# Accountable

An Elixir package to deal with a lot of the account related boilerplate such as creating users, authenticating, authorizing and such. All so you can get to the juicy parts faster, hacking on your domain logic.

My goal is to keep `Accountable` as modular as possible, so that you can get up and running in no time, and piece by piece replacing parts with your own implementations as your application grows more complicated.

## Installation

Accountable can be installed by adding `accountable` to your list of dependencies in `mix.exs`:

def deps do
    {:accountable, "~> 0.1.0"}

Documentation can be generated with [ExDoc](
and published on [HexDocs]( Once published, the docs can
be found at [](

## Usage

### Quickstart guide

**Caveat:** For this to work (for now at least), you will need to have a `users` table in your database, with `email` and `password_hash` columns.

#### Config

First of all, you will need to tell Accountable what repo to use to fetch your users.

Since Accountable is using the fantastic [Guardian]( for authentication, you also need to provide a Guardian secret. Throw this into your config:

# config.ex
config :accountable, :ecto_repo, MyApp.Repo

config :accountable, Accountable.Guardian,
  issuer: "my-app",
  secret_key: "guardian-secret"

#### Router

Accountable comes with a router that handles some basic requests, and also a `Context` plug that will assign `current_user` for you. To enable all of it, just add these lines to your router:

# router.ex
forward "/authentication", Accountable.Router
plug Accountable.Context # Checks the access token header and puts current_user in your conn.assigns
plug Accountable.Context, absinthe: Absinthe.Plug # Puts current_user in your Absinthe context

The forward👆  will give you 2 endpoints.

- /authentication/authenticate
- /authentication/refresh
- /authentication/logout

`/authentication/authenticate` accepts a JSON payload with `email` and `password`. If authentication is successful it will set an access token in a http-only cookie and return 204. If authentication is unsuccessful it will return 401.

$ curl --request POST \
  --url http://localhost:4000/authentication/authenticate \
  --header 'content-type: application/json' \
  --data '{"email": "", "password": "my secret password"}'

`/authentication/refresh` checks the access token in cookies and either returns a fresh token in the http-cookie, or returns 401 and removes the access token from cookies for invalid or expired tokens.

`/authentication/logout` clears the access token from cookies.