Packages
ash_authentication
4.9.0
5.0.0-rc.12
5.0.0-rc.11
5.0.0-rc.10
5.0.0-rc.9
5.0.0-rc.8
5.0.0-rc.7
5.0.0-rc.6
5.0.0-rc.5
5.0.0-rc.4
5.0.0-rc.3
5.0.0-rc.2
5.0.0-rc.1
5.0.0-rc.0
4.14.1
4.14.0
4.13.7
4.13.6
4.13.5
4.13.4
4.13.3
4.13.2
retired
4.13.1
retired
4.13.0
4.12.0
4.11.0
4.10.0
4.9.9
4.9.8
4.9.7
4.9.6
4.9.5
4.9.4
4.9.3
4.9.2
4.9.1
4.9.0
4.8.7
4.8.6
4.8.5
4.8.3
4.8.2
4.8.1
4.8.0
4.7.6
4.7.5
4.7.4
4.7.3
4.7.2
4.7.1
4.7.0
4.6.4
4.6.3
4.6.2
4.6.1
4.6.0
4.5.6
4.5.5
4.5.4
4.5.3
4.5.2
4.5.1
4.5.0
4.4.9
4.4.8
4.4.7
4.4.6
4.4.5
4.4.4
4.4.3
4.4.2
4.4.1
4.4.0
4.3.12
4.3.11
4.3.10
4.3.9
4.3.8
4.3.7
4.3.6
4.3.5
4.3.4
4.3.3
4.3.2
4.3.1
4.3.0
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2.0
4.1.0
4.0.4
4.0.3
4.0.2
4.0.1
4.0.0
4.0.0-rc.6
4.0.0-rc.5
4.0.0-rc.3
4.0.0-rc.2
4.0.0-rc.1
4.0.0-rc.0
3.12.4
3.12.3
3.12.2
3.12.1
3.12.0
3.11.16
3.11.15
3.11.14
3.11.13
3.11.12
3.11.11
3.11.10
3.11.9
3.11.8
3.11.7
3.11.6
3.11.5
3.11.4
3.11.3
3.11.2
3.11.1
3.11.0
3.10.8
3.10.7
3.10.6
3.10.5
3.10.4
3.10.3
3.10.2
3.10.1
3.10.0
3.9.6
3.9.5
3.9.4
3.9.3
3.9.2
3.9.1
3.9.0
3.8.0
3.7.9
3.7.8
3.7.6
3.7.5
3.7.4
3.7.3
3.7.2
3.7.1
3.7.0
3.6.1
3.6.0
3.5.3
3.5.2
3.5.1
3.5.0
3.3.1
3.3.0
3.2.2
3.2.1
3.2.0
3.1.0
3.0.3
Authentication extension for the Ash Framework.
Security advisory:
This version has known vulnerabilities.
View advisories
Current section
Files
Jump to
Current section
Files
documentation/dsls/DSL-AshAuthentication.Strategy.ApiKey.md
<!--
This file was generated by Spark. Do not edit it by hand.
-->
# AshAuthentication.Strategy.ApiKey
Strategy for authenticating using an API key.
## Security Considerations
Responsibility for generating, securing, expiring and revoking lies on the implementor.
If you are using API keys, you *must* ensure that your policies and application are set
up to prevent misuse of these keys. For example:
```elixir
policy AshAuthentication.Checks.UsingApiKey do
authorize_if action([:a, :list, :of, :allowed, :action, :names])
end
```
To detect that a user is signed in with an API key, you can see if
`user.__metadata__[:using_api_key?]` is set. If they are signed
in, then `user.__metadata__[:api_key]` will be set to the API key that they
used, allowing you to write policies that depend on the permissions granted
by the API key.
### authentication.strategies.api_key
```elixir
api_key name \\ :api_key
```
Strategy for authenticating using api keys
### Options
| Name | Type | Default | Docs |
|------|------|---------|------|
| [`api_key_relationship`](#authentication-strategies-api_key-api_key_relationship){: #authentication-strategies-api_key-api_key_relationship .spark-required} | `atom` | | The relationship from the user to their *valid* API keys. |
| [`api_key_hash_attribute`](#authentication-strategies-api_key-api_key_hash_attribute){: #authentication-strategies-api_key-api_key_hash_attribute } | `atom` | `:api_key_hash` | The attribute on the API key resource that contains the API key's hash. |
| [`sign_in_action_name`](#authentication-strategies-api_key-sign_in_action_name){: #authentication-strategies-api_key-sign_in_action_name } | `atom` | | The name to use for the sign in action. Defaults to `sign_in_with_<strategy_name>` |
### Introspection
Target: `AshAuthentication.Strategy.ApiKey`
<style type="text/css">.spark-required::after { content: "*"; color: red !important; }</style>