amacedev

amacedev

Can phx.gen.auth be used for API authentication?

Just curious if the basic auth framework generated by phx.gen.auth can be ‘easily’ converted to work with a JSON api.

Most Liked

derek-zhou

derek-zhou

Cookie is designed to work without the JS frontend. By default, cookie session in phoneix is http only (not accessible by the js) and unencrypted (but signed so is tamper-proof). If you log in via conventional http that it is fine; if you want to have fancy login in javascript driven frontend, then it is not as easy to work with.

A bearer token is an opaque token, whereas a JWT token in the cookie session contains trusted data. With a bearer token you keep all session data server side in a ETS table or something, so it is safer and easier to work with in js.

MarthinL

MarthinL

I’d like to latch on to this question if I may.

My plan is to have my users sign up and log in using standard phoenix generated html. Essentially a customised version of the pages generated by:

mix pix.gen.auth Accounts User users

While they are logged in, users will interact on the site through a Vue Single Page Application which fetches and updates data using an API written in phoenix served from the same site.

What I’ve managed to do so far is to

  • start with a phx.new project (i.e. with ecto and html),
  • Vue-enabled it at the hand of Caleb Weeks’ blog post and Steven Pallen’s project,
  • added authentication using phx.gen.auth and
  • added a basic API added with phx.gen.json.

What I now need to figure out, with your help, is:

  • where to find the token on the vue client side,
  • how to get the token into the API call (I’m using axios),
  • how to retrieve- and
  • check the token again on the API side to limit API calls to only those arriving with valid and current tokens and also to retrieve “session” data linked to the token in the database (cached in ETS), which never the client code never get to see.

I’m aware that somewhere between none, some or even all of this is already taken care of by the generated code and/or various third-party libraries like Guardian. But I’m given to the idea that the best framework is no framework and want to ensure that I understand what the code I am using does and how.

So far, I am loving Elixir a lot, for that reason (I’ve come to Elixir from Erlang and PHP) but I am still very new to it.

al2o3cr

al2o3cr

General comment: a typical API is not going to have any stateful behavior that would require a session.

Where Next?

Popular in Questions Top

albydarned
Hello all! I am typing this post from my new MacBook Pro with the M1 chip. I’m loving it so far, and will probably use it as my daily dr...
New
JeremM34
Hello, how can I check the Phoenix version ? Thanks !
New
tduccuong
Hi, is there any work on GUI with Elixir, that is similar to Electron/Javascript? My idea is to bundle Phoenix and BEAM into a single se...
New
Fl4m3Ph03n1x
About me? ( if you have nothing better to do than reading about some random guy in the internet :stuck_out_tongue: ) Hello all, this is ...
New
earth10
Hi, I’m just starting to build a side-project with Elixir and Phoenix and doing some basic test with Elixir alone. What strikes me is th...
New
Emily
I have VueJS GUIs with the project generated using Webpack. I have Elixir modules that will need to be used by the VueJS GUIs. I forese...
New
belgoros
I’m not a pro in using Regex and can’t figure out why the following behaviour happens, especially if we take into account the difference ...
New
rms.mrcs
Hi, I need to transform a list of numbers into a map where the keys are the indexes and the values are the original values of the list. ...
New
dotdotdotPaul
Okay, I’m having a heck of a time trying to figure out how to best handle the validation of belongs_to associations in Ecto. I’m sure I’...
New
WestKeys
Currently suffering from paralysis by [HTTP client] analysis. This is rather unusual in Elixirland as there tends to be consensus on the ...
New

Other popular topics Top

Harrisonl
We have an ECS cluster with 4 services, where each task joins a single cluster, via discovery ECS discovery service. Currently when I de...
New
AstonJ
Posting this to see if we can make things easier for people to get into Neovim. If you use Neovim and have a favourite distro please let ...
New
TunkShif
This post is an instruction guide to help you setup your Neovim for Elixir development from scratch. It includes general information on h...
274 41539 114
New
albydarned
Hello all! I am typing this post from my new MacBook Pro with the M1 chip. I’m loving it so far, and will probably use it as my daily dr...
New
shahryarjb
Hello, I have map which I want to convert it to string like this: the map: %{last_name: "tavakkoli", name: "shahryar"} the string I ne...
New
stefanchrobot
What’s the safe way to decode a JSON string into a struct? I want to avoid calling String.to_atom. Jason.decode can give me a map with st...
New
dokuzbir
I want to highlight html closing tags when i click a html tag. That works in .html files but doesnt work for html.eex templates. How can...
New
Emily
I have VueJS GUIs with the project generated using Webpack. I have Elixir modules that will need to be used by the VueJS GUIs. I forese...
New
ashish173
I am using Ecto timestamps with postgres, I can see the timestamps() use the :naive_dateime but for my use case I wanted to store the ti...
New
boundedvariable
I am going through the kafka architecture. All the features what the kafka is providing are already in Erlang. I would like hear your opi...
New

We're in Beta

About us Mission Statement