mbuhot

mbuhot

Ash Authentication - User Invitation Flow

Hi :wave:

I’d like to add a user invitation flow to an application currently using AshAuthentication with the password strategy.

The flow would work something like:

  • An existing Admin user will create the initial User resource
  • AshAuthentication generates a token with ~48h expiry
  • Invitation email is sent to new user including token in a URL
  • User clicks and lands on a page allowing them to set their password
  • Once password set, user is authenticated and redirected to a page in the app

Is this something I can achieve with the password strategy? It’s fairly similar to triggering a password-reset, but has a few differences in the email content, token expiry and UI.

Any suggestions much appreciated, thanks!

Most Liked

jimsynz

jimsynz

Ash Core Team

I’d suggest looking at the way that the password strategy handles the reset flow - it should be relatively simple to duplicate and modify it to support invites.

My only question is whether this should be a different strategy entirely - ie separate from the password strategy. It seems to me that you may want to invite users to sign up with other strategies also. My gut feeling is that you can use the token resource to store invites (you can store arbitrary data in the extra_data field) that way you can rely on the existing expiration and expunge logic. Perhaps there should also be a setting that disables registration without the invite token?

mbuhot

mbuhot

We ended up using a short-term solution where the password reset flow was adapted to implement an invitation.

Some code details that may be helpful for anyone looking to do the same...

Action on the User resource to generate a token and send invitation:

    update :send_invitation_email do
      require_atomic? false

      change after_action(fn _changeset, user, _ctx ->
               # Generate a password reset token
               {:ok, strategy} = AshAuthentication.Info.strategy(__MODULE__, :password)

               {:ok, token} =
                 AshAuthentication.Strategy.Password.reset_token_for(strategy, user)

               # Send token in Invitation email
               {:ok, email_result} =
                 MyApp.Notifications.UserInvitationEmail.send(
                   recipients: user,
                   token: token
                 )

               {:ok, user}
             end)
    end

Email links to a custom UI presenting a “Set Your Password” message in place of the usual “Reset Password”

I had to work around having multiple password reset routes in the same scope by inlining the reset_route macro:

  scope "/", MyAppWeb do
    pipe_through([:browser, :browser_ash_authentication])

    reset_route(
      live_view: MyAppWeb.PasswordResetLive,
      overrides: [MyAppWeb.AuthOverrides, AshAuthentication.Phoenix.Overrides.Default]
    )

    # Can't have multiple reset_route - inlining macro here to approximate it.
    scope "/accept-invitation", alias: false do
      live_session :accept_invitation,
        session: %{
          "overrides" => [MyAppWeb.AuthOverrides, AshAuthentication.Phoenix.Overrides.Default],
          "otp_app" => nil
        } do
        live("/:token", MyAppWeb.AcceptInviteLive, :accept_invitation, as: :auth)
      end
    end

    ... more routes
  end

The custom UI eventually calls the reset action with:

result =
  MyApp.User
  |> AshAuthentication.Info.strategy!(:password)
  |> AshAuthentication.Strategy.action(:reset, %{
    "reset_token" => token,
    "password" => password,
    "password_confirmation" => password_confirmation
  })
jimsynz

jimsynz

Ash Core Team

What about non-password strategies? ie allowing someone to accept an invite and then sign in with github for example.

Where Next?

Popular in Questions Top

earth10
Hi, I’m just starting to build a side-project with Elixir and Phoenix and doing some basic test with Elixir alone. What strikes me is th...
New
LegitStack
I’m trying to make a websocket server in Phoenix or raw Elixir. I heard about gun, I think I could use cowboy, but since I’m not that sma...
New
Qqwy
Original source of discussion: This topic on the Pragmatic Programmers' Functional Web Development with Elixir, OTP, and Phoenix forum. ...
New
hariharasudhan94
lets say i have a sample like a = 20; b = 10; if (a > b) do {:ok, "a"} end if (a < b) do {:ok, b} end if (a == b) do {:ok, "eq...
New
jay1
Why is it that the mnesia database isn’t the most preferred database for use in Elixir/Phoenix?
New
SoCreat
i’m a new one to elixir which editor can i use vs code? or atom? Thanks! :smiley:
New
dblack
I’ve got an issue with an app and I’ve no idea of how to troubleshoot it. I’m hoping someone here might have seen something similar. I p...
New
nsuchy
Hi. I’ve noticed that Windows Powershell has it’s own IEX command and you cannot access Elixir’s IEX due to the conflict. This isn’t a cr...
New
hariharasudhan94
I would like to know what is the best IDE for elixir development?
New
svb
Hi! Currently I want to submit a form by pressing the Enter key. However, since my input field is of type “textarea” this is just adds a...
New

Other popular topics Top

marius95
Hello everyone, I try to use an Javascript Event Handler in my root.html.leex file. Therefore I created a function in the app.js file: ...
New
greenz1
I have a phoenix application from which a user can download multiple(5-6) files of size 1MB. I couldn’t find anything related to sending ...
New
AstonJ
Posting this to see if we can make things easier for people to get into Neovim. If you use Neovim and have a favourite distro please let ...
New
gshaw
What is the idiomatic way of matching for not nil in Elixir? E.g., First way: defp halt_if_not_signed_in(conn, signed_in_account) when...
New
dokuzbir
I want to highlight html closing tags when i click a html tag. That works in .html files but doesnt work for html.eex templates. How can...
New
ovidiubadita
Hey all, I discovered Elixir and I love it. I always wanted to learn a functional programming and I intended to go for Haskell, but afte...
New
nsuchy
Hi. I’ve noticed that Windows Powershell has it’s own IEX command and you cannot access Elixir’s IEX due to the conflict. This isn’t a cr...
New
shijith.k
I am trying to start a new phoenix project with elixir 1.9, but mix phx.new does not work. It says that ** (Mix) The task "phx.new" could...
New
marick
I had some trouble figuring out how to make many-to-many associations work. Once I got it working, I wrote a blog post. Because I'm a nov...
New
sergio
Kind of like when jquery came out, it was super necessary. Existing drag and drop libraries have a bunch of baggage to support old browse...
New

We're in Beta

About us Mission Statement