micahsoftdotexe
Guardian Refresh Token In Cookie Pipeline
Greetings,
I am attempting to implement a jwt pattern in phoenix using guardian. What I am doing is that I am returning a short lived access token in the response and a long lived refresh token in the cookies. So far, I am able to send back a token back in a cookie using the following code:
with({:ok, jwt, _full_claims} <- Token.encode_and_sign(user, %{}, ttl: {1, :minute}),
{:ok, cookieJWT, _full_claims} <- Token.encode_and_sign(user, %{}, [ttl: {1, :week}, type: :refresh])) do
conn
|> put_resp_cookie("refresh_token", cookieJWT, http_only: true)
|> put_resp_content_type("application/json")
|> send_resp(200, Jason.encode!(%{token: jwt}))
and I am trying to create a refresh method and guarding it with a pipeline that looks like the following:
plug Guardian.Plug.VerifySession, [refresh_from_cookie: true, key: "refresh_token"]
plug Guardian.Plug.EnsureAuthenticated
plug Guardian.Plug.LoadResource
The issue is that VerifySession does not appear to be able to verify the cookie (even though it appears to be sent) because EnsureAuthenticated returns an error. Is there something that I am doing wrong? I am pretty new to Phoenix and Elixir in general so any help would be greatly appreciated.
Marked As Solved
micahsoftdotexe
I was able to craft my own plug that is able to both grab the correct token and verifies it with the following:
defmodule MyApp.Auth.CookieTokenValidator do
import Plug.Conn
alias Guardian.Plug.Pipeline
@behaviour Plug
@impl Plug
def init(opts), do: opts
@impl Plug
def call(conn, opts) do
with {:ok, token} <- get_token_from_cookie(conn, opts),
module <- Pipeline.fetch_module!(conn, opts),
{:ok, claims} <- Guardian.decode_and_verify(module, token, %{}, opts) do
conn
|> Guardian.Plug.put_current_token(token, key: "default")
|> Guardian.Plug.put_current_claims(claims, key: "default")
else
_error -> conn
|> send_resp(401, Jason.encode!("Could not validate token"))
|> halt()
end
end
defp get_token_from_cookie(conn, opts) do
key = Keyword.get(opts, :key, "token")
token = conn.req_cookies[key]
if token, do: {:ok, token}, else: :no_token_found
end
end
but I would like to find the proper way to do it.
Also Liked
micahsoftdotexe
It returns the error of unauthenticated as a response (with a 401).
muelthe
I had been working through an issue mself (hence the original question). I have a very simple setup (almost identical to the docs in conjunction with Ueberauth for an msoauth setup) and the problem for me was misconfiguration of the endpoint, specifically the SameSite config.
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance








