8", [hex: :ets, repo: "hexpm", optional: false]}, {:jason, ">= 1.0.0", [hex: :jason, repo: "hexpm", optional: false]}, {:picosat_elixir, "~> 0.2", [hex: :picosat_elixir, repo: "hexpm", optional: false]}, {:plug, ">= 0.0.0", [hex: :plug, repo: "hexpm", optional: true]}, {:spark, ">= 1.1.50 and < 2.0.0-0", [hex: :spark, repo: "hexpm", optional: false]}, {:stream_data, "~> 0.6", [hex: :stream_data, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.1", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "0402b0a7d27b920a565fc9f97137affae035ee7937ff274da706e91be1bfaaa5"}, "ash_graphql": {:hex, :ash_graphql, "0.26.9", "b2e383355ed07d4e4f904d4447158eb118d8cc49969c0d13c2772039de1cdf09", [:mix], [{:absinthe, "~> 1.7", [hex: :absinthe, repo: "hexpm", optional: false]}, {:absinthe_plug, "~> 1.4", [hex: :absinthe_plug, repo: "hexpm", optional: false]}, {:ash, "~> 2.17", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.2", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "7d7d2249785cf196ada1b1903642386bdf3f07a1e6907fa8ac59d1af4e79279f"}, "ash_json_api": {:hex, :ash_json_api, "0.34.2", "21a1f935d1208d7f419f08cb44ae379ffa9919dc4860e6bbc6e7499762986e7e", [:mix], [{:ash, ">= 2.9.24 and < 3.0.0-0", [hex: :ash, repo: "hexpm", optional: false]}, {:jason, "~> 1.1", [hex: :jason, repo: "hexpm", optional: false]}, {:json_xema, "~> 0.4.0", [hex: :json_xema, repo: "hexpm", optional: false]}, {:open_api_spex, "~> 3.16", [hex: :open_api_spex, repo: "hexpm", optional: true]}, {:plug, "~> 1.11", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "620658e495ac745807d8eab0e752836f44e1368c98c7beaad5d4c2bd8c286cf4"}, "ash_postgres": {:hex, :ash_postgres, "1.4.0", "d5f6f7a3b4f1328524e39743dcfc4a47244f8227ad04a67df1695510d8d69d68", [:mix], [{:ash, "~> 2.18", [hex: :ash, repo: "hexpm", optional: false]}, {:ecto, "~> 3.9", [hex: :ecto, repo: "hexpm", optional: false]}, {:ecto_sql, "~> 3.9", [hex: :ecto_sql, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:postgrex, ">= 0.0.0", [hex: :postgrex, repo: "hexpm", optional: false]}], "hexpm", "d962cc60dd05b5139d98d6c06313a905971aad5b4181e1b0e14b908ac8762dc6"}, @@ -24,7 +24,7 @@ "earmark_parser": {:hex, :earmark_parser, "1.4.39", "424642f8335b05bb9eb611aa1564c148a8ee35c9c8a8bba6e129d51a3e3c6769", [:mix], [], "hexpm", "06553a88d1f1846da9ef066b87b57c6f605552cfbe40d20bd8d59cc6bde41944"}, "ecto": {:hex, :ecto, "3.11.1", "4b4972b717e7ca83d30121b12998f5fcdc62ba0ed4f20fd390f16f3270d85c3e", [:mix], [{:decimal, "~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "ebd3d3772cd0dfcd8d772659e41ed527c28b2a8bde4b00fe03e0463da0f1983b"}, "ecto_sql": {:hex, :ecto_sql, "3.11.1", "e9abf28ae27ef3916b43545f9578b4750956ccea444853606472089e7d169470", [:mix], [{:db_connection, "~> 2.4.1 or ~> 2.5", [hex: :db_connection, repo: "hexpm", optional: false]}, {:ecto, "~> 3.11.0", [hex: :ecto, repo: "hexpm", optional: false]}, {:myxql, "~> 0.6.0", [hex: :myxql, repo: "hexpm", optional: true]}, {:postgrex, "~> 0.16.0 or ~> 0.17.0 or ~> 1.0", [hex: :postgrex, repo: "hexpm", optional: true]}, {:tds, "~> 2.1.1 or ~> 2.2", [hex: :tds, repo: "hexpm", optional: true]}, {:telemetry, "~> 0.4.0 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "ce14063ab3514424276e7e360108ad6c2308f6d88164a076aac8a387e1fea634"}, - "elixir_make": {:hex, :elixir_make, "0.7.7", "7128c60c2476019ed978210c245badf08b03dbec4f24d05790ef791da11aa17c", [:mix], [{:castore, "~> 0.1 or ~> 1.0", [hex: :castore, repo: "hexpm", optional: