thiagomajesk
Has anyone successfully integrated Pow Auth with LiveView yet?
Hi! I’ve been thinking about converting an existing app that uses Pow Auth to Liveview and was wondering if anyone had any success integrating both of them recently…
I tried collecting some context from the Pow repository but I don’t think the lib has provided any official support for it just yet (read more here). Since this is an old issue and the maintainer is a little absent from the repository recently, someone suggested that the addition of the on_mount/1 and attach_hook/4 callbacks could help on this front. However, it seems there are already some unanswered questions from one of the oldest issues about how exactly the lib should deal with the active WebSocket connection.
After studying the LiveBeats app repository for a little while, it seems that these problems are already solved with the new auth generator. However, upon looking at what mix phx.gen.auth generates, I’m not super thrilled about maintaining the 19 new files for a simple authentication solution.
Any thoughts?
Most Liked
derek-zhou
You can look here
https://github.com/derek-zhou/liv
It is a hobby project and does not use even have user registration. However, it is liveview and it is using guardian. It is also a bit unorthodox because everything, even the login form, is in liveview.
I have use Guardian in the full capability in other projects but not in LiveView. I don’t think there would be any trouble to use the full Guardian with liveview though. The U/I layer and the authentication layer are independent.
thiagomajesk
Yeah, I’ve read this post before… If you look at the comments you’ll see that the author was considering migrating over to phx.gen.auth because of some session handling issues. A lot has changed since early 2021 though and I’d like to know if anyone has actually made any progress on that front.
I don’t remember the details but I recall that Pow is designed (or at least defaults to) a very aggresive session renewal model which means that your solution may miss an important aspect - the fact that Pow session may become invalid during the LiveView lifecycle resulting in allowing a user that’s actually logged out to act like he’s authenticated.
Also, and again not sure if it’s correct so please correct me if I’m wrong, aforementioned session renewal in Pow is based on recreating session every half an hour or so and since you can’t do that from LiveView without a HTTP request you’ll end up aleays expiring session if your app routes are live.
The problem is that phx.gen.auth seems a good fit for cases where you want flexibility, but the amount of code it generates does not justify its use for more traditional and simple use cases.
Popular in Discussions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance










