peppy

peppy

Help With Authentication For Phoenix: Already Have Auth Setup On PHP/MySQL

Background on my website and current authentication setup (not in Phoenix): Basically, I have a small social networking site built on PHP/MySQL. The registration/login/email verifications pages are all handled by PHP/MySQL. The “members” table is already created, containing the user’s username, password, login token, profile, registration date and everything else.

So when a user successfully logs in with their username and password, our PHP page generates a random, salty “login_token”, which gets stored in the “members” table, and also on the user’s browser with a 7-day cookie. If the user’s PHP session expires (Usually after 20-40 minutes), we compare the login token from the cookie in the browser, to the “login_token” in the member’s table in the database, and restart a new PHP session and keep them logged in. It’s basically a “Keep Me Logged In” feature. We also generate a new login token at that time, replacing the old one with the new one, and update the cookie at the same time.

Goal for Phoenix: I plan on using Phoenix to develop a variety of chatrooms, instant messaging and video chat. It’s going to be used as a supplement to my existing PHP/MySQL site.

Since PHP/MySQL handles the login authentication and creates a token, I would like all logged in users to be connected to the Phoenix app automatically. However, they still need to be authenticated in Phoenix.

I’ve been searching around for a number of guides for authentication, including phx_gen_auth, but it seems that all of these guides assume that the user is submitting the username/password directly into the Phoenix app, and that registration/login is all done through Phoenix, instead of an existing PHP/MySQL site.

I’ll explain below how I’m trying to understand this. Let’s start at the first step, socket.js has this script to connect:

let socket = new Socket("/socket", {params: {token: window.userToken}})

Is window.userToken supposed to be my login_token created from PHP, or am I supposed to add two parameters, something like?:

let socket = new Socket("/socket", {params: {token: window.userToken, login_token: window.login_token}})

Second step, the plugs go in order like this:

    pipeline :browser do
       ...
       plug MyAuth
       plug :put_user_token
     end

     defp put_user_token(conn, _) do
       if current_user = conn.assigns[:current_user] do
         token = Phoenix.Token.sign(conn, "user socket", current_user.id)
         assign(conn, :user_token, token)
       else
         conn
       end
     end

I’m not sure what MyAuth is. Is that something I’m supposed to build, where the login_token gets checked with MySQL? Can anyone provide a really simple code example for my case? And if everything looks good, the put_user_token creates a new Phoenix-based token and sends it back to the browser.

According to the guide, this creates a new userToken and adds it to:

<script>window.userToken = "<%= assigns[:user_token] %>";</script>

and then it gets verified again during the same connection?:

     def connect(%{"token" => token}, socket, _connect_info) do
       # max_age: 1209600 is equivalent to two weeks in seconds
       case Phoenix.Token.verify(socket, "user socket", token, max_age: 1209600) do
         {:ok, user_id} ->
           {:ok, assign(socket, :user, user_id)}
         {:error, reason} ->
           :error
       end
     end

There are some things here that don’t make sense to me.

If the login_token from PHP gets sent to Phoenix during a socket connect, then checked in the Phoenix backend with MySQL to authenticate/verify the user, why do I need another userToken from Phoenix sent back to the browser? If a user sends messages to people, does the userToken get sent with every message? What exactly is userToken for? If I browse to a new page, the javascript variable window.userToken disappears and has to be re-created each time anyways.

Again, I’m a total noob with Phoenix, so I’m going to need some handholding. What would your strategy be in my case? Code corrections/examples? I want to make the Phoenix auth/app as simple as possible, without minimal calls to the database.

Where Next?

Popular in Discussions Top

jswny
I would like to better understand what the advantages/disadvantages of umbrella applications are compared to structuring your app as as s...
New
sashaafm
I’m trying to evaluate the best combo/stack for a BEAM Web app. Right now I’m exploring Yaws a bit, after having dealt with Phoenix for a...
New
owaisqayum
I have a sample string sentence = "Hello, world ... 123 *** ^%&amp;*())^% %%:&gt;" From this string, I want to only keep the integers, ...
New
thojanssens1
It would be nice to be able to define a redirect from one route to another from the router.ex file. E.g.: redirect "/", UserController, ...
New
mmmrrr
Just saw that dhh announced https://hotwire.dev/ Is it just me or is this essentially live view? :smiley: Although I like the “iFrame-e...
New
AlexMcConnell
The reason that Rails is as popular as it is is because it’s very easy for relatively inexperienced developers to get a lot of work done....
588 19652 166
New
cblavier
Hey there, It’s been more than a year since we started using LiveView as our main UI library and building a whole library of UI componen...
New
100phlecs
Are there any downsides, like perf issues, to putting all functional components in CoreComponents as long as you prefix it with the conte...
New
AstonJ
Seen any cool LiveView demos, sample apps or examples? Please post them here! :003:
New
kostonstyle
Hi all How can I compare haskell with elixir, included tools, webservices, ect. Thanks
New

Other popular topics Top

sen
Hi All, I set a environment variables in dev.exs , like below code. when i start server, how can i set the ${enable} value? thanks. d...
New
vertexbuffer
Hello, can anybody help here..? I have a list of players and I what to delete an element, but every for loop the list is reverting to ori...
New
New
Fl4m3Ph03n1x
About me? ( if you have nothing better to do than reading about some random guy in the internet :stuck_out_tongue: ) Hello all, this is ...
New
stefanluptak
Hello everybody, usually, I use a 29" ultra-wide monitor for VSCode which can easily accomodate explorer (files panel) + file with code ...
New
jay1
Why is it that the mnesia database isn’t the most preferred database for use in Elixir/Phoenix?
New
vrod
I am using the Starship cross-shell prompt – it seems pretty nice, but I get some errors: [WARN] - (starship::utils): Executing command ...
New
sergio_101
I am VERY much an elixir newbie. I have taken one elixir course and one phoenix course on Udemy. During that course, I saw the instructor...
New
dblack
I’ve got an issue with an app and I’ve no idea of how to troubleshoot it. I’m hoping someone here might have seen something similar. I p...
New
KronicDeth
Elixir plugin for JetBrain’s IntelliJ Platform (including Rubymine) This is a plugin that adds support for Elixir to JetBrains IntelliJ...
289 36352 110
New

Latest on Elixir Forum

We're in Beta

About us Mission Statement