How to create an associated resource via token in ash_authentication

dongwooklee96 · February 18, 2024, 3:58pm

When I have a user resource and an associated post resource.
I want the user_id to be automatically included in the post
when I log in and create a post with token. How is this possible?

For your information, I am using ash_graphql.

I would like to send a request when I create a post with a token that was created when I log in and I would like to be able to identify the user in the post through that token.

user

defmodule Dentallog.Accounts.User do
  use Ash.Resource,
    data_layer: AshPostgres.DataLayer,
    extensions: [
      AshAuthentication]
...
authentication do
    api Dentallog.Accounts

    strategies do
      password :password do
        identity_field(:email)
        hashed_password_field(:hashed_password)
        sign_in_tokens_enabled?(true)

        resettable do
          sender(Dentallog.Accounts.User.Senders.SendPasswordResetEmail)
        end
      end
    end

post

create :create do
      argument :photos, {:array, :map}, allow_nil?: true
      argument :hashtags, {:array, :map}, allow_nil?: true
      argument :category_id, :uuid

      change set_attribute(:dental_lab_category_id, arg(:category_id))

      change manage_relationship(:photos, type: :create)
      change manage_relationship(:hashtags, type: :create)
 end

...
relationships do
    belongs_to :user, Dentallog.Accounts.User do
      api Dentallog.Accounts
end

zachdaniel · February 18, 2024, 5:08pm

In GraphQL you can request the user { id } if you add a graphql type to the user. However, exposing the user record just for that is generally not preferred.

In your case, you’ll want to do the following things:

add to your :create action:

change relate_actor(:user)

define the user_id attribute manually so that it is public

attribute :user_id, :uuid, allow_nil?: false, writable?: false

dongwooklee96 · February 19, 2024, 2:27am

Thank you for your response.
However I encounted this error.

(Ash.Error.Changes.InvalidRelationship) Invalid value provided for user: could not relate to actor, as no actor was found (and :allow_nil? is false).
    (elixir 1.16.0) lib/process.ex:860: Process.info/2

route.ex

pipeline :api do
    plug(:accepts, ["json"])
    plug(:get_actor_from_token)
    plug(AshGraphql.Plug)
  end
...
def get_actor_from_token(conn, _opts) do
    with ["Bearer" <> token] <- get_req_header(conn, "authorization"),
         {:ok, user, _claims} <- Dentallog.Guardian.resource_from_token(token) do
      conn
      |> Ash.PlugHelpers.set_actor(user)
    else
      _ ->
        conn
    end
  end

It seems like the issue is related to the “get_actor_from_token” plug in the router. There might be a problem with the logic for extracting the user from the token. Is there a specific problem in my code?

I think it’s a little awkward to extract the token information generated by ash_authentication from guardian. I’d appreciate it if you could give me your opinion regarding it.

For your information, I referred to that document.
ref : Ash Framework

zachdaniel · February 19, 2024, 3:14am

Ah, so that guide is showing an example configuration, not code meant to be used with ash_authentication (in fact, it predates ash_authentication. The setup guide for integrating ash_authentication and phoenix show you how to set up your router in such a way that the actor should properly be made present:

https://hexdocs.pm/ash_authentication_phoenix/getting-started-with-ash-authentication-phoenix.html

dongwooklee96 · February 19, 2024, 5:16am

router.ex

pipeline :api do
    plug(:accepts, ["json"])
    plug(:load_from_bearer)
  end

So, if I use ash_authentication, I can write code like this on the router, and when I make a
graphql request and the user_id will be filled in?
Also on the action, I was wondering how I can get :current_user from the token.

