AccessPass - Yet another authentication library

I have been working for the last couple weeks on an authentication library that I have enjoyed using in my own personal projects. I would like to hear other peoples opinions!

https://hexdocs.pm/access_pass/introduction.html#content

4 Likes

I’ve read all the docs on AccessPass and it looks to do exactly what I’m trying to implement. I followed the crash course and I think I’m like 75% there, but I can’t work out how to get the AccessPath functions to work with my existing plug. Any suggestions would be great.
I’m new and admittedly pretty dense with Elixir/Phoenix, but I’m learning!

2 Likes

What code have you done so far and on which code are you stuck on and what would you like the code to look like when complete?

2 Likes

Sorry for the delay, I also get to put out fires (figuratively)

I have the library installed and a route set up at /admin that returns ‘unauthorized’ when I load it, so it seems to be working. Where I’m lost is what to do now.
Do I need to set up a register/login form and POST the info through @conn? If so, I don’t seem to have proper routes set up for the AccessPass functions.
Am I not setting it up properly in the Router? Do I need to put/call the AccessPass lib files differently? I’ve been trough the docs a bunch of times and they just sort of end where I’m stuck.

My router.ex:

defmodule TcbWeb.Router do
  use TcbWeb, :router
  use AccessPass.Routes

  pipeline :browser do
    plug :accepts, ["html"]
    plug :fetch_session
    plug :fetch_flash
    plug :protect_from_forgery
    plug :put_secure_browser_headers
  end

  pipeline :api do
    plug :accepts, ["json"]
  end

  pipeline :auth do
    plug Auth #Auth is an AccessPass plug to require auth on routes
  end

  scope "/" do
    access_pass :routes

    pipe_through :browser # Use the default browser stack
    get "/", PageController, :index
    resources "/tusers", TcbWeb.TuserController
    resources "/search_data", TcbWeb.TuserController
    resources "/notes", TcbWeb.TuserController
    resources "/login", TcbWeb.LoginController
  end

  scope "/admin" do
    pipe_through :auth
    get "/", PageController, :index
  end
end

My routes:

     _path  GET     /check                 AccessPass.Controller :check
     _path  GET     /refresh               AccessPass.Controller :refresh
     _path  POST    /register              AccessPass.Controller :register
     _path  POST    /confirm               AccessPass.Controller :confirm
     _path  POST    /login                 AccessPass.Controller :login
     _path  POST    /reset_password        AccessPass.Controller :reset_password
     _path  POST    /forgot_username       AccessPass.Controller :forgot_username
     _path  POST    /logout                AccessPass.Controller :logout
     _path  POST    /change_password       AccessPass.Controller :change_password
 page_path  GET     /                      PageController :index
tuser_path  GET     /tusers                TcbWeb.TuserController :index
tuser_path  GET     /tusers/:id/edit       TcbWeb.TuserController :edit
tuser_path  GET     /tusers/new            TcbWeb.TuserController :new
tuser_path  GET     /tusers/:id            TcbWeb.TuserController :show
tuser_path  POST    /tusers                TcbWeb.TuserController :create
tuser_path  PATCH   /tusers/:id            TcbWeb.TuserController :update
            PUT     /tusers/:id            TcbWeb.TuserController :update
tuser_path  DELETE  /tusers/:id            TcbWeb.TuserController :delete
tuser_path  GET     /search_data           TcbWeb.TuserController :index
tuser_path  GET     /search_data/:id/edit  TcbWeb.TuserController :edit
tuser_path  GET     /search_data/new       TcbWeb.TuserController :new
tuser_path  GET     /search_data/:id       TcbWeb.TuserController :show
tuser_path  POST    /search_data           TcbWeb.TuserController :create
tuser_path  PATCH   /search_data/:id       TcbWeb.TuserController :update
            PUT     /search_data/:id       TcbWeb.TuserController :update
tuser_path  DELETE  /search_data/:id       TcbWeb.TuserController :delete
tuser_path  GET     /notes                 TcbWeb.TuserController :index
tuser_path  GET     /notes/:id/edit        TcbWeb.TuserController :edit
tuser_path  GET     /notes/new             TcbWeb.TuserController :new
tuser_path  GET     /notes/:id             TcbWeb.TuserController :show
tuser_path  POST    /notes                 TcbWeb.TuserController :create
tuser_path  PATCH   /notes/:id             TcbWeb.TuserController :update
            PUT     /notes/:id             TcbWeb.TuserController :update
tuser_path  DELETE  /notes/:id             TcbWeb.TuserController :delete
login_path  GET     /login                 TcbWeb.LoginController :index
login_path  GET     /login/:id/edit        TcbWeb.LoginController :edit
login_path  GET     /login/new             TcbWeb.LoginController :new
login_path  GET     /login/:id             TcbWeb.LoginController :show
login_path  POST    /login                 TcbWeb.LoginController :create
login_path  PATCH   /login/:id             TcbWeb.LoginController :update
            PUT     /login/:id             TcbWeb.LoginController :update
login_path  DELETE  /login/:id             TcbWeb.LoginController :delete
     _path  GET     /admin                 AccessPass.Controller :index

Thanks for your time. I like alot about Elixir, but it’s a tough one to learn!

First off thanks for using the AccessPass. AccessPass handles all the API related stuff for user auth so you are correct in that you need to now use Login or Register endpoints to get an access token. AccessPass will then check any request you use the auth pipeline on for a request header ‘access-token’ that is valid.

https://hexdocs.pm/access_pass/phoenix_routes_helper.html#content

If your have any more questions feel free to ask!