Current section

Files

Jump to
ash_authentication lib ash_authentication strategies api_key.ex
Raw

lib/ash_authentication/strategies/api_key.ex

# SPDX-FileCopyrightText: 2022 Alembic Pty Ltd
#
# SPDX-License-Identifier: MIT
defmodule AshAuthentication.Strategy.ApiKey do
alias __MODULE__.Dsl
@moduledoc """
Strategy for authenticating using an API key.
## Security Considerations
Responsibility for generating, securing, expiring and revoking lies on the implementor.
If you are using API keys, you *must* ensure that your policies and application are set
up to prevent misuse of these keys. For example:
```elixir
policy AshAuthentication.Checks.UsingApiKey do
authorize_if action([:a, :list, :of, :allowed, :action, :names])
end
```
To detect that a user is signed in with an API key, you can see if
`user.__metadata__[:using_api_key?]` is set. If they are signed
in, then `user.__metadata__[:api_key]` will be set to the API key that they
used, allowing you to write policies that depend on the permissions granted
by the API key.
"""
defstruct name: nil,
resource: nil,
sign_in_action_name: nil,
api_key_hash_attribute: nil,
api_key_relationship: nil,
multitenancy_relationship: nil,
__spark_metadata__: nil
alias AshAuthentication.Strategy.{ApiKey, ApiKey.Transformer, ApiKey.Verifier}
use AshAuthentication.Strategy.Custom, entity: ApiKey.Dsl.dsl()
@type t :: %ApiKey{
name: atom(),
resource: Ash.Resource.t(),
sign_in_action_name: atom(),
api_key_hash_attribute: atom(),
api_key_relationship: atom(),
multitenancy_relationship: atom(),
__spark_metadata__: Spark.Dsl.Entity.spark_meta()
}
@doc false
defdelegate dsl(), to: Dsl
defdelegate transform(strategy, dsl_state), to: Transformer
defdelegate verify(strategy, dsl_state), to: Verifier
end