req-header

Authorization "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ-PiAzLjEyIiwiZXhwIjoxNzA4MzA1ODY1LCJpYXQiOjE3MDgzMDQwNjUsImlzcyI6IkFzaEF1dGhlbnRpY2F0aW9uIHYzLjEyLjIiLCJqdGkiOiIydXFocXZwMTBlc2F1aWZrMWMwMDAxNTEiLCJuYmYiOjE3MDgzMDQwNjUsInB1cnBvc2UiOiJ1c2VyIiwic3ViIjoidXNlcj9pZD02OWVjMTExZS0zOTQ5LTQ3MjAtYTQxZi03MTNhM2U4MTM2YzUifQ.2zeXFGUINXpFWCyoe0rh6GI1rkyLTOSyh9msJBwhOt8eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ-PiAzLjEyIiwiZXhwIjoxNzE2MDkzODI2LCJpYXQiOjE3MDgzMTc4MjYsImlzcyI6IkFzaEF1dGhlbnRpY2F0aW9uIHYzLjEyLjIiLCJqdGkiOiIydXFpazBvZXNsajd0dGQ1azAwMDA2ajEiLCJuYmYiOjE3MDgzMTc4MjYsInB1cnBvc2UiOiJ1c2VyIiwic3ViIjoidXNlcj9pZD02OWVjMTExZS0zOTQ5LTQ3MjAtYTQxZi03MTNhM2U4MTM2YzUifQ._9t5xMBMT1creSgHd9A4tY2fgmY9bIMmeyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ-PiAzLjEyIiwiZXhwIjoxNzE2MDkzODI2LCJpYXQiOjE3MDgzMTc4MjYsImlzcyI6IkFzaEF1dGhlbnRpY2F0aW9uIHYzLjEyLjIiLCJqdGkiOiIydXFpazBvZXNsajd0dGQ1azAwMDA2ajEiLCJuYmYiOjE3MDgzMTc4MjYsInB1cnBvc2UiOiJ1c2VyIiwic3ViIjoidXNlcj9pZD02OWVjMTExZS0zOTQ5LTQ3MjAtYTQxZi03MTNhM2U4MTM2YzUifQ._9t5xMBMT1creSgHd9A4tY2fgmY9bIMmutUVEiE1YLgutUVEiE1YLg"

post.ex

...
create :create do
      ...
      change relate_actor(:user)
      ...
    end
...

attrubutes do
  ...
  attribute :user_id, :uuid, allow_nil?: false, writable?: false
  ...
end

relationships do
    belongs_to :user, Dentallog.Accounts.User do
      api Dentallog.Accounts
    end
 end

However, I was faced with the following error.

call stack

[warning] `aa34e202-8b7f-4a83-b24f-705291b27fe9`: AshGraphql.Error not implemented for error:

** (Ash.Error.Changes.InvalidRelationship) Invalid value provided for user: could not relate to actor, as no actor was found (and :allow_nil? is false).
    (elixir 1.16.0) lib/process.ex:860: Process.info/2
    (ash 2.19.3) lib/ash/error/exception.ex:59: Ash.Error.Changes.InvalidRelationship.exception/1
    (ash 2.19.3) lib/ash/resource/change/relate_actor.ex:31: Ash.Resource.Change.RelateActor.change/3
    (ash 2.19.3) lib/ash/changeset/changeset.ex:1782: anonymous fn/6 in Ash.Changeset.run_action_changes/6
    (elixir 1.16.0) lib/enum.ex:2528: Enum."-reduce/3-lists^foldl/2-0-"/3
    (ash 2.19.3) lib/ash/changeset/changeset.ex:1319: Ash.Changeset.do_for_action/4
    (ash_graphql 0.26.9) lib/graphql/resolver.ex:1037: AshGraphql.Graphql.Resolver.mutate/2
    (absinthe 1.7.6) lib/absinthe/phase/document/execution/resolution.ex:234: Absinthe.Phase.Document.Execution.Resolution.reduce_resolution/1
    (absinthe 1.7.6) lib/absinthe/phase/document/execution/resolution.ex:189: Absinthe.Phase.Document.Execution.Resolution.do_resolve_field/3
    (absinthe 1.7.6) lib/absinthe/phase/document/execution/resolution.ex:174: Absinthe.Phase.Document.Execution.Resolution.do_resolve_fields/6
    (absinthe 1.7.6) lib/absinthe/phase/document/execution/resolution.ex:145: Absinthe.Phase.Document.Execution.Resolution.resolve_fields/4
    (absinthe 1.7.6) lib/absinthe/phase/document/execution/resolution.ex:88: Absinthe.Phase.Document.Execution.Resolution.walk_result/5
    (absinthe 1.7.6) lib/absinthe/phase/document/execution/resolution.ex:67: Absinthe.Phase.Document.Execution.Resolution.perform_resolution/3
    (absinthe 1.7.6) lib/absinthe/phase/document/execution/resolution.ex:24: Absinthe.Phase.Document.Execution.Resolution.resolve_current/3
    (absinthe 1.7.6) lib/absinthe/pipeline.ex:408: Absinthe.Pipeline.run_phase/3
    (absinthe_plug 1.5.8) lib/absinthe/plug.ex:536: Absinthe.Plug.run_query/4
    (absinthe_plug 1.5.8) lib/absinthe/plug.ex:290: Absinthe.Plug.call/2
    (phoenix 1.7.11) lib/phoenix/router/route.ex:42: Phoenix.Router.Route.call/2
    (phoenix 1.7.11) lib/phoenix/router.ex:484: Phoenix.Router.__call__/5
    (dentallog 0.1.0) lib/dentallog_web/endpoint.ex:1: DentallogWeb.Endpoint.plug_builder_call/2

