danschultzer

danschultzer

Pow Core Team

Assent: Multi-provider framework for Elixir

I’ve moved the strategies out of PowAssent and created a multi-provider framework for Elixir. This way the strategies can be used in any context, and not be limited to Pow, Phoenix, Plug, etc.

Please don’t hesitate with feedback or PR’s!

Github: GitHub - pow-auth/assent: Multi-provider framework in Elixir · GitHub
Hex: assent | Hex

Features

  • OAuth 1.0, OAuth 2.0, and OIDC protocol support
  • Many out-of-the-box providers including Apple Sign In
  • Conforms userinfo to OpenID Connect Core 1.0 Standard Claims
  • Add your custom strategy in no time
  • Support for client_secret_jwt and private_key_jwt authentication in OAuth 2.0 and OIDC
  • Nearly no dependency requirements
  • Self-contained - the strategies consists of very little code and are easy to manage

Few dependencies

As with PowAssent, there are near zero dependency requirements for Assent.

:httpc is used as the default HTTP client with built-in SSL validation. Mint can be added for HTTP/2 support.

A JWT parser is built-in, but can be easily switched out with JOSE.

Custom strategies

Adding a custom strategy takes no time. This is all you need to set up an OAuth 2.0 strategy:

defmodule TestProvider do
  use Assent.Strategy.OAuth2.Base

  @impl true
  def default_config(_config) do
    [
      site: "http://localhost:4000/",
      authorize_url: "http://localhost:4000/oauth/authorize",
      token_url: "http://localhost:4000/oauth/access_token",
      user_url: "/user",
      authorization_params: [scope: "email profile"]
    ]
  end

  @impl true
  def normalize(_config, user) do
    {:ok, %{
      "sub"   => user["sub"],
      "name"  => user["name"],
      "email" => user["email"]
    }}
  end
end

The normalize/2 method expects userinfo that conforms to OpenID Connect Core 1.0 Standard Claims specs. All non-standard values will be rejected.

Non-standard values can be added to the user response by returning it in this way:

  def normalize(_config, user) do
    {:ok, %{
      "sub"   => user["sub"],
      "name"  => user["name"],
      "email" => user["email"]
    },
    %{
      "test_provider_bio" => user["bio"]
    }}
  end

What about Ueberauth?

I explained in the thread for PowAssent the main difference:

I hope you’ll find this library useful :rocket:

Most Liked

danschultzer

danschultzer

Pow Core Team

Use PowAssent. Follow the instructions in the readme: GitHub - pow-auth/pow_assent: Multi-provider authentication for your Pow enabled app · GitHub

Got no sample repo or tutorial, but you just have to set up PowAssent as described above and then add the strategy like detailed further down the readme here: GitHub - pow-auth/pow_assent: Multi-provider authentication for your Pow enabled app · GitHub

As for the config, you should put it in the config file (dev.exs). For prod you can use prod.secret.exs, or env var for the credentials:

config :my_app, :pow_assent,
  providers: [
    facebook: [
      client_id: System.get_env("FACEBOOK_CLIENT_ID"),
      client_secret: System.get_env("FACEBOOK_CLIENT_SECRET"),
      strategy: Assent.Strategy.Facebook 
    ]
  ]

Assent is a low-level multi-provider library without any of the conveniences that PowAssent has such as Phoenix/Ecto integration.

tenzil

tenzil

Thanks dan, for a fast reply. This is very helpful. Long back I tried pow and I went with assent as I already had pow , will go with PowAssent now. Thanks again. I appreciate your help

Where Next?

Popular in Announcing Top

Crowdhailer
The latest release of Ace (0.10.0) includes serving content over HTTP/2. I have started writing a webserver to teach my self more about...
New
pkrawat1
Presenting Aviacommerce, open source e-commerce platform in Elixir Aviacommerce is an open source e-commerce platform in Elixir. We at...
New
restlessronin
The repo is at GitHub - cyberchitta/openai_ex: Community maintained Elixir library for OpenAI API · GitHub. Docs are at OpenaiEx User Gu...
152 10167 134
New
grych
Hi folks, Few months ago I have announced the proof-of-concept of the library to manipulate the browsers DOM objects directly from Elixi...
639 52341 488
New
wojtekmach
Hey everyone! Req is an HTTP client for Elixir that I’ve been working on for quite some time. There is already a lot of HTTP clients out...
New
sabiwara
Dune is a sandbox for Elixir and aims to safely evaluate user-provided code. You can try it out using this basic Elixir playground made ...
New
versilov
Could not wait for the missing Elixir ML libraries to appear, so, I wrote one myself, taking https://github.com/sdwolfz/exlearn as a foun...
New
michalmuskala
Hello everybody. I have just released Jason - a new JSON library. You might be wondering, why do we need a new library? The primary foc...
New
archan937
It is a well-know topic within the Elixir community: “To mock or not to mock? :)” Every alchemist probably has his / her own opinion con...
New
zoltanszogyenyi
Hey everyone :waving_hand: Excited to join this forum - I am one of the founders and current project maintainers of a popular and open-s...
New

Other popular topics Top

albydarned
Hello all! I am typing this post from my new MacBook Pro with the M1 chip. I’m loving it so far, and will probably use it as my daily dr...
New
dokuzbir
I want to highlight html closing tags when i click a html tag. That works in .html files but doesnt work for html.eex templates. How can...
New
jay1
Why is it that the mnesia database isn’t the most preferred database for use in Elixir/Phoenix?
New
grych
Hi folks, Few months ago I have announced the proof-of-concept of the library to manipulate the browsers DOM objects directly from Elixi...
639 52341 488
New
freewebwithme
Using vs code and installed ElixirLS: support and debugger. And I got an error popped up on start up says Failed to run ‘elixir’ comma...
New
RisingFromAshes
I’ve read in another post that it may be possible with a router helper - but I couldn’t find an appropriate one, and tbh, I’m still just ...
New
ashish173
I am using Ecto timestamps with postgres, I can see the timestamps() use the :naive_dateime but for my use case I wanted to store the ti...
New
klo
Got a question about when to concat vs. prepending items to list then reversing to achieve appending. So i know lists boil down to [1 | ...
New
sergio
Kind of like when jquery came out, it was super necessary. Existing drag and drop libraries have a bunch of baggage to support old browse...
New
vonH
In asking this question I am more interested about the expressiveness of the language itself and less concerned about the availability of...
New

We're in Beta

About us Mission Statement