CHANGELOG.md

# Change Log

All notable changes to this project will be documented in this file.
See [Conventional Commits](Https://conventionalcommits.org) for commit guidelines.

<!-- changelog -->

## [4.0.0](https://github.com/team-alembic/ash_authentication/compare/v4.0.0-rc.7...4.0.0) (2024-05-10)
### Breaking Changes:

* Sign in tokens are enabled by default for the password strategy.

* Tokens are now enabled by default.



### Bug Fixes:

* Jwt: Include authentication interaction context when storing tokens.

* Strategy.Password: Reset tokens are single use. (#625)

* Confirmation: Only allow the confirmation token to be used once. (#623)

### Improvements:

* Only require tokens to be enabled when using a strategy which needs them.

* OIDC: Adjust dsl of OIDC reflect assent requirements (#538)

* Use `Ash` functions instead of generated domain functions.

## [v4.0.0-rc.7](https://github.com/team-alembic/ash_authentication/compare/v4.0.0-rc.6...v4.0.0-rc.7) (2024-05-10)




### Bug Fixes:

* Jwt: Include authentication interaction context when storing tokens.

### Improvements:

* Only require tokens to be enabled when using a strategy which needs them.

## [v4.0.0-rc.6](https://github.com/team-alembic/ash_authentication/compare/v4.0.0-rc.5...v4.0.0-rc.6) (2024-04-11)




### Improvements:

* OIDC: Adjust dsl of OIDC reflect assent requirements (#538)

## [v4.0.0-rc.5](https://github.com/team-alembic/ash_authentication/compare/v4.0.0-rc.4...v4.0.0-rc.5) (2024-04-10)

### Breaking Changes:

- Sign in tokens are enabled by default for the password strategy.

- Tokens are now enabled by default.

### Bug Fixes:

- Strategy.Password: Reset tokens are single use. (#625)

## [v4.0.0-rc.4](https://github.com/team-alembic/ash_authentication/compare/v4.0.0-rc.3...v4.0.0-rc.4) (2024-04-09)

### Improvements:

- Use `Ash` functions instead of generated domain functions.

## [v4.0.0-rc.3](https://github.com/team-alembic/ash_authentication/compare/v4.0.0-rc.2...v4.0.0-rc.3) (2024-04-08)

### Bug Fixes:

- Confirmation: Only allow the confirmation token to be used once. (#623)

## [v4.0.0-rc.2](https://github.com/team-alembic/ash_authentication/compare/v4.0.0-rc.1...v4.0.0-rc.2) (2024-04-02)

### Breaking Changes:

- Update to support Ash 3.0. (#599)

### Bug Fixes:

- allow future versions of ash rc

- Jwt: Ignore pre-release versions verifying token versions.

### Improvements:

- re-integrate ash_graphql and ash_json_api RCs.

## [v4.0.0-rc.1](https://github.com/team-alembic/ash_authentication/compare/v4.0.0-rc.0...v4.0.0-rc.1) (2024-04-01)

### Improvements:

- re-integrate ash_graphql and ash_json_api RCs.

## [v4.0.0-rc.0](https://github.com/team-alembic/ash_authentication/compare/v3.12.4...v4.0.0-rc.0) (2024-03-28)

### Breaking Changes:

- Update to support Ash 3.0. (#599)

### Bug Fixes:

- Jwt: Ignore pre-release versions verifying token versions.

## [v3.12.4](https://github.com/team-alembic/ash_authentication/compare/v3.12.3...v3.12.4) (2024-03-11)

### Improvements:

- infer `api` from a resource

## [v3.12.3](https://github.com/team-alembic/ash_authentication/compare/v3.12.2...v3.12.3) (2024-02-20)

## [v3.12.2](https://github.com/team-alembic/ash_authentication/compare/v3.12.1...v3.12.2) (2024-01-30)

### Bug Fixes:

- deps: mark ash_postgres as optional

### Improvements:

- support atom keys for uid in addition to strings (#556)

## [v3.12.1](https://github.com/team-alembic/ash_authentication/compare/v3.12.0...v3.12.1) (2024-01-25)

### Improvements:

- support atom keys for uid in addition to strings (#556)