zachdaniel · February 19, 2024, 2:01pm

Oh, sorry, you aren’t currently using AshAuthentication? In that case, you’d have to be using Guardian directly, at which point you’d need to check their documentation on how to extract the resource id from the token. Then, given that, you can use something like YourApi.get to look up the user by id. Then you can use Ash.PlugHelpers.set_actor/2 as you did in your original example.

dongwooklee96 · February 19, 2024, 8:35pm

I am currently using ashAuthentication, and I am facing some difficulty in identifying the cause due to some declarative code in ash. I will attach my entire code for your reference. I would appreciate any relevant insights you could provide.

router.ex

pipeline :api do
    plug(:accepts, ["json"])
    plug(:load_from_bearer)
  end

scope "/" do
    pipe_through([:api])

    forward("/gql", Absinthe.Plug, schema: DentallogWeb.Schema)

    forward(
      "/playground",
      Absinthe.Plug.GraphiQL,
      schema: DentallogWeb.Schema,
      interface: :playground
    )
  end

Originally, I would have written the router with ash_authentication like this, correct?

user.ex

defmodule Dentallog.Accounts.User do
  use Ash.Resource,
    data_layer: AshPostgres.DataLayer,
    extensions: [
      AshAuthentication,
      AshGraphql.Resource,
      AshArchival.Resource,
      AshPaperTrail.Resource
    ]

  graphql do
    type :user

    queries do
      read_one :sign_in_with_password, :sign_in_with_password do
        as_mutation?(true)
        type_name(:user_with_metadata)
      end
    end

    mutations do
    end
  end

  postgres do
    table "users"
    repo Dentallog.Repo
  end

  paper_trail do
    change_tracking_mode(:changes_only)
    store_action_name?(true)
    reference_source?(false)
  end

  code_interface do
    define_for Dentallog.Accounts
    define :resend_confirmation_instructions
    define :by_id, args: [:id]
    define :register_with_password, args: [:email, :password, :password_confirmation]
  end

  actions do
    defaults [:create, :read, :destroy]

    read :list do
      pagination keyset?: true, default_limit: 20, countable: true
    end

    read :by_id do
      get? true
      argument :id, :uuid, allow_nil?: false
      filter expr(id == ^arg(:id))
    end

    update :change_password do
      accept []

      argument :current_password, :string do
        sensitive? true
        allow_nil? false
      end

      argument :password, :string do
        sensitive? true
        allow_nil? false
      end

      argument :password_confirmation, :string do
        sensitive? true
        allow_nil? false
      end

      change set_context(%{strategy_name: :password})

      validate confirm(:password, :password_confirmation)

      validate {AshAuthentication.Strategy.Password.PasswordValidation,
                strategy_name: :password, password_argument: :current_password} do
        only_when_valid? true
        before_action? true
      end

      change AshAuthentication.Strategy.Password.HashPasswordChange
    end

    update :update_email do
      accept [:email]

      argument :current_password, :string do
        sensitive? true
        allow_nil? false
      end

      change set_context(%{strategy_name: :password})

      validate {AshAuthentication.Strategy.Password.PasswordValidation,
                password_argument: :current_password} do
        only_when_valid? true
        before_action? true
      end
    end

    update :resend_confirmation_instructions do
      accept []

      change fn changeset, _context ->
        Ash.Changeset.before_action(changeset, fn changeset ->
          case Dentallog.Accounts.UserToken.email_token_for_user(changeset.data.id,
                 authorize?: false
               ) do
            {:ok, %{extra_data: %{"email" => changing_to}}} ->
              temp_changeset = %{
                changeset
                | attributes: Map.put(changeset.attributes, :email, changing_to)
              }

              strategy = AshAuthentication.Info.strategy!(changeset.resource, :confirm)

