Assent: Multi-provider framework for Elixir

I’ve moved the strategies out of PowAssent and created a multi-provider framework for Elixir. This way the strategies can be used in any context, and not be limited to Pow, Phoenix, Plug, etc.

Please don’t hesitate with feedback or PR’s!

Github: https://github.com/pow-auth/assent
Hex: https://hex.pm/packages/assent

Features

  • OAuth 1.0, OAuth 2.0, and OIDC protocol support
  • Many out-of-the-box providers including Apple Sign In
  • Conforms userinfo to OpenID Connect Core 1.0 Standard Claims
  • Add your custom strategy in no time
  • Support for client_secret_jwt and private_key_jwt authentication in OAuth 2.0 and OIDC
  • Nearly no dependency requirements
  • Self-contained - the strategies consists of very little code and are easy to manage

Few dependencies

As with PowAssent, there are near zero dependency requirements for Assent.

:httpc is used as the default HTTP client with built-in SSL validation. Mint can be added for HTTP/2 support.

A JWT parser is built-in, but can be easily switched out with JOSE.

Custom strategies

Adding a custom strategy takes no time. This is all you need to set up an OAuth 2.0 strategy:

defmodule TestProvider do
  use Assent.Strategy.OAuth2.Base

  @impl true
  def default_config(_config) do
    [
      site: "http://localhost:4000/",
      authorize_url: "http://localhost:4000/oauth/authorize",
      token_url: "http://localhost:4000/oauth/access_token",
      user_url: "/user",
      authorization_params: [scope: "email profile"]
    ]
  end

  @impl true
  def normalize(_config, user) do
    {:ok, %{
      "sub"   => user["sub"],
      "name"  => user["name"],
      "email" => user["email"]
    }}
  end
end

The normalize/2 method expects userinfo that conforms to OpenID Connect Core 1.0 Standard Claims specs. All non-standard values will be rejected.

Non-standard values can be added to the user response by returning it in this way:

  def normalize(_config, user) do
    {:ok, %{
      "sub"   => user["sub"],
      "name"  => user["name"],
      "email" => user["email"]
    },
    %{
      "test_provider_bio" => user["bio"]
    }}
  end

What about Ueberauth?

I explained in the thread for PowAssent the main difference:

I hope you’ll find this library useful :rocket:

16 Likes

Which one to use for multi provider? Pow and then assent or PowAssent? But internally powassent has pow and assent as dependencies. And I am newbie, it will be very helpful if add a sample repo with git or Facebook strategy. I got confused with the docs ( where I need to put the config , is it just a variable or it should go inside config )
A sample repo will be very helpful. thanks In advance I appreciate your help and support

Use PowAssent. Follow the instructions in the readme: https://github.com/pow-auth/pow_assent#getting-started

Got no sample repo or tutorial, but you just have to set up PowAssent as described above and then add the strategy like detailed further down the readme here: https://github.com/pow-auth/pow_assent#setting-up-a-provider

As for the config, you should put it in the config file (dev.exs). For prod you can use prod.secret.exs, or env var for the credentials:

config :my_app, :pow_assent,
  providers: [
    facebook: [
      client_id: System.get_env("FACEBOOK_CLIENT_ID"),
      client_secret: System.get_env("FACEBOOK_CLIENT_SECRET"),
      strategy: Assent.Strategy.Facebook 
    ]
  ]

Assent is a low-level multi-provider library without any of the conveniences that PowAssent has such as Phoenix/Ecto integration.

1 Like

Thanks dan, for a fast reply. This is very helpful. Long back I tried pow and I went with assent as I already had pow , will go with PowAssent now. Thanks again. I appreciate your help

1 Like