Hello I am trying to add use auth0 authentication with my API. I am able to take username and passwords and generate JWTs from auth0 with no problem and putting these in jwt.io I see that they are valid. However when I try to pass these tokens through my pipeline to protect other routes I am getting errors. I have been playing around for nearly 3 days both Guardian.Plug.VerifyHeader and Guardian.PlugEnsureAuthenticated return invalid_token and unauthenticated respectively. I have sent requests from both Postman and Curl and get the same results. Im going to post the related code below thank you for your help in advance
config.ex
config :cardinal, Auth.Guardian,
allowed_algos: ["HS256"],
verify_module: Guardian.JWT,
issuer: "<Auth0 domain",
verify_issuer: false,
secret_key: "<Auth0 Signing secret"
pipeline.ex
defmodule Auth.Guardian.Pipeline do
@moduledoc """
Configures a set of plugs to be used with Guardian based authentication / authorisation
"""
use Guardian.Plug.Pipeline,
otp_app: :cardinal,
error_handler: Auth.Guardian.ErrorHandler,
module: Auth.Guardian
# Look for a token in the HTTP Authorization header. (prefixed with `"Bearer "`)
plug Guardian.Plug.VerifyHeader, realm: "Bearer"
# Make sure the token is found and authenticated
plug Guardian.Plug.EnsureAuthenticated
# Load the Identity
#plug Guardian.Plug.LoadResource
# Add :current_identity to the connection
#plug :assign_current_identity
defp assign_current_identity(conn, _) do
conn
|> assign(:current_identity, Guardian.Plug.current_resource(conn))
end
end
guardian.ex
defmodule Auth.Guardian do
@moduledoc """
This is the main Guardian module used by the application to gain access to claims,
identity, token, etc.
Implements callback to properly integrate with Auth0.
"""
use Guardian, otp_app: :orders
alias Auth.Identity
@impl Guardian
@doc false
def resource_from_claims(%{"sub" => "auth0|" <> id} = claims), do: {:ok, %Identity{id: id}}
end