## [v3.12.0](https://github.com/team-alembic/ash_authentication/compare/v3.11.16...v3.12.0) (2023-11-21)

### Features:

- Add Google strategy (#474)

- Add Google strategy

### Bug Fixes:

- include Google strategy cheat sheet

- Add documentation grouping for Google strategy

### Improvements:

- Change redirect_uri secret to be more flexible (#473)

## [v3.11.16](https://github.com/team-alembic/ash_authentication/compare/v3.11.15...v3.11.16) (2023-10-25)

### Bug Fixes:

- Change overwriting of refresh_token to not overwrite them with nil (#483)

### Improvements:

- Add id as an option for sourcing uid for UserIdentity (#481)

## [v3.11.15](https://github.com/team-alembic/ash_authentication/compare/v3.11.14...v3.11.15) (2023-09-22)

### Bug Fixes:

- ensure we aren't calling `Map.take` on `nil`

## [v3.11.14](https://github.com/team-alembic/ash_authentication/compare/v3.11.13...v3.11.14) (2023-09-22)

### Bug Fixes:

- TokenResource: don't silently drop notifications about token removal. (#432)

## [v3.11.13](https://github.com/team-alembic/ash_authentication/compare/v3.11.12...v3.11.13) (2023-09-22)

### Improvements:

- Allow all token lifetimes to be specified with a time unit.

## [v3.11.12](https://github.com/team-alembic/ash_authentication/compare/v3.11.11...v3.11.12) (2023-09-21)

### Bug Fixes:

- include `finch` in the dependencies.

- deprecated mint httpadapter (#425)

## [v3.11.11](https://github.com/team-alembic/ash_authentication/compare/v3.11.10...v3.11.11) (2023-09-21)

### Bug Fixes:

- include `finch` in the dependencies.

- deprecated mint httpadapter (#425)

## [v3.11.10](https://github.com/team-alembic/ash_authentication/compare/v3.11.9...v3.11.10) (2023-09-18)

### Bug Fixes:

- only use sign in token expiration for sign in tokens (#424)

## [v3.11.9](https://github.com/team-alembic/ash_authentication/compare/v3.11.8...v3.11.9) (2023-09-17)

### Bug Fixes:

- support generating tokens for other strategies.

### Improvements:

- support generating sign in tokens on register (#421)

- support generating sign in tokens on register

## [v3.11.8](https://github.com/team-alembic/ash_authentication/compare/v3.11.7...v3.11.8) (2023-08-16)

### Bug Fixes:

- correct spec for `Jwt.token_for_user` (#389)

## [v3.11.7](https://github.com/team-alembic/ash_authentication/compare/v3.11.6...v3.11.7) (2023-07-14)

### Bug Fixes:

- ensure that the `current_` atom exists at compile time. (#359)

## [v3.11.6](https://github.com/team-alembic/ash_authentication/compare/v3.11.5...v3.11.6) (2023-06-23)

### Bug Fixes:

- fix Logger deprecations for elixir 1.15 (#343)

## [v3.11.5](https://github.com/team-alembic/ash_authentication/compare/v3.11.4...v3.11.5) (2023-06-18)

### Bug Fixes:

- ConfirmationHookChange: use `Info.find_strategy/2..3` rather than a hard coded strategy name. (#336)

## [v3.11.4](https://github.com/team-alembic/ash_authentication/compare/v3.11.3...v3.11.4) (2023-06-15)

### Bug Fixes:

- primary keys are implicitly uniquely constrained. (#333)

## [v3.11.3](https://github.com/team-alembic/ash_authentication/compare/v3.11.2...v3.11.3) (2023-05-31)

### Bug Fixes:

- duplicate mime type for "json".

## [v3.11.2](https://github.com/team-alembic/ash_authentication/compare/v3.11.1...v3.11.2) (2023-05-28)

### Bug Fixes:

- Strategy.Password: Preparations should allow strategy to be passed in. (#314)

## [v3.11.1](https://github.com/team-alembic/ash_authentication/compare/v3.11.0...v3.11.1) (2023-05-04)

### Bug Fixes:

- correct oauth2 and getting started typos (#267)

## [v3.11.0](https://github.com/team-alembic/ash_authentication/compare/v3.10.8...v3.11.0) (2023-05-04)

### Features:

- OpenID Connect Strategy (#197)

- AshAuthentication.Strategy.Oidc: Add OpenID Connect strategy.

