sreyansjain

sreyansjain

How to approach Authentication and Authorization in Hologram

Since Hologram is getting production ready, and Authentication and Authorization is a crucial step in making production apps, let’s discuss how to approach authentication and authorization in Hologram.

We can create a login form and then store the user token in a cookie and session. On subsequent pages we can check for the token in the session and get a user struct from the token and put it in the session.

Or

We can use a library like Guardian etc and follow the same steps.

My questions are -

  1. Is this the idiomatic way to do auth in Hologram. Since Hologram routes get called before the Router pipeline in Phoenix, whats the best approach to handle this in the pipeline itself instead of checking it in the init function in every page.
  2. What if the user logs in on another device and clicks log out from all devices. What should happen on the existing device. Should the user be logged out if the tries to invoke any command. If yes, how to do that in an idiomatic way. Or the user should be logged out immediately (it might require Pub- Sub).
  3. Phoenix has introduced scopes that can help in authorization as well as multi tenancy. How can we approach authorization in Hologram. Can we create some pipelines and nest the routes in them?

Getting some guidelines on these would really help move apps to prod. Thanks.

Most Liked

bartblast

bartblast

Creator of Hologram

Hey @sreyansjain, let me address your points:

Planned Lifecycle Method (Setup/Middleware)

Hologram will have a lifecycle method that will be invoked before component/page inits. It will probably be called “setup”, and will be treated as Hologram middleware (in place of Phoenix pipelines in the router).

The middleware will work a little differently than in Phoenix, since Hologram has different architecture and has no router. You’ll be able to create separate modules that you can plug into the setup lifecycle, and you’ll be able to use different “setup” functions in different pages. Or create specialized pages that use specific “setup” functions by default - e.g. instead of use Hologram.Page you could do use MyApp.AdminPage that will have the specialized setup implementation applied.

It will have access to raw headers and will be able to modify the input of the component/page init functions.

Current Capabilities

Since this isn’t implemented yet, I’m not ready to talk about official auth conventions, but since init/3 functions have access to server structs on which you can access/modify cookies and sessions, you can implement most auth behavior today. Commands also have access to server structs and can be authorized in the same way.

  • You can use very similar approaches as in today’s Phoenix auth solutions
  • Your example is reasonable - authenticate a user in an init/3 function and save some token/user_id to a cookie for later authorization
  • You can use any authorization libraries server-side (Guardian building blocks outside plug system, Ash policies, Permit, etc.)

Multi-device logout

Your example of pubsub and logging out of other devices is not a strictly Hologram-related question - this is a universal auth problem and depends on business requirements. The solution you specified seems like a reasonable approach and should be possible once Hologram has pub/sub implemented.


The current capabilities should get you pretty far for production, and the planned middleware system will make it much more ergonomic.

Where Next?

Popular in Questions Top

_russellb
I want to try my hand at web scraping. What tools/libraries do I need to use. I’m hoping to turn this into something professional so don’...
New
baxterw3b
Hi guys, i’m new in the Elixir world, and i have to say, that i love it! i’m having some problem to understand anonymous functions with ...
New
skosch
To my knowledge, put_in, Map.update etc. all have the one limitation of not automatically creating intermediate keys when needed (for exa...
New
pmjoe
I have a relationship of love and hate with Elixir. Lots of things are just absolutely right, but there are some things that are kind of ...
New
JulienCorb
I am trying to implement my new.html.eex file to create new posts on my website. new.html.eex: <h1>Create Post</h1> <%= ...
New
RisingFromAshes
I’ve read in another post that it may be possible with a router helper - but I couldn’t find an appropriate one, and tbh, I’m still just ...
New
srinivasu
How to handle excepions in elixir? Suppose i have A, B, C ,D, E modules. and each module has get() function. A.get() method will call t...
New
dblack
I’ve got an issue with an app and I’ve no idea of how to troubleshoot it. I’m hoping someone here might have seen something similar. I p...
New
earth10
Hi, I’m just starting to build a side-project with Elixir and Phoenix and doing some basic test with Elixir alone. What strikes me is th...
New
vonH
In asking this question I am more interested about the expressiveness of the language itself and less concerned about the availability of...
New

Other popular topics Top

AstonJ
Posting this to see if we can make things easier for people to get into Neovim. If you use Neovim and have a favourite distro please let ...
New
siddhant3030
Hi, I have to write a raw query for one of my project. But till now I have used ecto queries and don’t have much experience writing raw ...
New
lastday4you
I wanted to check elixir version in phoenix because i found that my elixir is 1.5 but when i use Enum.chunk_by it said the function is un...
New
marius95
Hello everyone, I try to use an Javascript Event Handler in my root.html.leex file. Therefore I created a function in the app.js file: ...
New
lessless
I believe there are people here who are dealing with CSV files import on the daily basis, and since Excel is a really popular tool there ...
New
Patoshizzle
After calling mix ecto.create I get this error: 17:00:32.162 [error] GenServer #PID<0.412.0> terminating ** (Postgrex.Error) FATAL...
New
pmjoe
I have a relationship of love and hate with Elixir. Lots of things are just absolutely right, but there are some things that are kind of ...
New
romenigld
I am trying to run a deploy with docker and I successfully runned with this command: docker build -t romenigld/blog-prod . but when I t...
New
Brian
What is the proper way to load a module from a file in to IEX? In the python world, doing something like this pretty standard: from ....
New
JorisKok
I have a server on AWS, and was running a load test using artillery. When looking at the Phoenix dashboard I see the Ports going to 100% ...
New

Latest on Elixir Forum

Elixir Forum

We're in Beta

About us Mission Statement