brunoripa

brunoripa

Guardian, Google JWT token and `sign_in` function

Hi people,

I have a Phoenix website which uses Ueberauth and Guardian to authenticate users against Google SSO.

This is my config:

config :my_app, MyApp.Guardian,
  allowed_algos: ["RS256"],
  secret_key: %{
    "kid" => "5edd9782d820403ee8518c4aabb2b9fe310cac12",
    "e" => "AQAB",
    "kty" => "RSA",
    "alg" => "RS256",
    "n" =>
      "8leZQXh6eEjqv200Aot-ARc53fhnVex0bvPVoFAAOEuHmoR9HNqe4VUCCFX5qQ4uhTRrfpIoW-f4rZtY1gpt_4wUtNhS5-PQiSvCnljtIxCxgbW-gYKxsck8Xl-SMBYD1q4msIHbEZCE6AU_vFIgT5PjrUTo8O5YNFHpscsGDz1ZWeDTyRtf3UwTFm9p_dqSFIhyLzMo2H0BqWaowuAZeJnq0VIJxIrwjFqLj2rbBWkMxALui2uewerDrJIQQNgDqQiO8iClIbBmFxxDan5l89gHomb8HNVduIGZ3ahu18l94jQmhyVN8QQ8uNFoxfz2IfaZ3iwQL_xDtZHZtQLSUw",
    "use" => "sig"
  }

In particular the JKWS info come from here: https://www.googleapis.com/oauth2/v1/certs (I know, it’s regularly rotated, etc. For now this is not an issue).

The challenge phase is fine, I receive the Google token, at this point I verify that it is legit (it’s fun how in tutorials people skips this super important part, anyway). I can successfully do this with the following command:

{:ok, info} = MyApp.Guardian.decode_and_verify(token)

So, in order to verify the tokens everything is ok.

My problems happens when I try to use MyApp.Guardian.Plug.sign_in(email) that is the suggested way to use the Plug. I have this error:

no function clause matching in :jose_jwk_kty_rsa.sign/3

I have the feeling that I am just feeding the config with a public key info (which by definintion can only verify encrypted payloads), and since the sign_in function generates a token for the information I want to propagate, it needs a different configuration. But at this point I am lost about what would be the correct configuration … :confused:

This is a standard html pages website, and no API is involved: with APIs I could just reuse the token and verify it on each endpoint (at the very least).

Thanks in advance.

Most Liked

brunoripa

brunoripa

Ok, I leave this here for anyone who will eventually misunderstand Guardian like I did.

My understanding is that there was no bug in my implementation; the point is that I implemented only the logic to verify the google jwt token. In order to sign in (using MyApp.Guardian.Plug.sign_in) I must provide a proper specific implementation for it, with proper config (I refactored a bit the names):

config :my_app, MyApp.GoogleGuardian,
  allowed_algos: ["RS256"],
  secret_key: %{
    "kid" => "5edd9782d820403ee8518c4aabb2b9fe310cac12",
    "e" => "AQAB",
    "kty" => "RSA",
    "alg" => "RS256",
    "n" =>
      "8leZQXh6eEjqv200Aot-ARc53fhnVex0bvPVoFAAOEuHmoR9HNqe4VUCCFX5qQ4uhTRrfpIoW-f4rZtY1gpt_4wUtNhS5-PQiSvCnljtIxCxgbW-gYKxsck8Xl-SMBYD1q4msIHbEZCE6AU_vFIgT5PjrUTo8O5YNFHpscsGDz1ZWeDTyRtf3UwTFm9p_dqSFIhyLzMo2H0BqWaowuAZeJnq0VIJxIrwjFqLj2rbBWkMxALui2uewerDrJIQQNgDqQiO8iClIbBmFxxDan5l89gHomb8HNVduIGZ3ahu18l94jQmhyVN8QQ8uNFoxfz2IfaZ3iwQL_xDtZHZtQLSUw",
    "use" => "sig"
  }

config :my_app, MyApp.Guardian,
  issuer: "MyApp",
  secret_key: "my secret"

So when I have to validate the Google JWT token, i can do MyApp.GoogleGuardian.decode_and_verify(token), and MyApp.Guardian.Plug.sign_in(user) to generate a application-specific JWT.

Hope this might help avoiding my same mistake.

Where Next?

Popular in Questions Top

chokchit
** (DBConnection.ConnectionError) connection not available and request was dropped from queue after 2733ms. You can configure how long re...
New
qwerescape
Is there a way to get the call stack or stack trace at any point in the code? Not from exceptions, but an expression that returns how the...
New
earth10
Hi, I’m just starting to build a side-project with Elixir and Phoenix and doing some basic test with Elixir alone. What strikes me is th...
New
ycv005
I have followed this StackOverflow post to install the specific version of Erlang. And When I am running mix ecto.setup then getting fol...
New
vegabook
I’m brand new to Phoenix and I have stripped one of the demo applications to the bone. I just want to get an svg up on the screen. Here i...
New
alice
Hey, Just curious what are the main benefits of Elixir compared to Clojure? When is Elixir more useful than Clojure and vice versa? Th...
New
SoCreat
i’m a new one to elixir which editor can i use vs code? or atom? Thanks! :smiley:
New
fayddelight
I tried installing elixir 1.11.2 erlang 23.3.4 via asdf in my zsh shell. Enabled the versions locally and globally. When I list them ...
New
srinivasu
How to handle excepions in elixir? Suppose i have A, B, C ,D, E modules. and each module has get() function. A.get() method will call t...
New
shijith.k
I am trying to start a new phoenix project with elixir 1.9, but mix phx.new does not work. It says that ** (Mix) The task "phx.new" could...
New

Other popular topics Top

9mm
I am constructing a JSON object (map) and I need to conditionally set a field. I’m trying to write proper elixir-way code… and I’m at a l...
New
siddhant3030
Hi, I have to write a raw query for one of my project. But till now I have used ecto queries and don’t have much experience writing raw ...
New
skosch
To my knowledge, put_in, Map.update etc. all have the one limitation of not automatically creating intermediate keys when needed (for exa...
New
stefanchrobot
What’s the safe way to decode a JSON string into a struct? I want to avoid calling String.to_atom. Jason.decode can give me a map with st...
New
AngeloChecked
What learn first? Rust or Elixir Hi Elixir community! I’m here because i want learn a new language. I’m a junior developer and mainly i ...
New
aesmail
Hello guys, I have finally made it. I created an admin interface for a framework. It’s been on my todo list for years and with the curre...
New
joeerl
Hello again - after a longish gap I’ve decided I really must dig into Elixir and see what’s been happening here - so I have a few questio...
New
vonH
When I run the Plug and I recompile I wind up having to use Ctrl C to quit iex and start again. Witht the help of rlwrap I can use the cu...
New
RisingFromAshes
I’ve read in another post that it may be possible with a router helper - but I couldn’t find an appropriate one, and tbh, I’m still just ...
New
boundedvariable
I am going through the kafka architecture. All the features what the kafka is providing are already in Erlang. I would like hear your opi...
New

Latest on Elixir Forum

We're in Beta

About us Mission Statement