## [v3.10.8](https://github.com/team-alembic/ash_authentication/compare/v3.10.7...v3.10.8) (2023-04-28)

### Bug Fixes:

- PasswordValidation should associate errors with the field being … (#279)

## [v3.10.7](https://github.com/team-alembic/ash_authentication/compare/v3.10.6...v3.10.7) (2023-04-28)

### Improvements:

- run CI on pull requests

## [v3.10.6](https://github.com/team-alembic/ash_authentication/compare/v3.10.5...v3.10.6) (2023-04-09)

### Improvements:

- require spark ~> 1.0 (#261)

## [v3.10.5](https://github.com/team-alembic/ash_authentication/compare/v3.10.4...v3.10.5) (2023-04-06)

### Improvements:

- add sign in tokens to password strategy (#252)

- add sign in tokens to password strategy

- convert `sign_in_with_token` into an action.

## [v3.10.4](https://github.com/team-alembic/ash_authentication/compare/v3.10.3...v3.10.4) (2023-04-03)

### Improvements:

- update spark (#254)

- update spark

## [v3.10.3](https://github.com/team-alembic/ash_authentication/compare/v3.10.2...v3.10.3) (2023-04-03)

### Improvements:

- update spark (#254)

- update spark

## [v3.10.2](https://github.com/team-alembic/ash_authentication/compare/v3.10.1...v3.10.2) (2023-03-06)

### Bug Fixes:

- respect `identity_relationship_user_id_attribute` on `Strategy.OAuth2.IdentityChange` (#213)

## [v3.10.1](https://github.com/team-alembic/ash_authentication/compare/v3.10.0...v3.10.1) (2023-03-06)

### Bug Fixes:

- fix failing JWT tests because of bad version regex.

## [v3.10.0](https://github.com/team-alembic/ash_authentication/compare/v3.9.6...v3.10.0) (2023-03-04)

### Breaking Changes:

- Configure accepted fields on register (#219)

## [v3.9.6](https://github.com/team-alembic/ash_authentication/compare/v3.9.5...v3.9.6) (2023-03-01)

### Improvements:

- allow registration and sign in to be disabled on password strategies. (#218)

## [v3.9.5](https://github.com/team-alembic/ash_authentication/compare/v3.9.4...v3.9.5) (2023-02-23)

### Improvements:

- support multiple otp apps w/resources (#209)

## [v3.9.4](https://github.com/team-alembic/ash_authentication/compare/v3.9.3...v3.9.4) (2023-02-22)

### Improvements:

- PasswordConfirmationValidation: allow `strategy_name` to be passed as an option. (#208)

## [v3.9.3](https://github.com/team-alembic/ash_authentication/compare/v3.9.2...v3.9.3) (2023-02-19)

### Bug Fixes:

- sign in preparation without identity resource (#198)

## [v3.9.2](https://github.com/team-alembic/ash_authentication/compare/v3.9.1...v3.9.2) (2023-02-12)

### Bug Fixes:

- Password.Transformer: don't force users to define a `hashed_password` argument to the register action. (#192)

## [v3.9.1](https://github.com/team-alembic/ash_authentication/compare/v3.9.0...v3.9.1) (2023-02-12)

### Bug Fixes:

- select `hashed_password` on sign in preparation

- don't allow special purpose tokens to be used for sign in. (#191)

### Improvements:

- add select_for_senders (#189)

- add select_for_senders

- include metadata declaration on register action

## [v3.9.0](https://github.com/team-alembic/ash_authentication/compare/v3.8.0...v3.9.0) (2023-02-09)

### Features:

- Add new "magic link" authentication strategy. (#184)

### Bug Fixes:

- validate uniqueness of strategy names. (#185)

- resources can appear in multiple apis, so we need to uniq them here (#169)

- put_add_on/2 was putting into strategies

### Improvements:

- Strategy.Custom: handle custom strategies as extensions. (#183)

- improve error message for badly formed token secrets (#181)