              {:ok, token} =
                AshAuthentication.AddOn.Confirmation.confirmation_token(
                  strategy,
                  temp_changeset,
                  changeset.data
                )

              AshHq.Accounts.User.Senders.SendConfirmationEmail.send(changeset.data, token, [])

              changeset

            _ ->
              Ash.Changeset.add_error(changeset, "Could not determine what email to use")
          end
        end)
      end
    end
  end

  relationships do
    has_one :token, Dentallog.Accounts.UserToken do
      destination_attribute :user_id
      private? true
    end
  end

  attributes do
    uuid_primary_key :id
    attribute :email, :ci_string, allow_nil?: false
    attribute :hashed_password, :string, allow_nil?: false, sensitive?: true
    create_timestamp :created_at
    update_timestamp :update_at
  end

  changes do
    change Dentallog.Accounts.User.Changes.RemoveAllTokens,
      where: [action_is(:password_reset_with_password)]
  end

  validations do
    validate match(:email, ~r/^[^\s]+@[^\s]+$/), message: "must have the @ sign and no spaces"
  end

  authentication do
    api Dentallog.Accounts

    strategies do
      password :password do
        identity_field(:email)
        hashed_password_field(:hashed_password)
        sign_in_tokens_enabled?(true)

        resettable do
          sender(Dentallog.Accounts.User.Senders.SendPasswordResetEmail)
        end
      end
    end

    tokens do
      enabled?(true)
      token_resource(Dentallog.Accounts.UserToken)
      signing_secret(Dentallog.Accounts.Secrets)
      store_all_tokens?(true)
      require_token_presence_for_authentication?(true)
      # token_lifetime({30, :minutes})
      token_lifetime({90, :days})
    end

    add_ons do
      confirmation :confirm do
        monitor_fields([:email])

        sender(Dentallog.Accounts.User.Senders.SendConfirmationEmail)
      end
    end
  end

  identities do
    identity :unique_email, [:email] do
      eager_check_with Dentallog.Accounts
    end
  end
end

zachdaniel · February 19, 2024, 9:05pm

Yeah, as far as I can tell, that setup looks correct. :load_from_bearer should attach the current user. @jimsynz may have some insights here.

jimsynz · February 19, 2024, 9:21pm

That looks correct. load_from_bearer should decode the token and place the current user in the assigns. If you’re trying to use the user as the actor then you will need to use set_actor.

zachdaniel · February 19, 2024, 9:46pm

Ah, I didn’t realize the set_actor part.

dongwooklee96 · February 19, 2024, 11:45pm

Hmm… It’s very weired thing…
I’m sure check with IO.inspect that the actor is set up, but I still get an error that the actor is not provided

private: %{
:ash => %{actor: :user},
DentallogWeb.Router => ,
:phoenix_router => DentallogWeb.Router,
:plug_session_fetch => #Function<1.76384852/1 in Plug.Session.fetch_session/1>,
:before_send => [#Function<0.54455629/1 in Plug.Telemetry.call/2>,
#Function<1.28079098/1 in Phoenix.LiveReloader.before_send_inject_reloader/3>],
:phoenix_endpoint => DentallogWeb.Endpoint,
:phoenix_format => “json”,
:phoenix_request_logger => {“request_logger”, “request_logger”}
},

router.ex

pipeline :api do
    plug(:accepts, ["json"])
    plug(:load_from_bearer)
    plug(:set_actor)
    plug(AshGraphql.Plug)
  end

  scope "/" do
    pipe_through([:api])

    forward("/gql", Absinthe.Plug, schema: DentallogWeb.Schema)

    forward(
      "/playground",
      Absinthe.Plug.GraphiQL,
      schema: DentallogWeb.Schema,
      interface: :playground
    )
  end

...

