Hi people,
I have a Phoenix website which uses Ueberauth and Guardian to authenticate users against Google SSO.
This is my config:
config :my_app, MyApp.Guardian,
allowed_algos: ["RS256"],
secret_key: %{
"kid" => "5edd9782d820403ee8518c4aabb2b9fe310cac12",
"e" => "AQAB",
"kty" => "RSA",
"alg" => "RS256",
"n" =>
"8leZQXh6eEjqv200Aot-ARc53fhnVex0bvPVoFAAOEuHmoR9HNqe4VUCCFX5qQ4uhTRrfpIoW-f4rZtY1gpt_4wUtNhS5-PQiSvCnljtIxCxgbW-gYKxsck8Xl-SMBYD1q4msIHbEZCE6AU_vFIgT5PjrUTo8O5YNFHpscsGDz1ZWeDTyRtf3UwTFm9p_dqSFIhyLzMo2H0BqWaowuAZeJnq0VIJxIrwjFqLj2rbBWkMxALui2uewerDrJIQQNgDqQiO8iClIbBmFxxDan5l89gHomb8HNVduIGZ3ahu18l94jQmhyVN8QQ8uNFoxfz2IfaZ3iwQL_xDtZHZtQLSUw",
"use" => "sig"
}
In particular the JKWS info come from here: https://www.googleapis.com/oauth2/v1/certs (I know, it’s regularly rotated, etc. For now this is not an issue).
The challenge phase is fine, I receive the Google token, at this point I verify that it is legit (it’s fun how in tutorials people skips this super important part, anyway). I can successfully do this with the following command:
{:ok, info} = MyApp.Guardian.decode_and_verify(token)
So, in order to verify the tokens everything is ok.
My problems happens when I try to use MyApp.Guardian.Plug.sign_in(email)
that is the suggested way to use the Plug. I have this error:
no function clause matching in :jose_jwk_kty_rsa.sign/3
I have the feeling that I am just feeding the config with a public key info (which by definintion can only verify encrypted payloads), and since the sign_in
function generates a token for the information I want to propagate, it needs a different configuration. But at this point I am lost about what would be the correct configuration …
This is a standard html pages website, and no API is involved: with APIs I could just reuse the token and verify it on each endpoint (at the very least).
Thanks in advance.