Current section

Files

Jump to
ash_authentication lib ash_authentication strategies api_key.ex
Raw

lib/ash_authentication/strategies/api_key.ex

defmodule AshAuthentication.Strategy.ApiKey do
alias __MODULE__.Dsl
@moduledoc """
Strategy for authenticating using an API key.
## Security Considerations
Responsibility for generating, securing, expiring and revoking lies on the implementor.
If you are using API keys, you *must* ensure that your policies and application are set
up to prevent misuse of these keys. For example:
```elixir
policy AshAuthentication.Checks.UsingApiKey do
authorize_if action([:a, :list, :of, :allowed, :action, :names])
end
```
To detect that a user is signed in with an API key, you can see if
`user.__metadata__[:using_api_key?]` is set. If they are signed
in, then `user.__metadata__[:api_key]` will be set to the API key that they
used, allowing you to write policies that depend on the permissions granted
by the API key.
"""
defstruct name: nil,
resource: nil,
sign_in_action_name: nil,
api_key_hash_attribute: nil,
api_key_relationship: nil,
strategy_module: nil
alias AshAuthentication.Strategy.{ApiKey, ApiKey.Transformer, ApiKey.Verifier}
use AshAuthentication.Strategy.Custom, entity: ApiKey.Dsl.dsl()
@type t :: %ApiKey{
name: atom(),
resource: Ash.Resource.t(),
sign_in_action_name: atom(),
api_key_hash_attribute: atom(),
api_key_relationship: atom(),
strategy_module: module()
}
@doc false
defdelegate dsl(), to: Dsl
defdelegate transform(strategy, dsl_state), to: Transformer
defdelegate verify(strategy, dsl_state), to: Verifier
end