I am very new to the Ash Framework. I did buy the book and I have gone up through the chapter on testing. I am very excite about the prospects, and it is time to start playing with it.
However, I am not sure what to do with Ash Authentication. I have some very strict compliance rules and I do not see a way to modify the “User” resource. There are some articles on customizing Ash Authentication but they mostly revolve around the Phoenix layer not concerned with modifying the base business logic that I believe should be embedded in the “User” resource. Below is a mostly representative sequence diagram of the “login” workflow.
Is there a guide that covers this topic I have not uncovered yet? Or is there something simple in the base documentation I am not understanding for making these kinds of changes?
I wouldn’t be too attached to AshAuthentication. AshAuthentication is a way for us to provide pre-built variations of authentication easily. There is nothing wrong with using “regular” actions/resources and powering the flow yourself. You can very likely make modifications to the actions that underpin AshAuthentication, (i.e you should see actions in your user resource like sign_in_with_password and register_with_password that you are free to customize, thats why we generate them into your app), but at the end of the day if you’re worried about being able to rigidly prove that your app behaves to some specific requirement or specification, you may be better off not using AshAuthentication at all. Perhaps it just adds value while prototyping and later you replace it with your own tooling etc.
2 Likes
@zachdaniel would it be possible for an AshAuthentication generator to create some html, instead of a configuration file that has a bunch of different UI options?
That is an eventual goal (well, generate liveviews most likely, potentially inert views after). With that said, it’s mot very complex to define your own. The actions etc are all usable from anywhere like any standard action.