def set_actor(conn, _opts) do
    IO.inspect("=======")
    result = Ash.PlugHelpers.set_actor(conn, :user)
    IO.inspect(result)
    IO.inspect("=======")
    conn
  end

output

"======="
%Plug.Conn{
  adapter: {Plug.Cowboy.Conn, :...},
  assigns: %{},
  body_params: %{
    "query" => "mutation CreateDentalLabPost($input: CreateDentalLabPostInput) {\n  createDentalLabPost(input: $input) {\n    result {\n      id\n      title\n      dentalLabCategory {\n        name\n      }\n      isRevealHospital\n      createdAt\n      updateAt\n    }\n    errors {\n      message\n    }\n  }\n}\n",
    "variables" => %{
      "input" => %{
        "body" => "오늘 겪었던 일에 대해서 설명드릴게요",
        "categoryId" => "51cb57b3-d303-4ba2-8422-ae3f3f5aa260",
        "hashtags" => [%{"name" => "hashtag1"}, %{"name" => "hashtag2"}],
        "isRevealHospital" => false,
        "photos" => [
          %{"fileName" => "foo1", "fileUrl" => "fool1.jpg"},
          %{"fileName" => "foo2", "fileUrl" => "fool2.jpg"}
        ],
        "title" => "덴탈 임상에 관하여.."
      }
    }
  },
  cookies: %{},
  halted: false,
  host: "localhost",
  method: "POST",
  owner: #PID<0.659.0>,
  params: %{
    "query" => "mutation CreateDentalLabPost($input: CreateDentalLabPostInput) {\n  createDentalLabPost(input: $input) {\n    result {\n      id\n      title\n      dentalLabCategory {\n        name\n      }\n      isRevealHospital\n      createdAt\n      updateAt\n    }\n    errors {\n      message\n    }\n  }\n}\n",
    "variables" => %{
      "input" => %{
        "body" => "오늘 겪었던 일에 대해서 설명드릴게요",
        "categoryId" => "51cb57b3-d303-4ba2-8422-ae3f3f5aa260",
        "hashtags" => [%{"name" => "hashtag1"}, %{"name" => "hashtag2"}],
        "isRevealHospital" => false,
        "photos" => [
          %{"fileName" => "foo1", "fileUrl" => "fool1.jpg"},
          %{"fileName" => "foo2", "fileUrl" => "fool2.jpg"}
        ],
        "title" => "덴탈 임상에 관하여.."
      }
    }
  },
  path_info: ["gql"],
  path_params: %{},
  port: 4000,
  private: %{
    :ash => %{actor: :user},
    DentallogWeb.Router => [],
    :phoenix_router => DentallogWeb.Router,
    :plug_session_fetch => #Function<1.76384852/1 in Plug.Session.fetch_session/1>,
    :before_send => [#Function<0.54455629/1 in Plug.Telemetry.call/2>,
     #Function<1.28079098/1 in Phoenix.LiveReloader.before_send_inject_reloader/3>],
    :phoenix_endpoint => DentallogWeb.Endpoint,
    :phoenix_format => "json",
    :phoenix_request_logger => {"request_logger", "request_logger"}
  },
  query_params: %{},
  query_string: "",
  remote_ip: {127, 0, 0, 1},
  req_cookies: %{},
  req_headers: [
    {"accept", "*/*"},
    {"accept-encoding", "gzip, deflate, br"},
    {"authorization",
     "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ-PiAzLjEyIiwiZXhwIjoxNzA4MzA1ODY1LCJpYXQiOjE3MDgzMDQwNjUsImlzcyI6IkFzaEF1dGhlbnRpY2F0aW9uIHYzLjEyLjIiLCJqdGkiOiIydXFocXZwMTBlc2F1aWZrMWMwMDAxNTEiLCJuYmYiOjE3MDgzMDQwNjUsInB1cnBvc2UiOiJ1c2VyIiwic3ViIjoidXNlcj9pZD02OWVjMTExZS0zOTQ5LTQ3MjAtYTQxZi03MTNhM2U4MTM2YzUifQ.2zeXFGUINXpFWCyoe0rh6GI1rkyLTOSyh9msJBwhOt8eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ-PiAzLjEyIiwiZXhwIjoxNzE2MDkzODI2LCJpYXQiOjE3MDgzMTc4MjYsImlzcyI6IkFzaEF1dGhlbnRpY2F0aW9uIHYzLjEyLjIiLCJqdGkiOiIydXFpazBvZXNsajd0dGQ1azAwMDA2ajEiLCJuYmYiOjE3MDgzMTc4MjYsInB1cnBvc2UiOiJ1c2VyIiwic3ViIjoidXNlcj9pZD02OWVjMTExZS0zOTQ5LTQ3MjAtYTQxZi03MTNhM2U4MTM2YzUifQ._9t5xMBMT1creSgHd9A4tY2fgmY9bIMmeyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ-PiAzLjEyIiwiZXhwIjoxNzE2MDkzODI2LCJpYXQiOjE3MDgzMTc4MjYsImlzcyI6IkFzaEF1dGhlbnRpY2F0aW9uIHYzLjEyLjIiLCJqdGkiOiIydXFpazBvZXNsajd0dGQ1azAwMDA2ajEiLCJuYmYiOjE3MDgzMTc4MjYsInB1cnBvc2UiOiJ1c2VyIiwic3ViIjoidXNlcj9pZD02OWVjMTExZS0zOTQ5LTQ3MjAtYTQxZi03MTNhM2U4MTM2YzUifQ._9t5xMBMT1creSgHd9A4tY2fgmY9bIMmutUVEiE1YLgutUVEiE1YLg"},
    {"connection", "keep-alive"},
    {"content-length", "801"},
    {"content-type", "application/json"},
    {"host", "localhost:4000"},
    {"postman-token", "30d6e47e-0422-4270-9488-840498d048b2"},
    {"user-agent", "PostmanRuntime/7.36.3"}
  ],
  request_path: "/gql",
  resp_body: nil,
  resp_cookies: %{},
  resp_headers: [
    {"cache-control", "max-age=0, private, must-revalidate"},
    {"x-request-id", "F7VoFgcgpfEqlpgAACLi"}
  ],
  scheme: :http,
  script_name: [],
  secret_key_base: :...,
  state: :unset,
  status: nil
}
"======="
[debug] ABSINTHE schema=DentallogWeb.Schema variables=%{"input" => %{"body" => "오늘 겪었던 일에 대해서 설명드릴게요", "categoryId" => "51cb57b3-d303-4ba2-8422-ae3f3f5aa260", "hashtags" => [%{"name" => "hashtag1"}, %{"name" => "hashtag2"}], "isRevealHospital" => false, "photos" => [%{"fileName" => "foo1", "fileUrl" => "fool1.jpg"}, %{"fileName" => "foo2", "fileUrl" => "fool2.jpg"}], "title" => "덴탈 임상에 관하여.."}}
---
mutation CreateDentalLabPost($input: CreateDentalLabPostInput) {
  createDentalLabPost(input: $input) {
    result {
      id
      title
      dentalLabCategory {
        name
      }
      isRevealHospital
      createdAt
      updateAt
    }
    errors {
      message
    }
  }
}
---
[warning] `65d79afc-ac14-4936-95c8-7e9280b9058f`: AshGraphql.Error not implemented for error:

