Hi! I’ve been thinking about converting an existing app that uses Pow Auth to Liveview and was wondering if anyone had any success integrating both of them recently…
I tried collecting some context from the Pow repository but I don’t think the lib has provided any official support for it just yet (read more here). Since this is an old issue and the maintainer is a little absent from the repository recently, someone suggested that the addition of the on_mount/1 and attach_hook/4 callbacks could help on this front. However, it seems there are already some unanswered questions from one of the oldest issues about how exactly the lib should deal with the active WebSocket connection.
After studying the LiveBeats app repository for a little while, it seems that these problems are already solved with the new auth generator. However, upon looking at what mix phx.gen.auth generates, I’m not super thrilled about maintaining the 19 new files for a simple authentication solution.
Please, I haven’t tried it but maybe it will be useful to you since you are already in the process…
I think this thread will be really usefull for us all that like Pow as their favorite authentication library. I hope it leads to a simple and reliable solution.
Yeah, I’ve read this post before… If you look at the comments you’ll see that the author was considering migrating over to phx.gen.auth because of some session handling issues. A lot has changed since early 2021 though and I’d like to know if anyone has actually made any progress on that front.
I don’t remember the details but I recall that Pow is designed (or at least defaults to) a very aggresive session renewal model which means that your solution may miss an important aspect - the fact that Pow session may become invalid during the LiveView lifecycle resulting in allowing a user that’s actually logged out to act like he’s authenticated.
Also, and again not sure if it’s correct so please correct me if I’m wrong, aforementioned session renewal in Pow is based on recreating session every half an hour or so and since you can’t do that from LiveView without a HTTP request you’ll end up aleays expiring session if your app routes are live.
The problem is that phx.gen.auth seems a good fit for cases where you want flexibility, but the amount of code it generates does not justify its use for more traditional and simple use cases.
I haven’t used Guardian, but after looking at the repo README it seems it’s a little bit less mature/polished than Pow. I’ll take a deeper look at it when I can. Out of curiosity, are you using it in production with LiveView? (I couldn’t find a lot of examples online or documentation about it online yet).
It is a hobby project and does not use even have user registration. However, it is liveview and it is using guardian. It is also a bit unorthodox because everything, even the login form, is in liveview.
I have use Guardian in the full capability in other projects but not in LiveView. I don’t think there would be any trouble to use the full Guardian with liveview though. The U/I layer and the authentication layer are independent.
