Hi, I’m making a system in which I authenticate the user by querying his token in an api and I have a return in which later I direct him to my home screen, the problem that when he is directed, the page does not store the authentication token and says who is not authorized to view that page. I tried several ways, does anyone know how to keep the authorization?
My function:
def login(conn, params) do
case HTTPoison.post "http://localhost:4000/api/v1/session",[],[{"Authorization", "bb485518-564c-4415-9abf-ce82f8d2095f"}] do
{:ok, %HTTPoison.Response{status_code: 200, body: body}} ->
token = body
|> Jason.decode
|> (fn {:ok, x} -> x["data"]["token"] end).()
conn
|> put_status(302)
|> put_req_header("Authorization", "#{token}")
|> redirect(to: Routes.live_path(conn, BoardLive, 3))
|> IO.inspect
{:ok, %HTTPoison.Response{status_code: 404}} ->
IO.puts "Not found :("
{:error, %HTTPoison.Error{reason: reason}} ->
IO.inspect reason
end
You need a client that knows how to understand information you pass via headers. Unless you have an API client sitting there, it is unlikely to be true.
So if you talk with a browser, you either want to use cookies or sessions.
In a default setup project this will add “user_token” value to your browser cookies for your domain and current browser session. You can open dev console on your browser and see for yourself.
These are not comments that will engage the community to help you because:
You haven’t shown us what you did.
You seem to have not researched the suggested solutions. You would know that if you do put_session then obviously you should also call get_session wherever mandated by your expected workflow as @NobbZ pointed out. Did you read the docs of Plug.Conn.put_session? And get_session’s?
You don’t seem to have researched existing auth solutions. F.ex., have you looked at Pow? You could actually fully use that with just one single customisation (namely your way of fetching a token). Pow can do everything else.
Did you try searching this forum for “put_session”? Like this?
People in this forum are willing to help but not if you are responding with a single sentence. Be more specific and show us what you tried.
Yes my friend, I already do personalized authentication through POW, I already register and authenticate, my problem is being the session persistence that I am not getting, but since the post is ‘bad’, I remove it, thanks.
In my case, I needed to customize my controllers because we are authenticating through an API with a token in which we need to store it locally to persist sessions. Our git is business
I can register at the moment and log in, however, when redirecting to my main page he denies me authorization.
I forgot to explain something, sorry, in this case I am already logged in and I am using my generated token to try to enter a session in which I am not being authorized.