true]}], "hexpm", "5bc19fff950fad52bbe5f211b12db9ec82c6b34a9647da0c2224b8b8464c7e6c"}, + "elixir_make": {:hex, :elixir_make, "0.7.8", "505026f266552ee5aabca0b9f9c229cbb496c689537c9f922f3eb5431157efc7", [:mix], [{:castore, "~> 0.1 or ~> 1.0", [hex: :castore, repo: "hexpm", optional: true]}, {:certifi, "~> 2.0", [hex: :certifi, repo: "hexpm", optional: true]}], "hexpm", "7a71945b913d37ea89b06966e1342c85cfe549b15e6d6d081e8081c493062c07"}, "erlex": {:hex, :erlex, "0.2.6", "c7987d15e899c7a2f34f5420d2a2ea0d659682c06ac607572df55a43753aa12e", [:mix], [], "hexpm", "2ed2e25711feb44d52b17d2780eabf998452f6efda104877a3881c2f8c0c0c75"}, "ets": {:hex, :ets, "0.9.0", "79c6a6c205436780486f72d84230c6cba2f8a9920456750ddd1e47389107d5fd", [:mix], [], "hexpm", "2861fdfb04bcaeff370f1a5904eec864f0a56dcfebe5921ea9aadf2a481c822b"}, "ex_check": {:hex, :ex_check, "0.15.0", "074b94c02de11c37bba1ca82ae5cc4926e6ccee862e57a485b6ba60fca2d8dc1", [:mix], [], "hexpm", "33848031a0c7e4209c3b4369ce154019788b5219956220c35ca5474299fb6a0e"}, From 7b07b3a4337fbcb26da618e0b8b3b7f9518dfa60 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?M=2EYasoob=20Ullah=20Khalid=20=E2=98=BA?= Date: Thu, 25 Jan 2024 07:50:08 -0800 Subject: [PATCH 27/30] improvement: support atom keys for uid in addition to strings (#556) --- lib/ash_authentication/user_identity/upsert_identity_change.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/ash_authentication/user_identity/upsert_identity_change.ex b/lib/ash_authentication/user_identity/upsert_identity_change.ex index 9ced34ed..d7115c9b 100644 --- a/lib/ash_authentication/user_identity/upsert_identity_change.ex +++ b/lib/ash_authentication/user_identity/upsert_identity_change.ex @@ -34,7 +34,7 @@ defmodule AshAuthentication.UserIdentity.UpsertIdentityChange do # uid is a convention # sub is supposedly from the spec # id is from what has been seen from Google - |> Map.take(["uid", "sub", "id"]) + |> Map.take(["uid", "sub", "id", :uid, :sub, :id]) |> Map.values() |> Enum.reject(&is_nil/1) |> List.first() From 9c086c9c1ee7dfe7b45f24bedc654d1b1cbd5b36 Mon Sep 17 00:00:00 2001 From: github-actions Date: Thu, 25 Jan 2024 15:54:24 +0000 Subject: [PATCH 28/30] chore: release version v3.12.1 --- CHANGELOG.md | 9 +++++++++ README.md | 2 +- mix.exs | 2 +- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 046d7f2e..c5824907 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,15 @@ See [Conventional Commits](Https://conventionalcommits.org) for commit guideline +## [v3.12.1](https://github.com/team-alembic/ash_authentication/compare/v3.12.0...v3.12.1) (2024-01-25) + + + + +### Improvements: + +* support atom keys for uid in addition to strings (#556) + ## [v3.12.0](https://github.com/team-alembic/ash_authentication/compare/v3.11.16...v3.12.0) (2023-11-21) diff --git a/README.md b/README.md index f4dc95d6..2ef73547 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ dependencies in `mix.exs`: ```elixir def deps do [ - {:ash_authentication, "~> 3.12.0"} + {:ash_authentication, "~> 3.12.1"} ] end ``` diff --git a/mix.exs b/mix.exs index 8d496ba7..17225f00 100644 --- a/mix.exs +++ b/mix.exs @@ -2,7 +2,7 @@ defmodule AshAuthentication.MixProject do @moduledoc false use Mix.Project - @version "3.12.0" + @version "3.12.1" def project do [ From 41dd582e3901bc2c9805cfed7c7dd1a5d18718b6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jan 2024 14:21:05 +1300 Subject: [PATCH 29/30] chore(deps-dev): Bump plug_cowboy from 2.6.1 to 2.6.2 (#553) Bumps [plug_cowboy](https://github.com/elixir-plug/plug_cowboy) from 2.6.1 to 2.6.2. - [Changelog](https://github.com/elixir-plug/plug_cowboy/blob/master/CHANGELOG.md) - [Commits](https://github.com/elixir-plug/plug_cowboy/compare/v2.6.1...v2.6.2) --- updated-dependencies: - dependency-name: plug_cowboy dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- mix.