** (Ash.Error.Changes.InvalidRelationship) Invalid value provided for user: could not relate to actor, as no actor was found (and :allow_nil? is false).
    (elixir 1.16.0) lib/process.ex:860: Process.info/2
    (ash 2.19.3) lib/ash/error/exception.ex:59: Ash.Error.Changes.InvalidRelationship.exception/1
    (ash 2.19.3) lib/ash/resource/change/relate_actor.ex:31: Ash.Resource.Change.RelateActor.change/3
    (ash 2.19.3) lib/ash/changeset/changeset.ex:1782: anonymous fn/6 in Ash.Changeset.run_action_changes/6
    (elixir 1.16.0) lib/enum.ex:2528: Enum."-reduce/3-lists^foldl/2-0-"/3
    (ash 2.19.3) lib/ash/changeset/changeset.ex:1319: Ash.Changeset.do_for_action/4
    (ash_graphql 0.26.9) lib/graphql/resolver.ex:1037: AshGraphql.Graphql.Resolver.mutate/2
    (absinthe 1.7.6) lib/absinthe/phase/document/execution/resolution.ex:234: Absinthe.Phase.Document.Execution.Resolution.reduce_resolution/1
    (absinthe 1.7.6) lib/absinthe/phase/document/execution/resolution.ex:189: Absinthe.Phase.Document.Execution.Resolution.do_resolve_field/3
    (absinthe 1.7.6) lib/absinthe/phase/document/execution/resolution.ex:174: Absinthe.Phase.Document.Execution.Resolution.do_resolve_fields/6
    (absinthe 1.7.6) lib/absinthe/phase/document/execution/resolution.ex:145: Absinthe.Phase.Document.Execution.Resolution.resolve_fields/4
    (absinthe 1.7.6) lib/absinthe/phase/document/execution/resolution.ex:88: Absinthe.Phase.Document.Execution.Resolution.walk_result/5
    (absinthe 1.7.6) lib/absinthe/phase/document/execution/resolution.ex:67: Absinthe.Phase.Document.Execution.Resolution.perform_resolution/3
    (absinthe 1.7.6) lib/absinthe/phase/document/execution/resolution.ex:24: Absinthe.Phase.Document.Execution.Resolution.resolve_current/3
    (absinthe 1.7.6) lib/absinthe/pipeline.ex:408: Absinthe.Pipeline.run_phase/3
    (absinthe_plug 1.5.8) lib/absinthe/plug.ex:536: Absinthe.Plug.run_query/4
    (absinthe_plug 1.5.8) lib/absinthe/plug.ex:290: Absinthe.Plug.call/2
    (phoenix 1.7.11) lib/phoenix/router/route.ex:42: Phoenix.Router.Route.call/2
    (phoenix 1.7.11) lib/phoenix/router.ex:484: Phoenix.Router.__call__/5
    (dentallog 0.1.0) lib/dentallog_web/endpoint.ex:1: DentallogWeb.Endpoint.plug_builder_call/2

