AshAuthentication.Strategy.ApiKey (ash_authentication v4.8.6)

View Source

Strategy for authenticating using an API key.

Security Considerations

Responsibility for generating, securing, expiring and revoking lies on the implementor. If you are using API keys, you must ensure that your policies and application are set up to prevent misuse of these keys. For example:

policy AshAuthentication.Checks.UsingApiKey do
  authorize_if action([:a, :list, :of, :allowed, :action, :names])
end

To detect that a user is signed in with an API key, you can see if user.__metadata__[:using_api_key?] is set. If they are signed in, then user.__metadata__[:api_key] will be set to the API key that they used, allowing you to write policies that depend on the permissions granted by the API key.

Summary

Types

t()

Functions

transform(entity, dsl_state)

Callback implementation for AshAuthentication.Strategy.Custom.transform/2.

verify(strategy, dsl_state)

Callback implementation for AshAuthentication.Strategy.Custom.verify/2.

Types

t()

@type t() :: %AshAuthentication.Strategy.ApiKey{
  api_key_hash_attribute: atom(),
  api_key_relationship: atom(),
  name: atom(),
  resource: Ash.Resource.t(),
  sign_in_action_name: atom()
}

Functions

transform(entity, dsl_state)

Callback implementation for AshAuthentication.Strategy.Custom.transform/2.

verify(strategy, dsl_state)

Callback implementation for AshAuthentication.Strategy.Custom.verify/2.