danschultzer
Assent: Multi-provider framework for Elixir
I’ve moved the strategies out of PowAssent and created a multi-provider framework for Elixir. This way the strategies can be used in any context, and not be limited to Pow, Phoenix, Plug, etc.
Please don’t hesitate with feedback or PR’s!
Github: GitHub - pow-auth/assent: Multi-provider framework in Elixir · GitHub
Hex: assent | Hex
Features
- OAuth 1.0, OAuth 2.0, and OIDC protocol support
- Many out-of-the-box providers including Apple Sign In
- Conforms userinfo to OpenID Connect Core 1.0 Standard Claims
- Add your custom strategy in no time
- Support for
client_secret_jwtandprivate_key_jwtauthentication in OAuth 2.0 and OIDC - Nearly no dependency requirements
- Self-contained - the strategies consists of very little code and are easy to manage
Few dependencies
As with PowAssent, there are near zero dependency requirements for Assent.
:httpc is used as the default HTTP client with built-in SSL validation. Mint can be added for HTTP/2 support.
A JWT parser is built-in, but can be easily switched out with JOSE.
Custom strategies
Adding a custom strategy takes no time. This is all you need to set up an OAuth 2.0 strategy:
defmodule TestProvider do
use Assent.Strategy.OAuth2.Base
@impl true
def default_config(_config) do
[
site: "http://localhost:4000/",
authorize_url: "http://localhost:4000/oauth/authorize",
token_url: "http://localhost:4000/oauth/access_token",
user_url: "/user",
authorization_params: [scope: "email profile"]
]
end
@impl true
def normalize(_config, user) do
{:ok, %{
"sub" => user["sub"],
"name" => user["name"],
"email" => user["email"]
}}
end
end
The normalize/2 method expects userinfo that conforms to OpenID Connect Core 1.0 Standard Claims specs. All non-standard values will be rejected.
Non-standard values can be added to the user response by returning it in this way:
def normalize(_config, user) do
{:ok, %{
"sub" => user["sub"],
"name" => user["name"],
"email" => user["email"]
},
%{
"test_provider_bio" => user["bio"]
}}
end
What about Ueberauth?
I explained in the thread for PowAssent the main difference:
I hope you’ll find this library useful ![]()
Most Liked
danschultzer
Use PowAssent. Follow the instructions in the readme: GitHub - pow-auth/pow_assent: Multi-provider authentication for your Pow enabled app · GitHub
Got no sample repo or tutorial, but you just have to set up PowAssent as described above and then add the strategy like detailed further down the readme here: GitHub - pow-auth/pow_assent: Multi-provider authentication for your Pow enabled app · GitHub
As for the config, you should put it in the config file (dev.exs). For prod you can use prod.secret.exs, or env var for the credentials:
config :my_app, :pow_assent,
providers: [
facebook: [
client_id: System.get_env("FACEBOOK_CLIENT_ID"),
client_secret: System.get_env("FACEBOOK_CLIENT_SECRET"),
strategy: Assent.Strategy.Facebook
]
]
Assent is a low-level multi-provider library without any of the conveniences that PowAssent has such as Phoenix/Ecto integration.
tenzil
Thanks dan, for a fast reply. This is very helpful. Long back I tried pow and I went with assent as I already had pow , will go with PowAssent now. Thanks again. I appreciate your help
Popular in Announcing
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #javascript
- #code-sync
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance