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/mix.lock b/mix.lock index b407ca9d..3ec9857c 100644 --- a/mix.lock +++ b/mix.lock @@ -12,9 +12,9 @@ "comeonin": {:hex, :comeonin, "5.4.0", "246a56ca3f41d404380fc6465650ddaa532c7f98be4bda1b4656b3a37cc13abe", [:mix], [], "hexpm", "796393a9e50d01999d56b7b8420ab0481a7538d0caf80919da493b4a6e51faf1"}, "comparable": {:hex, :comparable, "1.0.0", "bb669e91cedd14ae9937053e5bcbc3c52bb2f22422611f43b6e38367d94a495f", [:mix], [{:typable, "~> 0.1", [hex: :typable, repo: "hexpm", optional: false]}], "hexpm", "277c11eeb1cd726e7cd41c6c199e7e52fa16ee6830b45ad4cdc62e51f62eb60c"}, "conv_case": {:hex, :conv_case, "0.2.3", "c1455c27d3c1ffcdd5f17f1e91f40b8a0bc0a337805a6e8302f441af17118ed8", [:mix], [], "hexpm", "88f29a3d97d1742f9865f7e394ed3da011abb7c5e8cc104e676fdef6270d4b4a"}, - "cowboy": {:hex, :cowboy, "2.9.0", "865dd8b6607e14cf03282e10e934023a1bd8be6f6bacf921a7e2a96d800cd452", [:make, :rebar3], [{:cowlib, "2.11.0", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "1.8.0", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm", "2c729f934b4e1aa149aff882f57c6372c15399a20d54f65c8d67bef583021bde"}, + "cowboy": {:hex, :cowboy, "2.10.0", "ff9ffeff91dae4ae270dd975642997afe2a1179d94b1887863e43f681a203e26", [:make, :rebar3], [{:cowlib, "2.12.1", [hex: :cowlib, repo: "hexpm", optional: false]}, {:ranch, "1.8.0", [hex: :ranch, repo: "hexpm", optional: false]}], "hexpm", "3afdccb7183cc6f143cb14d3cf51fa00e53db9ec80cdcd525482f5e99bc41d6b"}, "cowboy_telemetry": {:hex, :cowboy_telemetry, "0.4.0", "f239f68b588efa7707abce16a84d0d2acf3a0f50571f8bb7f56a15865aae820c", [:rebar3], [{:cowboy, "~> 2.7", [hex: :cowboy, repo: "hexpm", optional: false]}, {:telemetry, "~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "7d98bac1ee4565d31b62d59f8823dfd8356a169e7fcbb83831b8a5397404c9de"}, - "cowlib": {:hex, :cowlib, "2.11.0", "0b9ff9c346629256c42ebe1eeb769a83c6cb771a6ee5960bd110ab0b9b872063", [:make, :rebar3], [], "hexpm", "2b3e9da0b21c4565751a6d4901c20d1b4cc25cbb7fd50d91d2ab6dd287bc86a9"}, + "cowlib": {:hex, :cowlib, "2.12.1", "a9fa9a625f1d2025fe6b462cb865881329b5caff8f1854d1cbc9f9533f00e1e1", [:make, :rebar3], [], "hexpm", "163b73f6367a7341b33c794c4e88e7dbfe6498ac42dcd69ef44c5bc5507c8db0"}, "credo": {:hex, :credo, "1.7.3", "05bb11eaf2f2b8db370ecaa6a6bda2ec49b2acd5e0418bc106b73b07128c0436", [:mix], [{:bunt, "~> 0.2.1 or ~> 1.0", [hex: :bunt, repo: "hexpm", optional: false]}, {:file_system, "~> 0.2 or ~> 1.0", [hex: :file_system, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "35ea675a094c934c22fb1dca3696f3c31f2728ae6ef5a53b5d648c11180a4535"}, "db_connection": {:hex, :db_connection, "2.6.0", "77d835c472b5b67fc4f29556dee74bf511bbafecdcaf98c27d27fa5918152086", [:mix], [{:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "c2f992d15725e721ec7fbc1189d4ecdb8afef76648c746a8e1cad35e3b8a35f3"}, "decimal": {:hex, :decimal, "2.1.1", "5611dca5d4b2c3dd497dec8f68751f1f1a54755e8ed2a966c2633cf885973ad6", [:mix], [], "hexpm", "53cfe5f497ed0e7771ae1a475575603d77425099ba5faef9394932b35020ffcc"}, @@ -51,7 +51,7 @@ "nimble_pool": {:hex, :nimble_pool, "1.0.0", "5eb82705d138f4dd4423f69ceb19ac667b3b492ae570c9f5c900bb3d2f50a847", [:mix], [], "hexpm", "80be3b882d2d351882256087078e1b1952a28bf98d0a287be87e4a24a710b67a"}, "picosat_elixir": {:hex, :picosat_elixir, "0.2.3", "bf326d0f179fbb3b706bb2c15fbc367dacfa2517157d090fdfc32edae004c597", [:make, :mix], [{:elixir_make, "~> 