Change Log

All notable changes to this project will be documented in this file. See Conventional Commits for commit guidelines.

v4.0.1 (2024-06-11)

Bug Fixes:

no need to allow_nil_input for an unaccepted field
correctly generate sign-in tokens when requested.
ensure tenant is set when revoking tokens and on changeset for updating
broken links in readme (#692)
broken links
bug in tokens required verifier.

4.0.0 (2024-05-10)

Breaking Changes:

Sign in tokens are enabled by default for the password strategy.
Tokens are now enabled by default.

Bug Fixes:

Jwt: Include authentication interaction context when storing tokens.
Strategy.Password: Reset tokens are single use. (#625)
Confirmation: Only allow the confirmation token to be used once. (#623)

Improvements:

Only require tokens to be enabled when using a strategy which needs them.
OIDC: Adjust dsl of OIDC reflect assent requirements (#538)
Use Ash functions instead of generated domain functions.

v4.0.0-rc.7 (2024-05-10)

Bug Fixes:

Jwt: Include authentication interaction context when storing tokens.

Improvements:

Only require tokens to be enabled when using a strategy which needs them.

v4.0.0-rc.6 (2024-04-11)

Improvements:

OIDC: Adjust dsl of OIDC reflect assent requirements (#538)

v4.0.0-rc.5 (2024-04-10)

Breaking Changes:

Sign in tokens are enabled by default for the password strategy.
Tokens are now enabled by default.

Bug Fixes:

Strategy.Password: Reset tokens are single use. (#625)

v4.0.0-rc.4 (2024-04-09)

Improvements:

Use Ash functions instead of generated domain functions.

v4.0.0-rc.3 (2024-04-08)

Bug Fixes:

Confirmation: Only allow the confirmation token to be used once. (#623)

v4.0.0-rc.2 (2024-04-02)

Breaking Changes:

Update to support Ash 3.0. (#599)

Bug Fixes:

allow future versions of ash rc
Jwt: Ignore pre-release versions verifying token versions.

Improvements:

re-integrate ash_graphql and ash_json_api RCs.

v4.0.0-rc.1 (2024-04-01)

Improvements:

re-integrate ash_graphql and ash_json_api RCs.

v4.0.0-rc.0 (2024-03-28)

Breaking Changes:

Update to support Ash 3.0. (#599)

Bug Fixes:

Jwt: Ignore pre-release versions verifying token versions.

v3.12.4 (2024-03-11)

Improvements:

infer api from a resource

v3.12.3 (2024-02-20)

v3.12.2 (2024-01-30)

Bug Fixes:

deps: mark ash_postgres as optional

Improvements:

support atom keys for uid in addition to strings (#556)

v3.12.1 (2024-01-25)

Improvements:

support atom keys for uid in addition to strings (#556)

v3.12.0 (2023-11-21)

Features:

Add Google strategy (#474)
Add Google strategy

Bug Fixes:

include Google strategy cheat sheet
Add documentation grouping for Google strategy

Improvements:

Change redirect_uri secret to be more flexible (#473)

v3.11.16 (2023-10-25)

Bug Fixes:

Change overwriting of refresh_token to not overwrite them with nil (#483)

Improvements:

Add id as an option for sourcing uid for UserIdentity (#481)

v3.11.15 (2023-09-22)

Bug Fixes:

ensure we aren't calling Map.take on nil

v3.11.14 (2023-09-22)

Bug Fixes:

TokenResource: don't silently drop notifications about token removal. (#432)

v3.11.13 (2023-09-22)

Improvements:

Allow all token lifetimes to be specified with a time unit.

v3.11.12 (2023-09-21)

Bug Fixes:

include finch in the dependencies.
deprecated mint httpadapter (#425)

v3.11.11 (2023-09-21)

Bug Fixes:

include finch in the dependencies.
deprecated mint httpadapter (#425)

v3.11.10 (2023-09-18)

Bug Fixes:

only use sign in token expiration for sign in tokens (#424)

v3.11.9 (2023-09-17)

Bug Fixes:

support generating tokens for other strategies.

Improvements:

support generating sign in tokens on register (#421)
support generating sign in tokens on register

v3.11.8 (2023-08-16)

Bug Fixes:

correct spec for Jwt.token_for_user (#389)

v3.11.7 (2023-07-14)

Bug Fixes:

ensure that the current_ atom exists at compile time. (#359)

v3.11.6 (2023-06-23)

Bug Fixes:

fix Logger deprecations for elixir 1.15 (#343)

v3.11.5 (2023-06-18)

Bug Fixes:

ConfirmationHookChange: use Info.find_strategy/2..3 rather than a hard coded strategy name. (#336)

v3.11.4 (2023-06-15)

Bug Fixes:

primary keys are implicitly uniquely constrained. (#333)

v3.11.3 (2023-05-31)

Bug Fixes:

duplicate mime type for "json".

v3.11.2 (2023-05-28)

Bug Fixes:

Strategy.Password: Preparations should allow strategy to be passed in. (#314)

v3.11.1 (2023-05-04)

