A simple username/password strategy for Überauth.
Add :ueberauth_identity
to your list of dependencies in mix.exs
:
def deps do
[
{:ueberauth_identity, "~> 0.3"}
]
end
Add the strategy to your applications:
def application do
[
applications: [:ueberauth_identity]
]
end
Add Identity to your Überauth configuration:
config :ueberauth, Ueberauth,
providers: [
identity: {Ueberauth.Strategy.Identity, [
callback_methods: ["POST"]
]}
]
Include the Überauth plug in your controller:
defmodule MyApp.AuthController do
use MyApp.Web, :controller
plug Ueberauth
...
end
Create the request and callback routes if you haven't already:
scope "/auth", MyApp do
pipe_through :browser
get "/:provider", AuthController, :request
get "/:provider/callback", AuthController, :callback
post "/identity/callback", AuthController, :identity_callback
end
Your request phase handler should implement a form or similar method to collect the required login information.
The controller callback should validate login information using the Ueberauth.Auth
struct:
def identity_callback(%{assigns: %{ueberauth_auth: auth}} = conn, params) do
case validate_password(auth.credentials) do
:ok ->
user = %{id: auth.uid, name: name_from_auth(auth), avatar: auth.info.image}
conn
|> put_flash(:info, "Successfully authenticated.")
|> put_session(:current_user, user)
|> redirect(to: "/")
{ :error, reason } ->
conn
|> put_flash(:error, reason)
|> redirect(to: "/")
end
end
For an example implementation see the Überauth Example application.
Sometimes it's convenient to nest the returned params under a namespace. For example if you're using a "user" form, your params may come back as:
%{ "user" => { "email" => "my@email.com" … }
If you're using a nested set of attributes like this you'll need to let Überauth Identity know about it. To do this set an option in your config:
config :ueberauth, Ueberauth,
providers: [
identity: {Ueberauth.Strategy.Identity, [param_nesting: "user"]}
]
By default Überauth Identity will be changing empty values from the returned params to nil. If you want to disable that behaviour set the following option in your config:
config :ueberauth, Ueberauth,
providers: [
identity: {Ueberauth.Strategy.Identity, [scrub_params: false]}
]
Depending on the configured url you can initial the request through:
/auth/identity/callback
Copyright (c) 2015 Daniel Neighman
Released under the MIT License, which can be found in the repository in LICENSE.