0.6", [hex: :elixir_make, repo: "hexpm", optional: false]}], "hexpm", "f76c9db2dec9d2561ffaa9be35f65403d53e984e8cd99c832383b7ab78c16c66"}, "plug": {:hex, :plug, "1.15.3", "712976f504418f6dff0a3e554c40d705a9bcf89a7ccef92fc6a5ef8f16a30a97", [:mix], [{:mime, "~> 1.0 or ~> 2.0", [hex: :mime, repo: "hexpm", optional: false]}, {:plug_crypto, "~> 1.1.1 or ~> 1.2 or ~> 2.0", [hex: :plug_crypto, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4.3 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "cc4365a3c010a56af402e0809208873d113e9c38c401cabd88027ef4f5c01fd2"}, - "plug_cowboy": {:hex, :plug_cowboy, "2.6.1", "9a3bbfceeb65eff5f39dab529e5cd79137ac36e913c02067dba3963a26efe9b2", [:mix], [{:cowboy, "~> 2.7", [hex: :cowboy, repo: "hexpm", optional: false]}, {:cowboy_telemetry, "~> 0.3", [hex: :cowboy_telemetry, repo: "hexpm", optional: false]}, {:plug, "~> 1.14", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "de36e1a21f451a18b790f37765db198075c25875c64834bcc82d90b309eb6613"}, + "plug_cowboy": {:hex, :plug_cowboy, "2.6.2", "753611b23b29231fb916b0cdd96028084b12aff57bfd7b71781bd04b1dbeb5c9", [:mix], [{:cowboy, "~> 2.7", [hex: :cowboy, repo: "hexpm", optional: false]}, {:cowboy_telemetry, "~> 0.3", [hex: :cowboy_telemetry, repo: "hexpm", optional: false]}, {:plug, "~> 1.14", [hex: :plug, repo: "hexpm", optional: false]}], "hexpm", "951ed2433df22f4c97b85fdb145d4cee561f36b74854d64c06d896d7cd2921a7"}, "plug_crypto": {:hex, :plug_crypto, "2.0.0", "77515cc10af06645abbfb5e6ad7a3e9714f805ae118fa1a70205f80d2d70fe73", [:mix], [], "hexpm", "53695bae57cc4e54566d993eb01074e4d894b65a3766f1c43e2c61a1b0f45ea9"}, "postgrex": {:hex, :postgrex, "0.17.4", "5777781f80f53b7c431a001c8dad83ee167bcebcf3a793e3906efff680ab62b3", [:mix], [{:db_connection, "~> 2.1", [hex: :db_connection, repo: "hexpm", optional: false]}, {:decimal, "~> 1.5 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: true]}, {:table, "~> 0.1.0", [hex: :table, repo: "hexpm", optional: true]}], "hexpm", "6458f7d5b70652bc81c3ea759f91736c16a31be000f306d3c64bcdfe9a18b3cc"}, "ranch": {:hex, :ranch, "1.8.0", "8c7a100a139fd57f17327b6413e4167ac559fbc04ca7448e9be9057311597a1d", [:make, :rebar3], [], "hexpm", "49fbcfd3682fab1f5d109351b61257676da1a2fdbe295904176d5e521a2ddfe5"}, From 9000a10a678903ad93e073430e16375ceb1ec63a Mon Sep 17 00:00:00 2001 From: StephanH90 <88476449+StephanH90@users.noreply.github.com> Date: Mon, 29 Jan 2024 02:23:25 +0100 Subject: [PATCH 30/30] docs: add notice about minimum ash_postgres version (#517) --- documentation/tutorials/auth0-quickstart.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/documentation/tutorials/auth0-quickstart.md b/documentation/tutorials/auth0-quickstart.md index f4683ec2..7eeba1da 100644 --- a/documentation/tutorials/auth0-quickstart.md +++ b/documentation/tutorials/auth0-quickstart.md @@ -6,6 +6,9 @@ Auth0 for authentication. Before you start this tutorial, skip the Token resource while following the [AshAuthenticationPhoenix guide](https://hexdocs.pm/ash_authentication_phoenix/getting-started-with-ash-authentication-phoenix.html)) +> [!WARNING] +> Make sure that your `ash_postgres` dependency is `~> 1.3.64`. A bug in previous versions prevents the action shown below from working correctly. + Next, you need to configure an application in [the Auth0 dashboard](https://manage.auth0.com/) using the following steps: