From a3746dfaaa5aa9e32a7b6dd82dad0d494d86e5ab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rafael=20Eppl=C3=A9e?= <hello@rafa.ee>
Date: Thu, 11 Sep 2025 11:49:23 +0200
Subject: [PATCH] Explicitly require ash authentication settings

Previously, we'd rely on defaults for configuring user token
authentication. With these changes, we explicitly require
:session_identifier and :require_token_presence_for_authentication to be
configured in the application environment to make sure the system is
configured the way it should be.
---
 lib/accounts/user.ex | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/lib/accounts/user.ex b/lib/accounts/user.ex
index 9294526..b085407 100644
--- a/lib/accounts/user.ex
+++ b/lib/accounts/user.ex
@@ -19,16 +19,15 @@ defmodule Mv.Accounts.User do
   Currently password and SSO with Rauthy as OIDC provider
   """
   authentication do
-    session_identifier Application.compile_env(:mv, :session_identifier, :jti)
+    session_identifier Application.compile_env!(:mv, :session_identifier)
 
     tokens do
       enabled? true
       token_resource Mv.Accounts.Token
 
-      require_token_presence_for_authentication? Application.compile_env(
+      require_token_presence_for_authentication? Application.compile_env!(
                                                    :mv,
-                                                   :require_token_presence_for_authentication,
-                                                   false
+                                                   :require_token_presence_for_authentication
                                                  )
 
       store_all_tokens? true