Strategy for authenticating using Google
This strategy builds on-top of AshAuthentication.Strategy.OAuth2 and
assent.
In order to use Google you need to provide the following minimum configuration:
client_idredirect_uriclient_secretsite
- The Google OAuth 2.0 Overview.
- The Google Tutorial
- The OAuth2 documentation
google name \\ :googleProvides a pre-configured authentication strategy for Google.
This strategy is built using the :oauth2 strategy, and thus provides all the same
configuration options should you need them.
- The Google OAuth 2.0 Overview.
- The Google Tutorial
- The OAuth2 documentation
The following defaults are applied:
:base_urlis set to"https://www.googleapis.com".:authorize_urlis set to"https://accounts.google.com/o/oauth2/v2/auth".:token_urlis set to"/oauth2/v4/token".:user_urlis set to"/oauth2/v3/userinfo".:authorization_paramsis set to[scope: "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"].:auth_methodis set to:client_secret_post.
| Name | Type | Default | Docs |
|---|---|---|---|
name{: #authentication-strategies-google-name .spark-required} |
atom |
Uniquely identifies the strategy. |
| Name | Type | Default | Docs |
|---|---|---|---|
client_id{: #authentication-strategies-google-client_id .spark-required} |
(any, any -> any) | module | String.t |
The OAuth2 client ID. Takes either a module which implements the AshAuthentication.Secret behaviour, a 2 arity anonymous function or a string. |
|
redirect_uri{: #authentication-strategies-google-redirect_uri .spark-required} |
(any, any -> any) | module | String.t |
The callback URI base. Not the whole URI back to the callback endpoint, but the URI to your AuthPlug. Takes either a module which implements the AshAuthentication.Secret behaviour, a 2 arity anonymous function or a string. |
|
base_url{: #authentication-strategies-google-base_url } |
(any, any -> any) | module | String.t |
"https://www.googleapis.com" |
The base URL of the OAuth2 server - including the leading protocol (ie https://). Takes either a module which implements the AshAuthentication.Secret behaviour, a 2 arity anonymous function or a string. |
site{: #authentication-strategies-google-site } |
(any, any -> any) | module | String.t |
Deprecated: Use base_url instead. |
|
prevent_hijacking?{: #authentication-strategies-google-prevent_hijacking? } |
boolean |
true |
Requires a confirmation add_on to be present if the password strategy is used with the same identity_field. |
auth_method{: #authentication-strategies-google-auth_method } |
nil | :client_secret_basic | :client_secret_post | :client_secret_jwt | :private_key_jwt |
:client_secret_post |
The authentication strategy used, optional. If not set, no authentication will be used during the access token request. |
client_secret{: #authentication-strategies-google-client_secret } |
(any, any -> any) | module | String.t |
The OAuth2 client secret. Required if :auth_method is :client_secret_basic, :client_secret_post or :client_secret_jwt. Takes either a module which implements the AshAuthentication.Secret behaviour, a 2 arity anonymous function or a string. |
|
authorize_url{: #authentication-strategies-google-authorize_url } |
(any, any -> any) | module | String.t |
"https://accounts.google.com/o/oauth2/v2/auth" |
The API url to the OAuth2 authorize endpoint, relative to site, e.g authorize_url fn _, _ -> {:ok, "https://exampe.com/authorize"} end. Takes either a module which implements the AshAuthentication.Secret behaviour, a 2 arity anonymous function or a string. |
token_url{: #authentication-strategies-google-token_url } |
(any, any -> any) | module | String.t |
"/oauth2/v4/token" |
The API url to access the token endpoint, relative to site, e.g token_url fn _, _ -> {:ok, "https://example.com/oauth_token"} end. Takes either a module which implements the AshAuthentication.Secret behaviour, a 2 arity anonymous function or a string. |
trusted_audiences{: #authentication-strategies-google-trusted_audiences } |
(any, any -> any) | module | list(any) | nil |
A list of audiences which are trusted. Takes either a module which implements the AshAuthentication.Secret behaviour, a 2 arity anonymous function or a string. |
|
user_url{: #authentication-strategies-google-user_url } |
(any, any -> any) | module | String.t |
"/oauth2/v3/userinfo" |
The API url to access the user endpoint, relative to site, e.g user_url fn _, _ -> {:ok, "https://example.com/userinfo"} end. Takes either a module which implements the AshAuthentication.Secret behaviour, a 2 arity anonymous function or a string. |
private_key{: #authentication-strategies-google-private_key } |
(any, any -> any) | module | String.t |
The private key to use if :auth_method is :private_key_jwt. Takes either a module which implements the AshAuthentication.Secret behaviour, a 2 arity anonymous function or a string. |
|
authorization_params{: #authentication-strategies-google-authorization_params } |
keyword |
[scope: "https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile"] |
Any additional parameters to encode in the request phase. eg: authorization_params scope: "openid profile email" |
registration_enabled?{: #authentication-strategies-google-registration_enabled? } |
boolean |
true |
If enabled, new users will be able to register for your site when authenticating and not already present. If not, only existing users will be able to authenticate. |
register_action_name{: #authentication-strategies-google-register_action_name } |
atom |
The name of the action to use to register a user, if registration_enabled? is true. Defaults to register_with_<name> See the "Registration and Sign-in" section of the strategy docs for more. |
|
sign_in_action_name{: #authentication-strategies-google-sign_in_action_name } |
atom |
The name of the action to use to sign in an existing user, if sign_in_enabled? is true. Defaults to sign_in_with_<strategy>, which is generated for you by default. See the "Registration and Sign-in" section of the strategy docs for more information. |
|
identity_resource{: #authentication-strategies-google-identity_resource } |
module | false |
false |
The resource used to store user identities, or false to disable. See the User Identities section of the strategy docs for more. |
identity_relationship_name{: #authentication-strategies-google-identity_relationship_name } |
atom |
:identities |
Name of the relationship to the provider identities resource |
identity_relationship_user_id_attribute{: #authentication-strategies-google-identity_relationship_user_id_attribute } |
atom |
:user_id |
The name of the destination (user_id) attribute on your provider identity resource. Only necessary if you've changed the user_id_attribute_name option of the provider identity. |
Target: AshAuthentication.Strategy.OAuth2