When the user enter's an incorrect password, I want to re-render the login page with their email still filled but not their password. It seems like I may have to reach into the %Ueberauth.Auth{} struct in conn.assigns to accomplish this. Is that correct? Are there any methods to accomplish this? I don't see any in the docs.

Steps to Reproduce

Set as the example. Phoenix 1.13

Expected Result

Render the page "request.html.heex" when using Strategy.Identity

Actual Result

On signin with username/pwd, you send a request "GET /auth/identity", but even if "views/auth_view.ex" exists, I get an "AuthView.render/2 is undefined, and MyApp.AuthView is not available.
Request: GET /auth/identity
** (exit) an exception was raised:
** (UndefinedFunctionError) function MyApp.AuthView.render/2 is undefined (module MyApp.AuthView is not available)
MyApp.AuthView.render("request.html", %{callback_url: "http://localhost:4000/auth/identity/callback",...

The latest version of ueberauth_identity is not compatible with [email protected]. I'm thinking it's related to ueberauth/ueberauth#136 and how CSRF is maintained automatically. Downgrading ueberauth to 0.6.3 works.

I'm fairly new to Elixir / Phoenix but happy to send a PR if someone nudges me to the right place.

Hey there,

I'm currently building out an API that conforms to the Jsonapi.org specification. I noticed that we can account for a nested attribute like %{user => {email, password}, but in order to conform to the spec I need to be able to send attributes nested two levels deep, for example:

{
  "data": {
    "type": "users",
      "attributes": {
        "email": "[email protected]",
        "password": "secret"
      }
    }
}

I'd be happy to try to PR this, but I'm still pretty new to Elixir!

At the end of the README, in the "Calling" section

Depending on the configured url you can initial the request through:

/auth/identity

Shouldn't this be

/auth/identity/callback

In addition, shouldn't this just be shared with the real oauth callbacks and be function matched somewhere on %{provider: strategy} ? Otherwise, if its on its own, its not really a callback, just a controller method you are submitting to. ( The ueberauth example does what I'm suggesting )

Looking at an example from

https://github.com/hassox/phoenix_guardian

It seems that hassox, the author, is saving the password in the same sql table as the other Oauth authentications under the token field.

I know that ueberauth_identity doesn't care how you store or lookup a user from identity authentication but what do you guys recommend, should i store the user password in the user table in the password field or just along with the rest of the oauth authentications under the token field?

Scrub auth when using plug Ueberauth

I wasn't able to view the hexdocs for the package, it kept redirecting to https://hexdocs.pm/ueberauth_identity/extra-readme.html which results in a 404.

May be just a matter of replacing extra-readme with readme in the mix.exs file?

There are a listing of warnings that will become errors later that need to be fixed:

warning: Dict.get/3 is deprecated, use the Map module for working with maps or the Keyword module for working with keyword lists
  lib/ueberauth/strategy/identity.ex:57

warning: Dict.get/2 is deprecated, use the Map module for working with maps or the Keyword module for working with keyword lists
  lib/ueberauth/strategy/identity.ex:57

warning: variable "default_options" does not exist and is being expanded to "default_options()", please use parentheses to remove the ambiguity or change the variable name
  lib/ueberauth/strategy/identity.ex:57

How do I modify the credentials field? For example I won't need password confirmation in a login page and I would want the email there. Also under auth.info why are there so many fields? I wouldn't need half of them like phone location etc.

Latest released version is 0.2.3 still.

When depender project is compiling with warnings as errors then it fails to build:

warning: variable "package" does not exist and is being expanded to "package()", please use parentheses to remove the ambiguity or change the variable name
  /home/<user>/<project>/deps/ueberauth_identity/mix.exs:11

warning: variable "description" does not exist and is being expanded to "description()", please use parentheses to remove the ambiguity or change the variable name
  /home/<user>/<project>/deps/ueberauth_identity/mix.exs:17

warning: variable "deps" does not exist and is being expanded to "deps()", please use parentheses to remove the ambiguity or change the variable name
  /home/<user>/<project>/deps/ueberauth_identity/mix.exs:18

warning: variable "docs" does not exist and is being expanded to "docs()", please use parentheses to remove the ambiguity or change the variable name
  /home/<user>/<project>/deps/ueberauth_identity/mix.exs:19

warning: variable "docs_extras" does not exist and is being expanded to "docs_extras()", please use parentheses to remove the ambiguity or change the variable name
  /home/<user>/<project>/deps/ueberauth_identity/mix.exs:39

