Packages
ash_authentication
4.7.3
5.0.0-rc.12
5.0.0-rc.11
5.0.0-rc.10
5.0.0-rc.9
5.0.0-rc.8
5.0.0-rc.7
5.0.0-rc.6
5.0.0-rc.5
5.0.0-rc.4
5.0.0-rc.3
5.0.0-rc.2
5.0.0-rc.1
5.0.0-rc.0
4.14.1
4.14.0
4.13.7
4.13.6
4.13.5
4.13.4
4.13.3
4.13.2
retired
4.13.1
retired
4.13.0
4.12.0
4.11.0
4.10.0
4.9.9
4.9.8
4.9.7
4.9.6
4.9.5
4.9.4
4.9.3
4.9.2
4.9.1
4.9.0
4.8.7
4.8.6
4.8.5
4.8.3
4.8.2
4.8.1
4.8.0
4.7.6
4.7.5
4.7.4
4.7.3
4.7.2
4.7.1
4.7.0
4.6.4
4.6.3
4.6.2
4.6.1
4.6.0
4.5.6
4.5.5
4.5.4
4.5.3
4.5.2
4.5.1
4.5.0
4.4.9
4.4.8
4.4.7
4.4.6
4.4.5
4.4.4
4.4.3
4.4.2
4.4.1
4.4.0
4.3.12
4.3.11
4.3.10
4.3.9
4.3.8
4.3.7
4.3.6
4.3.5
4.3.4
4.3.3
4.3.2
4.3.1
4.3.0
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2.0
4.1.0
4.0.4
4.0.3
4.0.2
4.0.1
4.0.0
4.0.0-rc.6
4.0.0-rc.5
4.0.0-rc.3
4.0.0-rc.2
4.0.0-rc.1
4.0.0-rc.0
3.12.4
3.12.3
3.12.2
3.12.1
3.12.0
3.11.16
3.11.15
3.11.14
3.11.13
3.11.12
3.11.11
3.11.10
3.11.9
3.11.8
3.11.7
3.11.6
3.11.5
3.11.4
3.11.3
3.11.2
3.11.1
3.11.0
3.10.8
3.10.7
3.10.6
3.10.5
3.10.4
3.10.3
3.10.2
3.10.1
3.10.0
3.9.6
3.9.5
3.9.4
3.9.3
3.9.2
3.9.1
3.9.0
3.8.0
3.7.9
3.7.8
3.7.6
3.7.5
3.7.4
3.7.3
3.7.2
3.7.1
3.7.0
3.6.1
3.6.0
3.5.3
3.5.2
3.5.1
3.5.0
3.3.1
3.3.0
3.2.2
3.2.1
3.2.0
3.1.0
3.0.3
Authentication extension for the Ash Framework.
Security advisory:
This version has known vulnerabilities.
View advisories
Current section
Files
Jump to
Current section
Files
documentation/dsls/DSL-AshAuthentication.Strategy.Apple.md
<!--
This file was generated by Spark. Do not edit it by hand.
-->
# AshAuthentication.Strategy.Apple
Strategy for authenticating using [Apple Sign In](https://developer.apple.com/sign-in-with-apple/)
This strategy builds on-top of `AshAuthentication.Strategy.Oidc` and
[`assent`](https://hex.pm/packages/assent).
In order to use Apple Sign In you need to provide the following minimum configuration:
- `client_id`
- `team_id`
- `private_key_id`
- `private_key_path`
- `redirect_uri`
## More documentation:
- The [Apple Sign In Documentation](https://developer.apple.com/documentation/sign_in_with_apple).
- The [OIDC documentation](`AshAuthentication.Strategy.Oidc`)
### authentication.strategies.apple
```elixir
apple name \\ :apple
```
Provides a pre-configured authentication strategy for [Apple Sign In](https://developer.apple.com/sign-in-with-apple/).
