An Ash extension which generates the default user identities resource.
If you plan to support multiple different strategies at once (eg giving your users the choice of more than one authentication provider, or signing them into multiple services simultaneously) then you will want to create a resource with this extension enabled. It is used to keep track of the links between your local user records and their many remote identities.
The user identities resource is used to store information returned by remote authentication strategies (such as those provided by OAuth2) and maps them to your user resource(s). This provides the following benefits:
- A user can be signed in to multiple authentication strategies at once.
- For those providers that support it, AshAuthentication can handle automatic refreshing of tokens.
User identities are expected to be relatively long-lived (although they're
deleted on log out), so should probably be stored using a permanent data layer
sush as ash_postgres
.
There is no need to define any attributes, etc. The extension will generate them all for you. As there is no other use-case for this resource it's unlikely that you will need to customise it.
defmodule MyApp.Accounts.UserIdentity do
use Ash.Resource,
data_layer: AshPostgres.DataLayer,
extensions: [AshAuthentication.UserIdentity],
domain: MyApp.Accounts
user_identity do
user_resource MyApp.Accounts.User
end
postgres do
table "user_identities"
repo MyApp.Repo
end
end
If you intend to operate with multiple user resources, you will need to define multiple user identity resources.
Configure identity options for this resource
Name | Type | Default | Docs |
---|---|---|---|
user_resource {: #user_identity-user_resource .spark-required} |
module |
The user resource to which these identities belong. | |
domain {: #user_identity-domain } |
module |
The Ash domain to use to access this resource. | |
uid_attribute_name {: #user_identity-uid_attribute_name } |
atom |
:uid |
The name of the uid attribute on this resource. |
strategy_attribute_name {: #user_identity-strategy_attribute_name } |
atom |
:strategy |
The name of the strategy attribute on this resource. |
user_id_attribute_name {: #user_identity-user_id_attribute_name } |
atom |
:user_id |
The name of the user_id attribute on this resource. |
access_token_attribute_name {: #user_identity-access_token_attribute_name } |
atom |
:access_token |
The name of the access_token attribute on this resource. |
access_token_expires_at_attribute_name {: #user_identity-access_token_expires_at_attribute_name } |
atom |
:access_token_expires_at |
The name of the access_token_expires_at attribute on this resource. |
refresh_token_attribute_name {: #user_identity-refresh_token_attribute_name } |
atom |
:refresh_token |
The name of the refresh_token attribute on this resource. |
upsert_action_name {: #user_identity-upsert_action_name } |
atom |
:upsert |
The name of the action used to create and update records. |
destroy_action_name {: #user_identity-destroy_action_name } |
atom |
:destroy |
The name of the action used to destroy records. |
read_action_name {: #user_identity-read_action_name } |
atom |
:read |
The name of the action used to query identities. |
user_relationship_name {: #user_identity-user_relationship_name } |
atom |
:user |
The name of the belongs-to relationship between identities and users. |