Guardian doesn't persist session

Hello, I’m using Guardian for authentication on Phoenix app, the login persist when I log in as a normal user but I’m setting a flag to know if someone is an admin and if they are then I put the key: admin on their session but for some reason Guardian.Plug.resource returns nil I can access an endpoint which is meant only to be accessed by admins but the resource, the current user and Guardian.authenticated? returns nil or false and thus I can’t see links and stuff meant to for logged users.


defmodule Euridime.GuardianSerializer do
  @moduledoc false

  @behaviour Guardian.Serializer

  alias Euridime.{Repo, User.Admin}

  def for_token(%Admin{} = user), do: {:ok, "User:#{}"}
  def for_token(_), do: {:error, "Unknown resource type"}

  def from_token("User:" <> id), do: {:ok, Repo.get(Admin, String.to_integer(id))}
  def from_token(_), do: {:error, "Unknown resource type"}

This is what I’m using to login the admin:

|> put_flash(:info, "Welcome, #{username}")
|> Guardian.Plug.sign_in(user, :token, key: :admin) # Tried changing :token to :access
|> redirect(to: admin_path(conn, :index))

And the helper on the views:

defmodule Euridime.ViewHelper do
  @moduledoc false

  alias Euridime.User

  def current_user(conn) do
    Guardian.Plug.current_resource(conn) ||
    Guardian.Plug.current_resource(conn, :admin)

    # Also tried Guardian.Plug.current_resource(conn || conn, :admin)

You should probably not return an :ok tuple if the user is, say, not an admin (in this case it is saying that the user Admin [] or so is :ok. :slight_smile:

As for the issue, I use Guardian for DB-less API endpoints authentication, not as front-end authentication (JWT is designed for DB-less API endpoint authentication), so I’m not sure… Only thing I can think of off hand is you are not adding in the Guardian plugs to your Phoenix pipeline?

Yes, I was adding them but I ended up just Ensuring Permissions to the endpoint and giving perms to the account on sign in. I can dig into this problem later because that’d be the correct way to do it even tho permissions work for now.