Bug Fixes:

correct oauth2 and getting started typos (#267)

v3.11.0 (2023-05-04)

Features:

OpenID Connect Strategy (#197)
AshAuthentication.Strategy.Oidc: Add OpenID Connect strategy.

v3.10.8 (2023-04-28)

Bug Fixes:

PasswordValidation should associate errors with the field being â�¦ (#279)

v3.10.7 (2023-04-28)

Improvements:

run CI on pull requests

v3.10.6 (2023-04-09)

Improvements:

require spark ~> 1.0 (#261)

v3.10.5 (2023-04-06)

Improvements:

add sign in tokens to password strategy (#252)
add sign in tokens to password strategy
convert sign_in_with_token into an action.

v3.10.4 (2023-04-03)

Improvements:

update spark (#254)
update spark

v3.10.3 (2023-04-03)

Improvements:

update spark (#254)
update spark

v3.10.2 (2023-03-06)

Bug Fixes:

respect identity_relationship_user_id_attribute on Strategy.OAuth2.IdentityChange (#213)

v3.10.1 (2023-03-06)

Bug Fixes:

fix failing JWT tests because of bad version regex.

v3.10.0 (2023-03-04)

Breaking Changes:

Configure accepted fields on register (#219)

v3.9.6 (2023-03-01)

Improvements:

allow registration and sign in to be disabled on password strategies. (#218)

v3.9.5 (2023-02-23)

Improvements:

support multiple otp apps w/resources (#209)

v3.9.4 (2023-02-22)

Improvements:

PasswordConfirmationValidation: allow strategy_name to be passed as an option. (#208)

v3.9.3 (2023-02-19)

Bug Fixes:

sign in preparation without identity resource (#198)

v3.9.2 (2023-02-12)

Bug Fixes:

Password.Transformer: don't force users to define a hashed_password argument to the register action. (#192)

v3.9.1 (2023-02-12)

Bug Fixes:

select hashed_password on sign in preparation
don't allow special purpose tokens to be used for sign in. (#191)

Improvements:

add select_for_senders (#189)
add select_for_senders
include metadata declaration on register action

v3.9.0 (2023-02-09)

Features:

Add new "magic link" authentication strategy. (#184)

Bug Fixes:

validate uniqueness of strategy names. (#185)
resources can appear in multiple apis, so we need to uniq them here (#169)
put_add_on/2 was putting into strategies

Improvements:

Strategy.Custom: handle custom strategies as extensions. (#183)
improve error message for badly formed token secrets (#181)
add metadata declarations to actions that have a token (#164)
validate signing secret is a string (#163)

v3.8.0 (2023-02-09)

Features:

Add new "magic link" authentication strategy. (#184)

Bug Fixes:

validate uniqueness of strategy names. (#185)
resources can appear in multiple apis, so we need to uniq them here (#169)
put_add_on/2 was putting into strategies

Improvements:

Strategy.Custom: handle custom strategies as extensions. (#183)
improve error message for badly formed token secrets (#181)
add metadata declarations to actions that have a token (#164)
validate signing secret is a string (#163)

v3.7.9 (2023-02-09)

Bug Fixes:

validate uniqueness of strategy names. (#185)
resources can appear in multiple apis, so we need to uniq them here (#169)
put_add_on/2 was putting into strategies

Improvements:

Strategy.Custom: handle custom strategies as extensions. (#183)
improve error message for badly formed token secrets (#181)
add metadata declarations to actions that have a token (#164)
validate signing secret is a string (#163)

v3.7.8 (2023-02-08)

Bug Fixes:

resources can appear in multiple apis, so we need to uniq them here (#169)
put_add_on/2 was putting into strategies

Improvements:

Strategy.Custom: handle custom strategies as extensions. (#183)
improve error message for badly formed token secrets (#181)
add metadata declarations to actions that have a token (#164)
validate signing secret is a string (#163)

v3.7.7 (2023-02-06)

Bug Fixes:

resources can appear in multiple apis, so we need to uniq them here (#169)
put_add_on/2 was putting into strategies

Improvements:

improve error message for badly formed token secrets (#181)
add metadata declarations to actions that have a token (#164)
validate signing secret is a string (#163)

v3.7.6 (2023-01-30)

Bug Fixes:

resources can appear in multiple apis, so we need to uniq them here (#169)
put_add_on/2 was putting into strategies

Improvements:

add metadata declarations to actions that have a token (#164)
validate signing secret is a string (#163)

v3.7.5 (2023-01-30)

Improvements:

add metadata declarations to actions that have a token (#164)
validate signing secret is a string (#163)

v3.7.4 (2023-01-30)

Improvements:

validate signing secret is a string (#163)

v3.7.3 (2023-01-18)

Bug Fixes:

Password: validate fields using both methods of allowing nil input. (#151)

v3.7.2 (2023-01-18)

Improvements:

AuthenticationFailed: store a caused_by value in authentication failures. (#145)

v3.7.1 (2023-01-18)

Improvements:

update ash & switch to new docs patterns (#146)

v3.7.0 (2023-01-18)

Features:

PasswordValidation: Add a validation which can check a password. (#144)

v3.6.1 (2023-01-15)

Bug Fixes:

don't call hash_provider.valid? on nil values (#135)
use configured hashed_password_field

Improvements:

set confirmed field to nil, for reconfirmation (#136)
set confirmed field to nil, for reconfirmation
only change confirmed_at_field if its not changing, and only on updates

v3.6.0 (2023-01-13)

Breaking Changes:

TokenResource: Store the token subject in the token resource. (#133)
TokenResource: Store the token subject in the token resource.

