documentation/tutorials/password.md

# Password Authentication

## Add Bcrypt To your dependencies

This step is not strictly necessary, but in the next major version of `AshAuthentication`,
`Bcrypt` will be an optional dependency. This will make that upgrade slightly easier.

```elixir
{:bcrypt_elixir, "~> 3.0"}
```

## Add Attributes

Add an `email` (or `username`) and `hashed_password` attribute to your user resource.

```elixir
# lib/my_app/accounts/user.ex
attributes do
  ...
  attribute :email, :ci_string, allow_nil?: false, public?: true
  attribute :hashed_password, :string, allow_nil?: false, sensitive?: true
end
```

Ensure that the `email` (or username) is unique.

```elixir
# lib/my_app/accounts/user.ex
identities do
  identity :unique_email, [:email]
  # or
  identity :unique_username, [:username]
end
```

## Add the password strategy

Configure it to use the `:email` or `:username` as the identity field.

```elixir
# lib/my_app/accounts/user.ex
authentication do
  ...
  strategies do
    password :password do
      identity_field :email
      # or
      identity_field :username
    end
  end
end
```

Now we have enough in place to register and sign-in users using the
`AshAuthentication.Strategy` protocol.