AshAuthentication.Strategy.ApiKey

Strategy for authenticating using an API key.

Security Considerations

Responsibility for generating, securing, expiring and revoking lies on the implementor. If you are using API keys, you must ensure that your policies and application are set up to prevent misuse of these keys. For example:

policy AshAuthentication.Checks.UsingApiKey do
  authorize_if action([:a, :list, :of, :allowed, :action, :names])
end

To detect that a user is signed in with an API key, you can see if user.__metadata__[:using_api_key?] is set. If they are signed in, then user.__metadata__[:api_key] will be set to the API key that they used, allowing you to write policies that depend on the permissions granted by the API key.

authentication.strategies.api_key

api_key name \\ :api_key

Strategy for authenticating using api keys

Options

Name	Type	Default	Docs
`api_key_relationship`	`atom`		The relationship from the user to their valid API keys.
`api_key_hash_attribute`	`atom`	`:api_key_hash`	The attribute on the API key resource that contains the API key's hash.
`sign_in_action_name`	`atom`		The name to use for the sign in action. Defaults to `sign_in_with_<strategy_name>`

Introspection

Target: AshAuthentication.Strategy.ApiKey

← Previous Page AshAuthentication.AddOn.LogOutEverywhere

Next Page → AshAuthentication.Strategy.Apple