Bug Fixes:

don't call hash_provider.valid? on nil values (#135)
use configured hashed_password_field

v3.5.3 (2023-01-13)

Bug Fixes:

Confirmation: send the original changeset to confirmation senders. (#132)

v3.5.2 (2023-01-12)

Improvements:

add user context when creating tokens (#129)

v3.5.1 (2023-01-12)

Bug Fixes:

missing icons in OAuth2 strategies. (#126)

v3.5.0 (2023-01-12)

Breaking Changes:

GitHub: Add GitHub authentication strategy. (#125)

v3.4.2 (2023-01-12)

Bug Fixes:

improve some error message/validation logic

Improvements:

add policy utilities and accompanying guide (#119)
add policy utilities and accompanying guide
fix build/warnings/dialyzer/format

v3.4.1 (2023-01-12)

Bug Fixes:

Confirmation: correctly generate confirmation token subjects. (#124)

v3.4.0 (2023-01-11)

Features:

Add token-required-for-authentication feature. (#116)

v3.3.1 (2023-01-09)

Improvements:

Set Ash actor and tenant when executing internal plugs. (#115)

v3.3.0 (2023-01-09)

Features:

Make strategy names optional where possible. (#113)

v3.2.2 (2023-01-08)

Improvements:

Allow the strategy name to be passed for password validations and changes. (#102)

v3.2.1 (2022-12-16)

Improvements:

add icon field to OAuth2 strategy. (#100)

v3.2.0 (2022-12-16)

Features:

Auth0: Add a pre-configured Auth0 strategy. (#99)

v3.1.0 (2022-12-14)

Breaking Changes:

Jwt: Use token signing secret into the DSL.

Features:

Add option to store all tokens when they're created. (#91)

Improvements:

remove the need for a strategy in changeset/query contexts. (#89)
add transaction reason
try a simpler way of ensuring module is compiled

v3.0.4 (2022-12-08)

Improvements:

update to latest ash version

v3.0.3 (2022-12-07)

Bug Fixes:

break potential compiler dependency loops. (#64)

v3.0.2 (2022-12-05)

Improvements:

supervisor: require that the user adds the supervisor to their OTP app. (#62)

v3.0.1 (2022-12-05)

Improvements:

actions: All actions now take optional arguments for the underlying API call. (#61)

v3.0.0 (2022-12-04)

Breaking Changes:

TokenResource: Move TokenRevocation -> TokenResource.

Improvements:

Confirmation: Store confirmation changes in the token resource.

v2.0.1 (2022-11-24)

Improvements:

Confirmation: Confirmation is not a strategy. (#46)
Confirmation: Confirmation is not a strategy.
Confirmation: Support more than one confirmation entity.

v2.0.0 (2022-11-22)

Breaking Changes:

Major redesign of DSL and code structure. (#35)

v1.0.0 (2022-11-15)

Breaking Changes:

OAuth2Authentication: Make the site option runtime configurable. (#31)

v0.6.1 (2022-11-15)

Bug Fixes:

OAuth2Authentication: Return the failure reason even if it's not a changeset. (#29)

v0.6.0 (2022-11-10)

Features:

OAuth2Authentication: Add support for generic OAuth2 endpoints. (#28)

v0.5.0 (2022-11-04)

Features:

Confirmation: Add extension that allows a user to be confirmed when created or updated. (#27)

v0.4.3 (2022-11-03)

Improvements:

docs: Improve endpoint docs for PasswordAuthentication and PasswordReset.

v0.4.2 (2022-11-03)

Bug Fixes:

PasswordReset: Generate the reset token using the target action, not the source action. (#25)
PasswordReset: Generate the reset token using the target action, not the source action.

Improvements:

PasswordReset: rework PasswordReset to be a provider in it's own right - this means it has it's own routes, etc.

v0.4.1 (2022-11-03)

Improvements:

PasswordReset: A reset request is actually a query, not an update. (#23)

v0.4.0 (2022-11-02)

Features:

PasswordReset: allow users to request and reset their password. (#22)

v0.3.0 (2022-10-31)

Features:

Ash.PlugHelpers: Support standard actor configuration. (#16)
Ash.PlugHelpers: Support standard actor configuration.

Improvements:

docs: change all references to actor to user.

v0.2.1 (2022-10-26)

Bug Fixes:

deprecation warnings caused by use of Macro.expand_literal/2.

Improvements:

move subject_name uniqueness validation to compile time.
remove generated: true from macros.

v0.2.0 (2022-10-24)

Features:

PasswordAuthentication: Registration and authentication with local credentials (#4)

v0.1.0 (2022-09-27)