Code review for authentication flow

Hi Everyone!

I’m still new to the Elixir and Phoenix world, so I’m trying to make an API as a learning project, but in the end I got a bit confused while trying to work out an authentication flow with Guardian. In the end I managed to create a working prototype (without token revocation but I plan on building it later), but I am not sure if my code follows best practices, and would love some advice if someone is willing to review it. The most confusing thing was the pipeline and the error handling for me, so if somebody takes a look on that, that’s a great help already

All feedback is greatly appreciated! I made a PR for myself on github, you can take a look at it here:

Guardian is designed for tokens specifically that don’t hit the database, I.E. it makes no sense for it to have revocation, rather a very short timeout between non-communicating servers is their general use, not single server API’s. It sounds like you just want to use normal Phoenix.Token's.


I think this can help you. Let me know if you’re stuck somewhere

1 Like