- add metadata declarations to actions that have a `token` (#164)

- validate signing secret is a string (#163)

## [v3.8.0](https://github.com/team-alembic/ash_authentication/compare/v3.7.9...v3.8.0) (2023-02-09)

### Features:

- Add new "magic link" authentication strategy. (#184)

### Bug Fixes:

- validate uniqueness of strategy names. (#185)

- resources can appear in multiple apis, so we need to uniq them here (#169)

- put_add_on/2 was putting into strategies

### Improvements:

- Strategy.Custom: handle custom strategies as extensions. (#183)

- improve error message for badly formed token secrets (#181)

- add metadata declarations to actions that have a `token` (#164)

- validate signing secret is a string (#163)

## [v3.7.9](https://github.com/team-alembic/ash_authentication/compare/v3.7.8...v3.7.9) (2023-02-09)

### Bug Fixes:

- validate uniqueness of strategy names. (#185)

- resources can appear in multiple apis, so we need to uniq them here (#169)

- put_add_on/2 was putting into strategies

### Improvements:

- Strategy.Custom: handle custom strategies as extensions. (#183)

- improve error message for badly formed token secrets (#181)

- add metadata declarations to actions that have a `token` (#164)

- validate signing secret is a string (#163)

## [v3.7.8](https://github.com/team-alembic/ash_authentication/compare/v3.7.7...v3.7.8) (2023-02-08)

### Bug Fixes:

- resources can appear in multiple apis, so we need to uniq them here (#169)

- put_add_on/2 was putting into strategies

### Improvements:

- Strategy.Custom: handle custom strategies as extensions. (#183)

- improve error message for badly formed token secrets (#181)

- add metadata declarations to actions that have a `token` (#164)

- validate signing secret is a string (#163)

## [v3.7.7](https://github.com/team-alembic/ash_authentication/compare/v3.7.6...v3.7.7) (2023-02-06)

### Bug Fixes:

- resources can appear in multiple apis, so we need to uniq them here (#169)

- put_add_on/2 was putting into strategies

### Improvements:

- improve error message for badly formed token secrets (#181)

- add metadata declarations to actions that have a `token` (#164)

- validate signing secret is a string (#163)

## [v3.7.6](https://github.com/team-alembic/ash_authentication/compare/v3.7.5...v3.7.6) (2023-01-30)

### Bug Fixes:

- resources can appear in multiple apis, so we need to uniq them here (#169)

- put_add_on/2 was putting into strategies

### Improvements:

- add metadata declarations to actions that have a `token` (#164)

- validate signing secret is a string (#163)

## [v3.7.5](https://github.com/team-alembic/ash_authentication/compare/v3.7.4...v3.7.5) (2023-01-30)

### Improvements:

- add metadata declarations to actions that have a `token` (#164)

- validate signing secret is a string (#163)

## [v3.7.4](https://github.com/team-alembic/ash_authentication/compare/v3.7.3...v3.7.4) (2023-01-30)

### Improvements:

- validate signing secret is a string (#163)

## [v3.7.3](https://github.com/team-alembic/ash_authentication/compare/v3.7.2...v3.7.3) (2023-01-18)

### Bug Fixes:

- Password: validate fields using both methods of allowing nil input. (#151)

## [v3.7.2](https://github.com/team-alembic/ash_authentication/compare/v3.7.1...v3.7.2) (2023-01-18)

### Improvements:

- AuthenticationFailed: store a `caused_by` value in authentication failures. (#145)

## [v3.7.1](https://github.com/team-alembic/ash_authentication/compare/v3.7.0...v3.7.1) (2023-01-18)

### Improvements:

- update ash & switch to new docs patterns (#146)

## [v3.7.0](https://github.com/team-alembic/ash_authentication/compare/v3.6.1...v3.7.0) (2023-01-18)

### Features:

- PasswordValidation: Add a validation which can check a password. (#144)

## [v3.6.1](https://github.com/team-alembic/ash_authentication/compare/v3.6.0...v3.6.1) (2023-01-15)

### Bug Fixes:

- don't call `hash_provider.valid?` on `nil` values (#135)

- use configured hashed_password_field

### Improvements:

- set confirmed field to `nil`, for reconfirmation (#136)

- set confirmed field to `nil`, for reconfirmation

- only change `confirmed_at_field` if its not changing, and only on updates

## [v3.6.0](https://github.com/team-alembic/ash_authentication/compare/v3.5.3...v3.6.0) (2023-01-13)

### Breaking Changes:

- TokenResource: Store the token subject in the token resource. (#133)

- TokenResource: Store the token subject in the token resource.

