Any examples of Phoenix/Ueberauth Module Integration?

niamtokik · May 22, 2019, 10:53am

Hey guys!

Firstly, I am happy to finally have an account on elixir forum and share my experience with all of you! It’s a real pleasure to be there!

I am currently working on a pretty big project based on Erlang/Elixir (API in Elixir and backend in Erlang). Actually, I am more an Erlang developer than Elixir one, and I have some issue with Ueberauth. I was looking around and did not find any blog post or big example about integrating it with Phoenix (1.4+).

If you don’t have any example or links… Can you give me some feedback about this framework, or other alternative (I tried guardian a little, but don’t have any experience with it).

Many thanks in advance!

OvermindDL1 · May 22, 2019, 3:20pm

The integration is identical to older Phoenix’s so the existing docs should work fine. I’ve been using ueberauth with phoenix since 1.1 days and I’m on 1.4 still without issue.

If you are getting errors or anything, please post them here and we can help!

On a side note, if you don’t know or care what JWT is or don’t need to transfer information securely between non-communicating servers via the client, then you don’t need to touch Guardian at all.

niamtokik · May 23, 2019, 8:05am

Thanks for the reply! Actually, I don’t have any kind of issue, I was just thinking about how things really work and how to make something “clean” by looking some real life example. I was thinking to make my own interface first based on oauth1 and oauth2, because I need to manage some user token, and don’t know how to get those information easily with ueberauth.

sanswork · May 23, 2019, 9:02am

Have you checked out https://github.com/ueberauth/ueberauth_example/

alvises · May 23, 2019, 6:59pm

Hi @niamtokik, welcome to the forum!!

I’ve just started to use this library this week and I had the same feeling - before having a decent understanding of what to do, I had to do quite a bit of research I didn’t have clear which steps I had to follow and in which order, especially merging the steps of the library with the customization of the Strategy.

I needed it just to make the user login via a GitHub Oauth app, but as you maybe have seen it’s possible to configure the library with a ton of different services (called Strategies): List of Strategies

So, this is what I did and resources I’ve used.

I’ve found useful the GitHub strategy documentation: Ueberauth.Strategy.Github

1) In my case (GitHub) what I’ve done is to configure Ueberauth in config/config.exs like this

config :ueberauth, Ueberauth,
  providers: [
    github: { Ueberauth.Strategy.Github, [default_scope: "user", uid_field: :email] }
  ]

In this way I request only personal info default_scope: "user", like name, email and avatar picture. Each strategy has its own default_scope string.

2) After creating the Github app, I’ve configured the strategy with client id and secret, always in the configuration file

# THIS IS A NEW :config
config :ueberauth, Ueberauth.Strategy.Github.OAuth,
  client_id: System.get_env("GITHUB_CLIENT_ID"),
  client_secret: System.get_env("GITHUB_CLIENT_SECRET")

3) Then I created the Phoenix controller that handles the request and callback, like this example

defmodule MyApp.AuthController do
  use MyApp.Web, :controller
  plug Ueberauth

  def callback_phase(%{ assigns: %{ ueberauth_failure: fails } } = conn, _params) do
    # do things with the failure
  end

  def callback_phase(%{ assigns: %{ ueberauth_auth: auth } } = conn, params) do
    # do things with the auth
  end
end

plug Ueberauth adds the request phase to the Auth controller, and when the MyApp.AuthController :request action is called, it redirects the user to the GitHub authorization page.

4) To use this controller I’ve then added these routes in router.ex (like the example in the Ueberauth github repo)

scope "/auth", MyApp do
  pipe_through :browser

  get "/:provider", AuthController, :request
  get "/:provider/callback", AuthController, :callback
end

I kept the same default values. In this way, if you make a GET HTTP request with your browser to /auth/github, the :request action is called with "github" provider param, and it redirects you to the GitHub auth page.

Then, when you authorize the GitHub page, you are redirected to /auth/github/callback which triggers callback_phase(%{ assigns: %{ ueberauth_auth: auth } } = conn, params) and you can use auth to get all the data you need.

The example that @sanswork has shared it’s super clear, but let me know if something isn’t clear… I’d be happy to share part of the code I’ve done so I can be more specific.

cnck1387 · May 23, 2019, 11:53pm

There’s a real world updated implementation of it at https://github.com/thechangelog/changelog.com. You can see a demo of it at https://changelog.com/in.

niamtokik · May 28, 2019, 8:24am

Thanks for all these great answers! I was looking on my side too, and find some great post:

Thanks @alvises for your really useful answer! On my side, I tried to debug some existing ueberauth modules, like linkedin one (Permission issue during authentication by niamtokik · Pull Request #10 · fajarmf/ueberauth_linkedin · GitHub).

Thanks @cnck1387, I will take a look. The project seems really interesting! Are you working on this project? Because I am interested about the design of the database, in particular the way I can store token and reuse them? I mean, I read the router.ex(changelog.com/lib/changelog_web/router.ex at master · thechangelog/changelog.com · GitHub) file and take a look around the code, but, it seems token from github or twitter are not stored. I guess the session is stored in the cookie, but there is no data stored somewhere for that (except, obviously, for the information about the user like email or password).

@sanswork I already hacked around this code (my first PoC was based on), but there is a lack of real world example with comments and documentation, a kind of “how to use ueberauth, and write new strategies”.

Anyway! Thanks for your answers!

cnck1387 · May 28, 2019, 9:28am

I do work on the project, but I’m not a core developer. I am just a random person who stumbled onto the project while learning Phoenix and have sent in a few small pull requests.

I mainly use their code base as a reference guide for my project, although I don’t use the ueberauth feature in my app. Their site supports both signing in with an account you can create with an email address OR you can use a social login instead.

Just glancing at the code in the auth controller, it looks like if you try to sign in with Twitter or something, then ueberauth will determine if the person successfully authenticated and then it pattern matches on the callback to see what to do next.

If it’s bad, the login never happens. If it’s good, it attempts to look up the user by the Twitter handle they used to authenticate. If that was a success, it logs them in. Otherwise it sends them to a /join page to create an initial account with as many fields pre-filled in as possible from the ueberauth data.

The token doesn’t get stored from github or twitter, but info about the user is stored. In either case (logging in with a custom account you created or twitter) the sign_in_and_redirect function gets called in the auth controller which sets up the session and saves the cookie.