Module: StandardId::WebAuthentication

Extended by:

ActiveSupport::Concern

Included in:

StandardId::Web::Auth::Callback::ProvidersController, StandardId::Web::BaseController

Defined in:

app/controllers/concerns/standard_id/web_authentication.rb

Overview

Public concern providing cookie-based session management for web controllers.

Include this in host app controllers to access StandardId’s session management capabilities. This is the same concern used internally by the WebEngine’s built-in controllers.

## Public helpers (available in controllers and views)

• ‘current_account` – Returns the currently authenticated account, or nil. Loads from session token or remember-me cookie. Delegated to SessionManager.

• ‘authenticated?` – Returns true if a user is currently signed in.

• ‘current_session` – Returns the current StandardId::BrowserSession, or nil. Delegated to SessionManager.

• ‘revoke_current_session!` – Revokes the current browser session and clears all session/cookie tokens. Use for sign-out flows. Delegated to SessionManager.

• ‘sign_in_account(login_params, &before_session)` – Authenticates via password credentials. Accepts a block called after credential verification but before session creation (for lifecycle hooks). Returns the PasswordCredential on success, nil on failure.

• ‘session_manager` – Returns the StandardId::Web::SessionManager instance for the current request. Useful for direct session operations like `session_manager.sign_in_account(account)` in passwordless flows.

Examples:

Usage in a host app controller

class ApplicationController < ActionController::Base
  include StandardId::WebAuthentication

  before_action :authenticate_account!
end

Instance Method Summary

• #current_account ⇒ Object

  Returns the currently authenticated account, or nil.

• #current_scope_names ⇒ Object

  Returns an array of scope names the user has authenticated into.

• #current_session ⇒ Object

  Returns the current StandardId::BrowserSession, or nil.

• #revoke_current_session! ⇒ Object

  Revokes the current browser session and clears all session/cookie tokens.

Instance Method Details

#current_account ⇒ Object

Returns the currently authenticated account, or nil. Loads from session token or remember-me cookie.

# File 'app/controllers/concerns/standard_id/web_authentication.rb', line 58

delegate :current_session, :current_account, :current_scope_names, :revoke_current_session!, to: :session_manager

#current_scope_names ⇒ Object

Returns an array of scope names the user has authenticated into.

# File 'app/controllers/concerns/standard_id/web_authentication.rb', line 58

delegate :current_session, :current_account, :current_scope_names, :revoke_current_session!, to: :session_manager

#current_session ⇒ Object

Returns the current StandardId::BrowserSession, or nil.

# File 'app/controllers/concerns/standard_id/web_authentication.rb', line 58

delegate :current_session, :current_account, :current_scope_names, :revoke_current_session!, to: :session_manager

#revoke_current_session! ⇒ Object

Revokes the current browser session and clears all session/cookie tokens.

# File 'app/controllers/concerns/standard_id/web_authentication.rb', line 58

delegate :current_session, :current_account, :current_scope_names, :revoke_current_session!, to: :session_manager