Setup:
mix igniter.install ash_authentication_phoenix
mix ash_authentication.add_strategy password
I create a user in the web application. Now I want to access that user in the iex. How can I do that? This doesn’t work:
iex(5)> ExampleApp.Accounts.User |> Ash.Query.filter(email = "bob@example.com") |> Ash.read!()
** (Ash.Error.Invalid) Invalid Error
* No primary action of type :read for resource ExampleApp.Accounts.User, and no action specified
The resource includes this code:
read :get_by_email do
description "Looks up a user by their email"
get? true
argument :email, :ci_string do
allow_nil? false
end
filter expr(email == ^arg(:email))
end
How can I use that in the iex to fetch a single user by his email address?
Relevant docs on primary actions: Actions — ash v3.29.3
I considered making the generators add a primary read action, but users is a pretty sensitive resource and I wanted to add only the minimal required to power authentication.
You will also need to add authorize?: false to your call because of the policies on users. A mild inconvenience, but the security benefits are worth it 
So after adding a primary action: Ash.get!(User, <id>, authorize?: false)
So adding primary? true to an action should solve my problem. Let’s do that:
read :get_by_email do
primary? true
description "Looks up a user by their email"
get? true
argument :email, :ci_string do
allow_nil? false
end
filter expr(email == ^arg(:email))
end
But it doesn’t work:
iex(1)> alias ExampleApp.Accounts.User
ExampleApp.Accounts.User
iex(2)> Ash.get_by_email(User, "bob@example.com", authorize?: false)
** (UndefinedFunctionError) function Ash.get_by_email/3 is undefined or private
(ash 3.4.28) Ash.get_by_email(ExampleApp.Accounts.User, "sw@wintermeyer-consulting.de", [authorize?: false])
iex:2: (file)
What is my mistake?
It’s not defined on the Ash module. You want something like Ash.get!(User, ...) like Zach showed in his example.
Primary actions should not define required arguments generally. You would leave the arguments out, and Ash.get does the filtering.
If you want a named function, use code interfaces.
You want something like Ash.get!(User, ...) like Zach showed in his example.
Until now nobody gave me an actual example that I or anybody else who runs into the same problem can use.
I really don’t care how. I just want to fetch the user with the email address bob@example.com. How can I do this and what is the most “Ash like” way?
There are examples of using Ash.get in the read actions guide:
The most idiomatic way to do this is as follows:
Add the default read
# lib/accounts/user.ex
actions do
defaults [:read]
end
Add a code interface on the domain
# lib/accounts.ex
resource ExampleApp.Accounts.User do
define :get_user_by_email, action: :read, get_by: [:email]
end
Call it
ExampleApp.Accounts.get_by_email!("me@example.com", authorize?: false)
Thank you Zach! That solves my problem. 
Follow up understanding issue: Why don’t/can’t I use the already existing read :get_by_email do ... end code in the user.ex file for this?
Oh, right
I forgot that we generated that action in the auth generators TBH
I thought it was a custom action you had written.
You can use that existing action. In that case, the only thing you need is this:
resource ExampleApp.Accounts.User do
define :get_by_email, args: [:email]
end
Generally speaking, making an action just to get something by a given field is not necessary, because code interfaces have get_by option, and you can use Ash.get as well. However, in the case of AshAuthentication it needs to be guaranteed to have an action whose name it knows in order to look up users for authentication. You’re free to use that generated action for this as well 