jharton:

Hey folks. This took a little longer than I’d like but thanks to <@197905764424089601>’s help we now have password failure messages right in the password sign in form.

This is done by checking the password right in the liveview and then generating a short-lived token on success and redirecting the user to a new endpoint which validates it. This allows us to show the user a password failure message without having to mess around with flash messages and redirections which was the previously preferred method.

The best part? It’s completely backwards compatible. If you set sign_in_tokens_enabled? true in your password strategy DSL then this new flow will be used, otherwise the old behaviour is preserved.

To use it you need ash_authentication 3.10.5 and ash_authentication_phoenix 1.7.0

Happy password checking!

.terris:

That’s awesome! Is this in an advanced example repo ?

zachdaniel:

Its the dev repo in ash_authentication_phoenix