### Bug Fixes:

- don't call `hash_provider.valid?` on `nil` values (#135)

- use configured hashed_password_field

## [v3.5.3](https://github.com/team-alembic/ash_authentication/compare/v3.5.2...v3.5.3) (2023-01-13)

### Bug Fixes:

- Confirmation: send the original changeset to confirmation senders. (#132)

## [v3.5.2](https://github.com/team-alembic/ash_authentication/compare/v3.5.1...v3.5.2) (2023-01-12)

### Improvements:

- add user context when creating tokens (#129)

## [v3.5.1](https://github.com/team-alembic/ash_authentication/compare/v3.5.0...v3.5.1) (2023-01-12)

### Bug Fixes:

- missing icons in OAuth2 strategies. (#126)

## [v3.5.0](https://github.com/team-alembic/ash_authentication/compare/v3.4.2...v3.5.0) (2023-01-12)

### Breaking Changes:

- GitHub: Add GitHub authentication strategy. (#125)

## [v3.4.2](https://github.com/team-alembic/ash_authentication/compare/v3.4.1...v3.4.2) (2023-01-12)

### Bug Fixes:

- improve some error message/validation logic

### Improvements:

- add policy utilities and accompanying guide (#119)

- add policy utilities and accompanying guide

- fix build/warnings/dialyzer/format

## [v3.4.1](https://github.com/team-alembic/ash_authentication/compare/v3.4.0...v3.4.1) (2023-01-12)

### Bug Fixes:

- Confirmation: correctly generate confirmation token subjects. (#124)

## [v3.4.0](https://github.com/team-alembic/ash_authentication/compare/v3.3.1...v3.4.0) (2023-01-11)

### Features:

- Add token-required-for-authentication feature. (#116)

## [v3.3.1](https://github.com/team-alembic/ash_authentication/compare/v3.3.0...v3.3.1) (2023-01-09)

### Improvements:

- Set Ash actor and tenant when executing internal plugs. (#115)

## [v3.3.0](https://github.com/team-alembic/ash_authentication/compare/v3.2.2...v3.3.0) (2023-01-09)

### Features:

- Make strategy names optional where possible. (#113)

## [v3.2.2](https://github.com/team-alembic/ash_authentication/compare/v3.2.1...v3.2.2) (2023-01-08)

### Improvements:

- Allow the strategy name to be passed for password validations and changes. (#102)

## [v3.2.1](https://github.com/team-alembic/ash_authentication/compare/v3.2.0...v3.2.1) (2022-12-16)

### Improvements:

- add `icon` field to OAuth2 strategy. (#100)

## [v3.2.0](https://github.com/team-alembic/ash_authentication/compare/v3.1.0...v3.2.0) (2022-12-16)

### Features:

- Auth0: Add a pre-configured Auth0 strategy. (#99)

## [v3.1.0](https://github.com/team-alembic/ash_authentication/compare/v3.0.4...v3.1.0) (2022-12-14)

### Breaking Changes:

- Jwt: Use token signing secret into the DSL.

### Features:

- Add option to store all tokens when they're created. (#91)

### Improvements:

- remove the need for a strategy in changeset/query contexts. (#89)

- add transaction reason

- try a simpler way of ensuring module is compiled

## [v3.0.4](https://github.com/team-alembic/ash_authentication/compare/v3.0.3...v3.0.4) (2022-12-08)

### Improvements:

- update to latest ash version

## [v3.0.3](https://github.com/team-alembic/ash_authentication/compare/v3.0.2...v3.0.3) (2022-12-07)

### Bug Fixes:

- break potential compiler dependency loops. (#64)

## [v3.0.2](https://github.com/team-alembic/ash_authentication/compare/v3.0.1...v3.0.2) (2022-12-05)

### Improvements:

- supervisor: require that the user adds the supervisor to their OTP app. (#62)

## [v3.0.1](https://github.com/team-alembic/ash_authentication/compare/v3.0.0...v3.0.1) (2022-12-05)

### Improvements:

- actions: All actions now take optional arguments for the underlying API call. (#61)

## [v3.0.0](https://github.com/team-alembic/ash_authentication/compare/v2.0.1...v3.0.0) (2022-12-04)

### Breaking Changes:

- TokenResource: Move `TokenRevocation` -> `TokenResource`.

