Packages
ash_authentication
4.3.8
5.0.0-rc.12
5.0.0-rc.11
5.0.0-rc.10
5.0.0-rc.9
5.0.0-rc.8
5.0.0-rc.7
5.0.0-rc.6
5.0.0-rc.5
5.0.0-rc.4
5.0.0-rc.3
5.0.0-rc.2
5.0.0-rc.1
5.0.0-rc.0
4.14.1
4.14.0
4.13.7
4.13.6
4.13.5
4.13.4
4.13.3
4.13.2
retired
4.13.1
retired
4.13.0
4.12.0
4.11.0
4.10.0
4.9.9
4.9.8
4.9.7
4.9.6
4.9.5
4.9.4
4.9.3
4.9.2
4.9.1
4.9.0
4.8.7
4.8.6
4.8.5
4.8.3
4.8.2
4.8.1
4.8.0
4.7.6
4.7.5
4.7.4
4.7.3
4.7.2
4.7.1
4.7.0
4.6.4
4.6.3
4.6.2
4.6.1
4.6.0
4.5.6
4.5.5
4.5.4
4.5.3
4.5.2
4.5.1
4.5.0
4.4.9
4.4.8
4.4.7
4.4.6
4.4.5
4.4.4
4.4.3
4.4.2
4.4.1
4.4.0
4.3.12
4.3.11
4.3.10
4.3.9
4.3.8
4.3.7
4.3.6
4.3.5
4.3.4
4.3.3
4.3.2
4.3.1
4.3.0
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2.0
4.1.0
4.0.4
4.0.3
4.0.2
4.0.1
4.0.0
4.0.0-rc.6
4.0.0-rc.5
4.0.0-rc.3
4.0.0-rc.2
4.0.0-rc.1
4.0.0-rc.0
3.12.4
3.12.3
3.12.2
3.12.1
3.12.0
3.11.16
3.11.15
3.11.14
3.11.13
3.11.12
3.11.11
3.11.10
3.11.9
3.11.8
3.11.7
3.11.6
3.11.5
3.11.4
3.11.3
3.11.2
3.11.1
3.11.0
3.10.8
3.10.7
3.10.6
3.10.5
3.10.4
3.10.3
3.10.2
3.10.1
3.10.0
3.9.6
3.9.5
3.9.4
3.9.3
3.9.2
3.9.1
3.9.0
3.8.0
3.7.9
3.7.8
3.7.6
3.7.5
3.7.4
3.7.3
3.7.2
3.7.1
3.7.0
3.6.1
3.6.0
3.5.3
3.5.2
3.5.1
3.5.0
3.3.1
3.3.0
3.2.2
3.2.1
3.2.0
3.1.0
3.0.3
Authentication extension for the Ash Framework.
Security advisory:
This version has known vulnerabilities.
View advisories
Current section
Files
Jump to
Current section
Files
lib/ash_authentication/strategies/oauth2/dsl.ex
defmodule AshAuthentication.Strategy.OAuth2.Dsl do
@moduledoc """
Defines the Spark DSL entity for this strategy.
"""
alias AshAuthentication.Strategy.{Custom, OAuth2}
alias Spark.Dsl.Entity
@doc false
@spec dsl :: Custom.entity()
def dsl do
secret_type = AshAuthentication.Dsl.secret_type()
secret_list_type = AshAuthentication.Dsl.secret_list_type()
secret_doc = AshAuthentication.Dsl.secret_doc()
%Entity{
name: :oauth2,
describe: "OAuth2 authentication",
args: [{:optional, :name, :oauth2}],
target: OAuth2,
no_depend_modules: [
:authorize_url,
:base_url,
:client_id,
:client_secret,
:identity_resource,
:private_key,
:redirect_uri,
:site,
:token_url,
:user_url
],
schema: [
name: [
type: :atom,
doc: """
Uniquely identifies the strategy.
""",
required: true
],
client_id: [
type: secret_type,
doc: "The OAuth2 client ID. #{secret_doc}",
required: true
],
base_url: [
type: secret_type,
doc:
"The base URL of the OAuth2 server - including the leading protocol (ie `https://`). #{secret_doc}",
required: false
],
site: [
type: secret_type,
doc: "Deprecated: Use `base_url` instead.",
required: false
],
prevent_hijacking?: [
type: :boolean,
default: true,
doc:
"Requires a confirmation add_on to be present if the password strategy is used with the same identity_field."
