I did some research on this topic, but I wasn’t able to find anything helpful.
We are converting a Phoenix 1.4 app into an umbrella app with three web apps. Each web app runs on its own endpoint. In production, the apps will be accessible via subdomains. So x_web and y_web will be accessed through x.tld.com and y.tld.com respectively. We’re hosting the app on Heroku.
We’re not sure where to put Guardian and authentication. For now, we left guardian inside each web app in the umbrella to handle sign in and sign out. But that’s an awful lot of duplication.
Before we go on rewriting a bunch of stuff, if we extract guardian into its own app, say auth_web, can we not depend on a session cookie on the domain level to make authentication available on x_web, y_web, and so on? I think when we tried this, we ran into some issues with the Guardian token only working in the app where sign-in took place.
In regards to the session cookie being shared at the domain level, that should work. You’ll need to make sure you’re using the same secrets across all three apps. I believe phoenix uses some token for signing the session cookie and guardian uses some secret for signing the JWT.
I usually avoid umbrella apps personally. What you described seems consistent with the common practice. As for step 3, I would go for umbrella level config or app level for the auth app.
Does Heroku support multiple Phoenix endpoints running on different ports? Last time I checked it did not (although maybe it works if you’re using the new Docker support)
Also note that all configuration in an Umbrella app is shared in one global namespace.
Thanks, that’s a great resource. But we have a bigger limitation. It looks like, as @axelson mentioned, Heroku doesn’t allow access to ports, so my idea of running foo.tld.com and bar.tld.com as different umbrella apps with their own endpoints and ports won’t work after all.