This strategy is built using the `:oidc` strategy, and thus provides all the same
configuration options should you need them.
#### More documentation:
- The [Apple Sign In Documentation](https://developer.apple.com/documentation/sign_in_with_apple).
- The [OIDC documentation](`AshAuthentication.Strategy.Oidc`)
###### Strategy defaults:
The following defaults are applied:
* `:base_url` is set to `"https://appleid.apple.com"`.
* `:openid_configuration` is set to `%{"authorization_endpoint" => "https://appleid.apple.com/auth/authorize", "issuer" => "https://appleid.apple.com", "jwks_uri" => "https://appleid.apple.com/auth/keys", "token_endpoint" => "https://appleid.apple.com/auth/token", "token_endpoint_auth_methods_supported" => ["client_secret_post"]}`.
* `:authorization_params` is set to `[scope: "email", response_mode: "form_post"]`.
* `:client_authentication_method` is set to `"client_secret_post"`.
* `:openid_default_scope` is set to `nil`.
### Arguments
| Name | Type | Default | Docs |
|------|------|---------|------|
| [`name`](#authentication-strategies-apple-name){: #authentication-strategies-apple-name .spark-required} | `atom` | | Uniquely identifies the strategy. |
### Options
| Name | Type | Default | Docs |
|------|------|---------|------|
| [`client_id`](#authentication-strategies-apple-client_id){: #authentication-strategies-apple-client_id .spark-required} | `(any, any -> any) \| module \| String.t` | | The OAuth2 client ID. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
| [`redirect_uri`](#authentication-strategies-apple-redirect_uri){: #authentication-strategies-apple-redirect_uri .spark-required} | `(any, any -> any) \| module \| String.t` | | The callback URI *base*. Not the whole URI back to the callback endpoint, but the URI to your `AuthPlug`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
| [`team_id`](#authentication-strategies-apple-team_id){: #authentication-strategies-apple-team_id .spark-required} | `(any, any -> any) \| module \| String.t` | | The Apple team ID associated with the application. |
| [`private_key_id`](#authentication-strategies-apple-private_key_id){: #authentication-strategies-apple-private_key_id .spark-required} | `(any, any -> any) \| module \| String.t` | | The private key ID used for signing the JWT token. |
| [`private_key_path`](#authentication-strategies-apple-private_key_path){: #authentication-strategies-apple-private_key_path .spark-required} | `(any, any -> any) \| module \| String.t` | | The path to the private key file used for signing the JWT token. |
| [`site`](#authentication-strategies-apple-site){: #authentication-strategies-apple-site } | `(any, any -> any) \| module \| String.t` | | Deprecated: Use `base_url` instead. |
| [`prevent_hijacking?`](#authentication-strategies-apple-prevent_hijacking?){: #authentication-strategies-apple-prevent_hijacking? } | `boolean` | `true` | Requires a confirmation add_on to be present if the password strategy is used with the same identity_field. |
| [`auth_method`](#authentication-strategies-apple-auth_method){: #authentication-strategies-apple-auth_method } | `nil \| :client_secret_basic \| :client_secret_post \| :client_secret_jwt \| :private_key_jwt` | `:client_secret_post` | The authentication strategy used, optional. If not set, no authentication will be used during the access token request. |
| [`client_secret`](#authentication-strategies-apple-client_secret){: #authentication-strategies-apple-client_secret } | `(any, any -> any) \| module \| String.t` | | The OAuth2 client secret. Required if :auth_method is `:client_secret_basic`, `:client_secret_post` or `:client_secret_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
| [`trusted_audiences`](#authentication-strategies-apple-trusted_audiences){: #authentication-strategies-apple-trusted_audiences } | `(any, any -> any) \| module \| list(any) \| nil` | | A list of audiences which are trusted. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