dongwooklee96 · February 20, 2024, 12:55am

router.ex

pipeline :api do
    plug(:accepts, ["json"])
    plug(:load_from_bearer)
    plug(:set_actor)
    plug(AshGraphql.Plug)
  end

I checked that after load_from_bearer, I noticed to assign to Plug.conn with the key current_user

%Plug.Conn{
  adapter: {Plug.Cowboy.Conn, :...},
  assigns: %{
    current_user: #Dentallog.Accounts.User<
      token: #Ash.NotLoaded<:relationship, field: :token>,
      paper_trail_versions: #Ash.NotLoaded<:relationship, field: :paper_trail_versions>,
      __meta__: #Ecto.Schema.Metadata<:loaded, "users">,
      confirmed_at: nil,
      archived_at: nil,
      id: "69ec111e-3949-4720-a41f-713a3e8136c5",
      email: #Ash.CiString<"dwlee@bananaspace.io">,
      created_at: ~U[2024-02-17 06:33:09.845550Z],
      update_at: ~U[2024-02-17 06:33:09.845550Z],
      aggregates: %{},
      calculations: %{},
      ...
    >
  },

So I think I should use set_factor like this, right?

set_actor(conn.assigns.current_user)

dongwooklee96 · February 20, 2024, 3:00am

I solve this problem
with below code.
router.ex

pipeline :api do
    plug(:accepts, ["json"])
    plug(:load_from_bearer)
    plug(:set_actor)
    plug(AshGraphql.Plug)
  end

  scope "/" do
    pipe_through([:api])

    forward("/gql", Absinthe.Plug, schema: DentallogWeb.Schema)

    forward(
      "/playground",
      Absinthe.Plug.GraphiQL,
      schema: DentallogWeb.Schema,
      interface: :playground
    )
 end


def set_actor(conn, _opts) do
    conn
    |> Ash.PlugHelpers.set_actor(conn.assigns.current_user)
end

jimsynz · February 25, 2024, 10:31pm

So there’s some confusion here.

Ash.PlugHelpers.set_actor/2 sets the actor a specific value.
AshAuthentication.Plug.Helpers.set_actor/2 (which should be in scope from your call to use AshAuthentication.Phoenix.Router ) sets the actor by inferring the assign from the argument provided. For example plug(:set_actor, :user) will set the :current_user assign as the actor.