==> ueberauth_identity
Compiling 2 files (.ex)
warning: variable "default_options" does not exist and is being expanded to "default_options()", please use parentheses to remove the ambiguity or change the variable name
  lib/ueberauth/strategy/identity.ex:57

warning: Dict.get/2 is deprecated. Use the Map module for working with maps or the Keyword module for working with keyword lists
  lib/ueberauth/strategy/identity.ex:57

warning: Dict.get/3 is deprecated. Use the Map module for working with maps or the Keyword module for working with keyword lists
  lib/ueberauth/strategy/identity.ex:57

Generated ueberauth_identity app

Hi,

Do you think those functionalities can be merged in this strategy ?

Invitable: sends invites to new users with a sign-up link, allowing the user to create their account with their own password.
Registerable: allows anonymous users to register a users email address and password.
Confirmable: new accounts require clicking a link in a confirmation email.
Recoverable: provides a link to generate a password reset link with token expiry.
Trackable: saves login statistics like login counts, timestamps, and IP address for each user.
Lockable: locks an account when a specified number of failed sign-in attempts has been exceeded.
Unlockable With Token: provides a link to send yourself an unlock email.
Rememberable: provides persistent login with 'Remember me?' check box on login page.

Can you push the new version to hex? Last one is from more than 2 years ago and we would like the warnings to go away ;)

Issue

Params submitted from this form doesn't get captured into auth struct

# web/templates/auth/request

<%= form_for @changeset, @callback_url, fn f -> %>
  <%= if f.errors != [] do %>
    <div class="alert alert-danger">
      <p>Oops, something went wrong! Please check the errors below:</p>
      <ul>
        <%= for {attr, message} <- f.errors do %>
          <li><%= humanize(attr) %> <%= message %></li>
        <% end %>
      </ul>
    </div>
  <% end %>

  <div class="form-group">
    <label>Email</label>
    <%= text_input f, :email, class: "form-control" %>
  </div>

  <div class="form-group">
    <label>Password</label>
    <%= password_input f, :password, class: "form-control" %>
  </div>

  <div class="form-group">
    <%= submit "Login", class: "btn btn-primary" %>
  </div>
<% end %>

params

%{"_csrf_token" => "GXElfW8jABYYE15FAQoPdjcWKT4MNgAAw8W7ZQjLagluU267oTpRbQ==",
  "_utf8" => "✓", "provider" => "identity",
  "user" => %{"email" => "[email protected]", "password" => "password"}}

# config/config.exs
config :ueberauth, Ueberauth,
  providers: [
    identity: {Ueberauth.Strategy.Identity, [
      callback_methods: ["POST"],
      uid_field: :email,
      password_field: :password
    ]}
  ]

Suggestion

allow specifying model to be authenticated against in config so that it can be made useful to collect the fields from a form_for submission

config :ueberauth, Ueberauth,
  providers: [
    identity: {Ueberauth.Strategy.Identity, [
      callback_methods: ["POST"],
      uid_field: :email,
      password_field: :password,
      model: MyApp.User
    ]}
  ]

I've tried following the docs for ueberauth_identity but getting:

** (CompileError) web/controllers/auth_controller.ex:32: undefined function validate_password/1

Error: https://travis-ci.org/dwyl/auth/builds/215054975#L391
Snapshot of code: https://github.com/dwyl/auth/blob/fe8f18a16695b5c2a4ca08c75a02bcd698c202b2/web/controllers/auth_controller.ex#L32

I searched through the ueberauth org:
https://github.com/search?q=org%3Aueberauth+validate_password&type=Code

There's only one place it's referred to and that's in the readme. (no code examples)

also checked all 14 answers on StackOverflow http://stackoverflow.com/search?q=ueberauth
(as instructed in your CONTRIBUTING.md but didn't find anything resembling this issue...)

There are quite a few questions that have no answers or comments ...
So I'm asking my question here in the hope of a response.

Is there an example definition for the validate_password/1 function?
or can anybody who has successfully implemented ueberauth_identity shed some light on this?

Steps to Reproduce

Set as the example. Phoenix 1.13

Expected Result

The identity_callback uses an undefined function "validate_password".

Actual Result

def identity_callback(%{assigns: %{ueberauth_auth: auth}} = conn, params) do
case validate_password(auth.credentials)