When tokens are enabled for a resource, there appears to be no way to customize the signed token with extra claims when using the AshAuthentication.Plug.
I tried manually defining routes for auth, but when I try to create the token manually with AshAuthentication.Jwt.token_for_user, I get duplicate tokens (Because store_all_tokens is true). If I set store_all_tokens? to false, I can manually create a token, but the token doesn’t get stored.
Question is, is it possible to add extra claims to the jwt when using the generated ash plug?
autentication do
tokens do
enabled? true
token_resource AccountsService.Accounts.Token
signing_secret AccountsService.Accounts.Secrets
store_all_tokens? true
require_token_presence_for_authentication? true
token_lifetime {90, :days}
end
end
So, looking at the code to refresh my memory, it seems that by default the primary key is the JTI, which is unique to every token so I don’t know how you could possibly be getting a conflict. Additionally, you can provide an alternative “purpose” for the token (defaults to "user") by passing the purpose option to token_for_user/3.
What I would probably do is customise your AuthController/AuthPlug success callback and have it ignore the auto-generated token and generate a new token with the claims you want.
I tried doing that, and going the full custom routes as well, but unfortunately the code for creating a token looks into the resource to check whether to store the token or not. If I leave it on, it works, but creates a duplicate token for one login request. If I turn off store_all_tokens? then nothing gets stored in the db.
defp maybe_store_token(token, resource, user, purpose, opts) do
if Info.authentication_tokens_store_all_tokens?(resource) do
with {:ok, token_resource} <- Info.authentication_tokens_token_resource(resource) do
TokenResource.Actions.store_token(
token_resource,
%{
"token" => token,
"purpose" => to_string(purpose)
},
Keyword.put(opts, :context, %{
ash_authentication: %{
user: user
}
})
)
end
else
:ok
end
end