| [`private_key`](#authentication-strategies-apple-private_key){: #authentication-strategies-apple-private_key } | `(any, any -> any) \| module \| String.t` | | The private key to use if `:auth_method` is `:private_key_jwt`. Takes either a module which implements the `AshAuthentication.Secret` behaviour, a 2 arity anonymous function or a string. |
| [`code_verifier`](#authentication-strategies-apple-code_verifier){: #authentication-strategies-apple-code_verifier } | `boolean` | `false` | Boolean to generate and use a random 128 byte long url safe code verifier for PKCE flow, optional, defaults to false. When set to true the session params will contain :code_verifier, :code_challenge, and :code_challenge_method params |
| [`registration_enabled?`](#authentication-strategies-apple-registration_enabled?){: #authentication-strategies-apple-registration_enabled? } | `boolean` | `true` | If enabled, new users will be able to register for your site when authenticating and not already present. If not, only existing users will be able to authenticate. |
| [`register_action_name`](#authentication-strategies-apple-register_action_name){: #authentication-strategies-apple-register_action_name } | `atom` | | The name of the action to use to register a user, if `registration_enabled?` is `true`. Defaults to `register_with_<name>` See the "Registration and Sign-in" section of the strategy docs for more. |
| [`sign_in_action_name`](#authentication-strategies-apple-sign_in_action_name){: #authentication-strategies-apple-sign_in_action_name } | `atom` | | The name of the action to use to sign in an existing user, if `sign_in_enabled?` is `true`. Defaults to `sign_in_with_<strategy>`, which is generated for you by default. See the "Registration and Sign-in" section of the strategy docs for more information. |
| [`identity_resource`](#authentication-strategies-apple-identity_resource){: #authentication-strategies-apple-identity_resource } | `module \| false` | `false` | The resource used to store user identities, or `false` to disable. See the User Identities section of the strategy docs for more. |
| [`identity_relationship_name`](#authentication-strategies-apple-identity_relationship_name){: #authentication-strategies-apple-identity_relationship_name } | `atom` | `:identities` | Name of the relationship to the provider identities resource |
| [`identity_relationship_user_id_attribute`](#authentication-strategies-apple-identity_relationship_user_id_attribute){: #authentication-strategies-apple-identity_relationship_user_id_attribute } | `atom` | `:user_id` | The name of the destination (user_id) attribute on your provider identity resource. Only necessary if you've changed the `user_id_attribute_name` option of the provider identity. |
| [`openid_configuration_uri`](#authentication-strategies-apple-openid_configuration_uri){: #authentication-strategies-apple-openid_configuration_uri } | `String.t` | `"/.well-known/openid-configuration"` | The URI for the OpenID provider |
| [`id_token_signed_response_alg`](#authentication-strategies-apple-id_token_signed_response_alg){: #authentication-strategies-apple-id_token_signed_response_alg } | `"HS256" \| "HS384" \| "HS512" \| "RS256" \| "RS384" \| "RS512" \| "ES256" \| "ES384" \| "ES512" \| "PS256" \| "PS384" \| "PS512" \| "Ed25519" \| "Ed25519ph" \| "Ed448" \| "Ed448ph" \| "EdDSA"` | `"RS256"` | The `id_token_signed_response_alg` parameter sent by the Client during Registration. |
| [`id_token_ttl_seconds`](#authentication-strategies-apple-id_token_ttl_seconds){: #authentication-strategies-apple-id_token_ttl_seconds } | `nil \| pos_integer` | | The number of seconds from `iat` that an ID Token will be considered valid. |
| [`nonce`](#authentication-strategies-apple-nonce){: #authentication-strategies-apple-nonce } | `boolean \| (any, any -> any) \| module \| String.t` | `true` | A function for generating the session nonce, `true` to automatically generate it with `AshAuthentication.Strategy.Oidc.NonceGenerator`, or `false` to disable. |
### Introspection
Target: `AshAuthentication.Strategy.OAuth2`
<style type="text/css">.spark-required::after { content: "*"; color: red !important; }</style>