I’ve been needing to customize our sign in, register, reset password, and forgot password pages for months. Every time I took a look at the ash_authentication_phoenix pages/code I ran away crying. And blog posts like Customising Ash Authentication with Phoenix LiveView did not make it seem easier.
After taking the plunge last night (due to yet another confused customer), I hooked up a custom Forgot Password page… and it all clicked.
We’re just doing POST calls to a few auth endpoints. Duh!
mix phx.routes
auth_path * /auth/user/password/register MyAppWeb.AuthController {:user, :password, :register}
auth_path * /auth/user/password/sign_in MyAppWeb.AuthController {:user, :password, :sign_in}
auth_path * /auth/user/password/reset_request MyAppWeb.AuthController {:user, :password, :reset_request}
auth_path * /auth/user/password/reset MyAppWeb.AuthController {:user, :password, :reset}
With that in mind, everything else made sense. The blogs, the docs, the other posts in this forum.
In iex, run AshAuthentication.Info.strategy!(MyApp.Accounts.User, :password) and things get even more clear, because so much of what seems like cryptic code was just there because literally every thing about ash_auth can be customized. So there is a ton of code to just deal with that. Especially since you can have numerous strategies enabled, and they deal with that. But I have just password and Google, so I can get really simple.
%AshAuthentication.Strategy.Password{
confirmation_required?: true,
hash_provider: AshAuthentication.BcryptProvider,
hashed_password_field: :hashed_password,
identity_field: :email,
name: :password,
password_confirmation_field: :password_confirmation,
password_field: :password,
provider: :password,
register_action_accept: [],
register_action_name: :register_with_password,
registration_enabled?: true,
resettable: %AshAuthentication.Strategy.Password.Resettable{
token_lifetime: {3, :days},
request_password_reset_action_name: :request_password_reset_with_password,
password_reset_action_name: :password_reset_with_password,
sender: {MyApp.Mailer.SendPasswordResetEmail, []}
},
resource: MyApp.Accounts.User,
sign_in_action_name: :sign_in_with_password,
sign_in_enabled?: true,
sign_in_token_lifetime: {60, :seconds},
sign_in_tokens_enabled?: false,
sign_in_with_token_action_name: :sign_in_with_token_for_password,
strategy_module: AshAuthentication.Strategy.Password
}
So when I see something similar to:
api = AshAuthentication.Info.authentication_domain!(strategy.resource)
subject_name = AshAuthentication.Info.authentication_subject_name!(strategy.resource)
AshPhoenix.Form.for_action(strategy.resource, strategy.resettable.request_password_reset_action_name,
api: api,
as: to_string(subject_name),
context: Ash.Helpers.deep_merge_maps(%{}, %{strategy: strategy, private: %{ash_authentication?: true}})
)
I now realize those were (obviously) just normal forms that I’ve been working with in Ash for over a year. Again, duh!
Heck, you don’t even need any of that. You can make a basic sign in page with static html, similar to:
<form action="/auth/user/password/sign_in" method="POST">
<input name="user[email]"/>
<input type="password" name="user[password]"/>
<button type="submit">Sign In</button>
</form>
(I’m just typing that out, it’s not real, missing CSRF for instance)
So don’t be afraid to write your custom auth pages. You can start with simple HTML!
I have no questions. Just hoping this post saves someone else a few hours.
My router.ex looks like:
live_session :auth_sign_in do
live "/sign-in", Live.Auth.SignIn, :sign_in
live "/register", Live.Auth.Register, :register
live "/reset", Live.Auth.ForgotPassword, :reset
end
auth_routes_for MyApp.Accounts.User, to: AuthController
scope "/password-reset" do
live_session :auth_reset do
live "/:token", Live.Auth.ResetPassword, :reset
end
end
Some pages for reference:
. In the near future we hope to have a basic generator to get people started with fully custom auth pages as well 
Need to finish the fancy new ash authentication installers first though. But those are nearing the finish line.
