LiveView is interesting. But I have no idea how to implement sign_in with LiveView because it can’t handle cookies or local storage.
Do you have any idea?
I haven’t looked into live view yet, but you might be able to use the token approach as in channels.
I’ve tried to use Guardian.Phoenix.Socket.authenticate/5 but actually, it turned out that it uses Phoenix.Socket.assign/3 function which matches only %Phoenix.Socket{} struct but LiveView uses %Phoenix.LiveView.Socket{}, so it doesn’t work.
Oh, sorry. I forgot to write this. The point is stay user signed in.
To do that, session or api key should be stored in cookies or some else.
But I can’t find the way to do that.
Can be stored in a separate “session” process.
@Skoda091 seems like a problem with guardian, not the approach … Although I’m not suggesting assigning anything to the socket anyway.
What had in mind:
- The client would send some creds over a live view
- The backend would accept and check the creds, spawn a session process for the user, responds with the user id encoded in a phoenix token
- The client stores the phoenix token in memory (if local storage is unavailable)
- All subsequent requests are authenticated via the session process associated with the client (we get the user or session id in the token, then check that the corresponding process exists or not)
- The session process stops after some idle time so that the session doesn’t get lost on intermittent client disconnects
