Ash Authentication - an extension which provides a drop-in authentication solution for users of the Ash framework

Alembic is pleased to announce the public availability of ash_authentication - an Ash extension which provides a drop-in authentication solution for users of Ash framework. Out of the box it provides password-based authentication (including resets and confirmation), OAuth 2.0 sign in and a set of customisable components for Phoenix LiveView.

If you’re sick of reinventing the wheel instead of adding value to your applications, then come join us on the Ash productivity journey by reading the full announcement, following the Getting Started Guide or engaging us to build your next Elixir, Phoenix or Ash application.


Do you have an estimate of when Ash Authentication will leave beta?

I’m asking since there is this note in the project’s README:

This is beta software. Please don’t use it without talking to us!

1 Like

Hey! So I’ll remove the beta warning from the readme. We don’t see it as beta anymore, but just want people to apply a healthy amount of caution since the package is relatively young and implements a very critical set of flows.

EDIT: beta warning removed, replaced with another warning about taking care when configuring the package, and encouragement to test your implementation.


Hi guys, quick question, I created a json api using ETS data layer but not sure how to serialize the response, actual object contains lot of information that I do not want to expose, I just need id, name, etc. Could find this out on documentation, any help?

Generally speaking, the way that you hide attributes like that is by marking them as private. For example:

attributes do
  attribute :name, :string
  attribute :sensitive_thing, :string do
    private? true # use this to hide from external interfaces to the resource
    sensitive? true # scrub from logs

Just keep in mind that private attributes are also not meant to be writable and so are not accepted by actions by default. So if you want a create action that sets those attributes for internal use, you might do something like this:

create :create do
  argument :sensitive_thing, :string # make an argument with the same name (or a different name, doesn't matter)
  change set_attribute(:sensitive_thing, arg(:sensitive_thing)) # use the builtin `change` to set a private attribute

Thanks for the quick reply!! What I mean is this returned structure:

I would like to just return {id, subject, status}. Also the way body is passed would like to simplify like just subject and status. Couldn´t figure it out on doc.

Ah, so ash_json_api is built to create JSON:API specification compliant APIs:

If you want to create a simple API like that, you’d need to roll your own. Thankfully, a simple phoenix controller (or plug) calling your resource actions should get you what you need. We’re investigating a simple_json_api extension (maybe with a better name for it) that will do similar work to ash_json_api but for simpler structures.

So at this point, you can’t do what you want with ash_json_api, but you can still use your resources, which might look something like this:

defmodule ...TicketsController do
  def index(conn, params) do
    json = 
      |>, [:status, :subject, :id]))

    |> put_status(:ok)
    |> json(json)