feat(PasswordAuthentication): Registration and authentication with local credentials #4
Conversation
|
This is 🔥 🔥 🔥 |
jimsynz
force-pushed
the
feat/identity
branch
from
cecc56f
to
b923ff5
Compare
jimsynz
changed the title
| name: :authentication, | ||
| describe: "Configure authentication for this resource", | ||
| schema: [ | ||
| subject_name: [ |
There was a problem hiding this comment.
Is subject_name really generic to all authentication? i.e some tokens might not use "subjects". I guess some kind of identifier is though.
There was a problem hiding this comment.
Yeah, I couldn't think of a more generic term for the concept. Happy to take suggestions :)
jimsynz
force-pushed
the
feat/identity
branch
from
b923ff5
to
581f9ef
Compare
| @@ -27,6 +27,8 @@ defmodule AshAuthentication.Plug do | |||
| |> Keyword.fetch!(:otp_app) | |||
| |> Macro.expand_literal(__ENV__) | |||
|
|
|||
| AshAuthentication.Validations.validate_unique_subject_names(otp_app) | |||
There was a problem hiding this comment.
Unfortunately, doing this at compile time is a harder task than it would seem. This won't necessarily get all resources because of the registry/api split. The split between registries and APIs was necessary in order to prevent massive compile time blockages/deadlocks, but it also makes validations based on enumerating resources like this, sadly undeterministic. Partial recompiles can result in this module not recompiling and therefore it can be out of date. Other things solve for this by requiring the registry be explicitly stated, and using Registry.Info.entries/1: https://github.com/ash-project/ash_graphql/blob/main/documentation/tutorials/getting-started-with-graphql.md#add-ashgraphql-to-your-schema
Also happy to see some experimentation here around using things like Api.Info.registry(api) |> Code.ensure_compiled!() or Api.Info.registry(api).spark_dsl_config() to see if that causes the proper compile time dependency (from this module to the registry of all configured api module). If that works then I'd prefer to take that approach elsewhere also.
jimsynz
force-pushed
the
feat/identity
branch
3 times, most recently
from
f8a14ce
to
52fcf7d
Compare
This is missing a bunch of features that you probably want to use (eg confirmation, password resets), but it's a pretty good place to put a stake in the sand and say it works.
Co-authored-by: Mike Buhot <[email protected]>
…same type as the attribute.
This should help when we're passed the session as just a map, for example in LiveView.
if there is one.
…attributes through.
jimsynz
force-pushed
the
feat/identity
branch
2 times, most recently
from
a4e7f73
to
6ac1c6a
Compare
jimsynz
force-pushed
the
feat/identity
branch
from
6ac1c6a
to
f50ccd5
Compare
jimsynz
changed the title
This is missing a bunch of features that you probably want to use (eg confirmation, password resets), but it's a pretty good place to put a stake in the sand and say it works.