],
auth_method: [
type:
{:in,
[
nil,
:client_secret_basic,
:client_secret_post,
:client_secret_jwt,
:private_key_jwt
]},
doc:
"The authentication strategy used, optional. If not set, no authentication will be used during the access token request.",
default: :client_secret_post
],
client_secret: [
type: secret_type,
doc:
"The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. #{secret_doc}",
required: false
],
authorize_url: [
type: secret_type,
doc:
"The API url to the OAuth2 authorize endpoint, relative to `site`, e.g `authorize_url fn _, _ -> {:ok, \"https://exampe.com/authorize\"} end`. #{secret_doc}",
required: true
],
token_url: [
type: secret_type,
doc:
"The API url to access the token endpoint, relative to `site`, e.g `token_url fn _, _ -> {:ok, \"https://example.com/oauth_token\"} end`. #{secret_doc}",
required: true
],
trusted_audiences: [
type: secret_list_type,
doc: """
A list of audiences which are trusted. #{secret_doc}
""",
required: false,
default: nil
],
user_url: [
type: secret_type,
doc:
"The API url to access the user endpoint, relative to `site`, e.g `user_url fn _, _ -> {:ok, \"https://example.com/userinfo\"} end`. #{secret_doc}",
required: true
],
private_key: [
type: secret_type,
doc: "The private key to use if `:auth_method` is `:private_key_jwt`. #{secret_doc}",
required: false
],
redirect_uri: [
type: secret_type,
doc:
"The callback URI *base*. Not the whole URI back to the callback endpoint, but the URI to your `AuthPlug`. #{secret_doc}",
required: true
],
authorization_params: [
type: :keyword_list,
doc:
"Any additional parameters to encode in the request phase. eg: `authorization_params scope: \"openid profile email\"`",
default: []
],
registration_enabled?: [
type: :boolean,
doc:
"If enabled, new users will be able to register for your site when authenticating and not already present. If not, only existing users will be able to authenticate.",
default: true
],
register_action_name: [
type: :atom,
doc:
"The name of the action to use to register a user, if `registration_enabled?` is `true`. Defaults to `register_with_<name>` See the \"Registration and Sign-in\" section of the strategy docs for more.",
required: false
],
sign_in_action_name: [
type: :atom,
doc:
"The name of the action to use to sign in an existing user, if `sign_in_enabled?` is `true`. Defaults to `sign_in_with_<strategy>`, which is generated for you by default. See the \"Registration and Sign-in\" section of the strategy docs for more information.",
required: false
],
identity_resource: [
type: {:or, [{:behaviour, Ash.Resource}, {:in, [false]}]},
doc:
"The resource used to store user identities, or `false` to disable. See the User Identities section of the strategy docs for more.",
default: false
],
identity_relationship_name: [
type: :atom,
doc: "Name of the relationship to the provider identities resource",
default: :identities
],
identity_relationship_user_id_attribute: [
type: :atom,
doc:
"The name of the destination (user_id) attribute on your provider identity resource. Only necessary if you've changed the `user_id_attribute_name` option of the provider identity.",
default: :user_id
],
icon: [
type: :atom,
doc:
" The name of an icon to use in any potential UI. This is a *hint* for UI generators to use, and not in any way canonical.",
required: false,
default: :oauth2
]
],
deprecations: [site: "As of assent v0.2.8 please use `base_url` instead."],
auto_set_fields: [assent_strategy: Assent.Strategy.OAuth2],
transform: {__MODULE__, :transform, []}
}
end
@doc false
@spec transform(Custom.entity()) :: {:ok, Custom.entity()} | {:error, any}
def transform(entity) do
handle_site_deprecation(entity)
end
defp handle_site_deprecation(entity) when is_nil(entity.base_url) and not is_nil(entity.site),
do: {:ok, %{entity | base_url: entity.site, site: nil}}
defp handle_site_deprecation(entity), do: {:ok, entity}
end