Disconnects existing sockets for the given tokens.

Fetches the scope for API requests.

Authenticates the user by looking into the session and remember me token.

Will reissue the session token if it is older than the configured age.

Logs the user in.

Redirects to the session's :user_return_to path or falls back to the signed_in_path/1.

Logs the user out.

It clears all session data for safety. See renew_session.

Stores the return to path for unauthenticated users.

This is used to redirect the user back to the page they were trying to access. We store it for all GET requests that are not login, signup, or confirmation pages.

Handles mounting and authenticating the scope in LiveViews.

on_mount arguments

• :mount_scope - Assigns scope to socket assigns based on user_token, or nil if there's no user_token or no matching user.

• :ensure_auth_for_private_orgs - Ensures the user is authenticated for private organizations. If the organization is public, it continues; otherwise, it redirects to the login page.

• :ensure_sudo_mode - Check if the user has been authenticated recently enough to access a certain page.

Examples

Use the on_mount lifecycle macro in LiveViews to mount or authenticate the scope:

defmodule ZoonkWeb.PageLive do
  use ZoonkWeb, :live_view

  on_mount {ZoonkWeb.UserAuth, :mount_scope}
  ...
end

Or use the live_session of your router to invoke the on_mount callback:

live_session :authenticated, on_mount: [{ZoonkWeb.UserAuth, :ensure_authenticated}] do
  live "/profile", ProfileLive, :index
end

Puts the given token in the session and sets the :live_socket_id key, so LiveView sessions are identified and automatically disconnected on log out.

Used for routes that require the user to be authenticated.

Returns the path to redirect to after log in.