Packages
ash_authentication
4.14.0
5.0.0-rc.12
5.0.0-rc.11
5.0.0-rc.10
5.0.0-rc.9
5.0.0-rc.8
5.0.0-rc.7
5.0.0-rc.6
5.0.0-rc.5
5.0.0-rc.4
5.0.0-rc.3
5.0.0-rc.2
5.0.0-rc.1
5.0.0-rc.0
4.14.1
4.14.0
4.13.7
4.13.6
4.13.5
4.13.4
4.13.3
4.13.2
retired
4.13.1
retired
4.13.0
4.12.0
4.11.0
4.10.0
4.9.9
4.9.8
4.9.7
4.9.6
4.9.5
4.9.4
4.9.3
4.9.2
4.9.1
4.9.0
4.8.7
4.8.6
4.8.5
4.8.3
4.8.2
4.8.1
4.8.0
4.7.6
4.7.5
4.7.4
4.7.3
4.7.2
4.7.1
4.7.0
4.6.4
4.6.3
4.6.2
4.6.1
4.6.0
4.5.6
4.5.5
4.5.4
4.5.3
4.5.2
4.5.1
4.5.0
4.4.9
4.4.8
4.4.7
4.4.6
4.4.5
4.4.4
4.4.3
4.4.2
4.4.1
4.4.0
4.3.12
4.3.11
4.3.10
4.3.9
4.3.8
4.3.7
4.3.6
4.3.5
4.3.4
4.3.3
4.3.2
4.3.1
4.3.0
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2.0
4.1.0
4.0.4
4.0.3
4.0.2
4.0.1
4.0.0
4.0.0-rc.6
4.0.0-rc.5
4.0.0-rc.3
4.0.0-rc.2
4.0.0-rc.1
4.0.0-rc.0
3.12.4
3.12.3
3.12.2
3.12.1
3.12.0
3.11.16
3.11.15
3.11.14
3.11.13
3.11.12
3.11.11
3.11.10
3.11.9
3.11.8
3.11.7
3.11.6
3.11.5
3.11.4
3.11.3
3.11.2
3.11.1
3.11.0
3.10.8
3.10.7
3.10.6
3.10.5
3.10.4
3.10.3
3.10.2
3.10.1
3.10.0
3.9.6
3.9.5
3.9.4
3.9.3
3.9.2
3.9.1
3.9.0
3.8.0
3.7.9
3.7.8
3.7.6
3.7.5
3.7.4
3.7.3
3.7.2
3.7.1
3.7.0
3.6.1
3.6.0
3.5.3
3.5.2
3.5.1
3.5.0
3.3.1
3.3.0
3.2.2
3.2.1
3.2.0
3.1.0
3.0.3
Authentication extension for the Ash Framework.
Current section
Files
Jump to
Current section
Files
lib/ash_authentication/dsl.ex
# SPDX-FileCopyrightText: 2022 Alembic Pty Ltd
#
# SPDX-License-Identifier: MIT
defmodule AshAuthentication.Dsl do
@moduledoc false
###
### Only exists to move the DSL out of `AshAuthentication` to aid readability.
###
import AshAuthentication.Utils, only: [to_sentence: 2]
import Joken.Signer, only: [algorithms: 0]
alias Ash.{Domain, Resource}
@default_token_lifetime_days 14
alias Spark.Dsl.Section
@doc false
@spec secret_type :: any
def secret_type,
do:
{:or,
[
{:spark_function_behaviour, AshAuthentication.Secret,
{AshAuthentication.SecretFunction, 2}},
:string
]}
@doc false
@spec secret_list_type :: any
def secret_list_type,
do:
{:or,
[
{:spark_function_behaviour, AshAuthentication.Secret,
{AshAuthentication.SecretFunction, 2}},
{:list, :any},
nil
]}
@doc false
@spec secret_keyword_type :: any
def secret_keyword_type,
do:
{:or,
[
{:spark_function_behaviour, AshAuthentication.Secret,
{AshAuthentication.SecretFunction, 2}},
:keyword_list,
nil
]}
@doc false
@spec secret_doc :: String.t()
def secret_doc,
do:
"Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string."
@doc false
@spec dsl :: [Section.t()]
def dsl do
secret_type = secret_type()
secret_doc = secret_doc()
[
%Section{
name: :authentication,
describe: "Configure authentication for this resource",
no_depend_modules: [:domain],
schema: [
subject_name: [
type: :atom,
doc:
"The subject name is used anywhere that a short version of your resource name is needed. Must be unique system-wide and will be inferred from the resource name by default (ie `MyApp.Accounts.User` -> `user`)."
],
session_identifier: [
type: {:in, [:error, :jti, :unsafe]},
default: :error,
doc:
"How to uniquely identify a session. Only necessary if `require_token_presence_for_authentication?` is not set to `true`. Should always be `:jti`, if set."
],
domain: [
type: {:behaviour, Domain},
required: false,
doc:
"The name of the Ash domain to use to access this resource when doing anything authentication related."
],
get_by_subject_action_name: [
type: :atom,
doc:
"The name of the read action used to retrieve records. If the action doesn't exist, one will be generated for you.",
default: :get_by_subject
],
select_for_senders: [
type: {:list, :atom},
doc:
"A list of fields that we will ensure are selected whenever a sender will be invoked. Defaults to `[:email]` if there is an `:email` attribute on the resource, and `[]` otherwise."
]
],
sections: [
%Section{
name: :tokens,
describe: "Configure JWT settings for this resource",
no_depend_modules: [:token_resource, :signing_secret],
schema: [
enabled?: [
type: :boolean,
doc: """
Should JWTs be generated by this resource?
""",
default: false
],
store_all_tokens?: [
type: :boolean,
doc:
"Store all tokens in the `token_resource`. See the [tokens guide](/documentation/topics/tokens.md) for more.",
default: false
],
require_token_presence_for_authentication?: [
type: :boolean,
doc:
"Require a locally-stored token for authentication. See the [tokens guide](/documentation/topics/tokens.md) for more.",
default: false
],
signing_algorithm: [
type: :string,
doc:
"The algorithm to use for token signing. Available signing algorithms are; #{to_sentence(algorithms(), final: "and")}.",
default: hd(algorithms())
],
token_lifetime: [
type:
{:or,
[
:pos_integer,
{:tuple, [:pos_integer, {:in, [:days, :hours, :minutes, :seconds]}]}
]},
doc:
"How long a token should be valid. See [the tokens guide](/documentation/topics/tokens.md) for more.",
default: {@default_token_lifetime_days, :days}
],
token_resource: [
type: {:or, [{:behaviour, Resource}, {:in, [false]}]},
doc:
"The resource used to store token information, such as in-flight confirmations, revocations, and if `store_all_tokens?` is enabled, authentication tokens themselves.",
required: true
],
signing_secret: [
type: secret_type,
doc: "The secret used to sign tokens. #{secret_doc}"
]
]
},
%Section{
name: :strategies,
describe: "Configure authentication strategies on this resource",
entities: [],
patchable?: true
},
%Section{
name: :add_ons,
describe: "Additional add-ons related to, but not providing authentication",
entities: [],
patchable?: true
},
%Section{
name: :providers,
describe: "A DSL section for extensions to add authentication providers",
entities: [],
patchable?: true
}
]
}
]
end
end