### Improvements:

- Confirmation: Store confirmation changes in the token resource.

## [v2.0.1](https://github.com/team-alembic/ash_authentication/compare/v2.0.0...v2.0.1) (2022-11-24)

### Improvements:

- Confirmation: Confirmation is not a strategy. (#46)

- Confirmation: Confirmation is not a strategy.

- Confirmation: Support more than one confirmation entity.

## [v2.0.0](https://github.com/team-alembic/ash_authentication/compare/v1.0.0...v2.0.0) (2022-11-22)

### Breaking Changes:

- Major redesign of DSL and code structure. (#35)

## [v1.0.0](https://github.com/team-alembic/ash_authentication/compare/v0.6.1...v1.0.0) (2022-11-15)

### Breaking Changes:

- OAuth2Authentication: Make the `site` option runtime configurable. (#31)

## [v0.6.1](https://github.com/team-alembic/ash_authentication/compare/v0.6.0...v0.6.1) (2022-11-15)

### Bug Fixes:

- OAuth2Authentication: Return the failure reason even if it's not a changeset. (#29)

## [v0.6.0](https://github.com/team-alembic/ash_authentication/compare/v0.5.0...v0.6.0) (2022-11-10)

### Features:

- OAuth2Authentication: Add support for generic OAuth2 endpoints. (#28)

## [v0.5.0](https://github.com/team-alembic/ash_authentication/compare/v0.4.3...v0.5.0) (2022-11-04)

### Features:

- Confirmation: Add extension that allows a user to be confirmed when created or updated. (#27)

## [v0.4.3](https://github.com/team-alembic/ash_authentication/compare/v0.4.2...v0.4.3) (2022-11-03)

### Improvements:

- docs: Improve endpoint docs for PasswordAuthentication and PasswordReset.

## [v0.4.2](https://github.com/team-alembic/ash_authentication/compare/v0.4.1...v0.4.2) (2022-11-03)

### Bug Fixes:

- PasswordReset: Generate the reset token using the target action, not the source action. (#25)

- PasswordReset: Generate the reset token using the target action, not the source action.

### Improvements:

- PasswordReset: rework PasswordReset to be a provider in it's own right - this means it has it's own routes, etc.

## [v0.4.1](https://github.com/team-alembic/ash_authentication/compare/v0.4.0...v0.4.1) (2022-11-03)

### Improvements:

- PasswordReset: A reset request is actually a query, not an update. (#23)

## [v0.4.0](https://github.com/team-alembic/ash_authentication/compare/v0.3.0...v0.4.0) (2022-11-02)

### Features:

- PasswordReset: allow users to request and reset their password. (#22)

## [v0.3.0](https://github.com/team-alembic/ash_authentication/compare/v0.2.1...v0.3.0) (2022-10-31)

### Features:

- Ash.PlugHelpers: Support standard actor configuration. (#16)

- Ash.PlugHelpers: Support standard actor configuration.

### Improvements:

- docs: change all references to `actor` to `user`.

## [v0.2.1](https://github.com/team-alembic/ash_authentication/compare/v0.2.0...v0.2.1) (2022-10-26)

### Bug Fixes:

- deprecation warnings caused by use of `Macro.expand_literal/2`.

### Improvements:

- move subject_name uniqueness validation to compile time.

- remove `generated: true` from macros.

## [v0.2.0](https://github.com/team-alembic/ash_authentication/compare/v0.1.0...v0.2.0) (2022-10-24)

### Features:

- PasswordAuthentication: Registration and authentication with local credentials (#4)

## [v0.1.0](https://github.com/team-alembic/ash_authentication/compare/v0.1.0...v0.1.0) (2022-09-27)