How to deal with Google login which has no password?

Hi I am working on User authentication using phx_gen_auth and Ueberauth(for google login)
And my user schema has hashed_password field and it is not nullable in database (null: false).

So how do you guys do this? when signing up a user using Google OAuth?
Changing hashed_password field to nullable seems not good solution.
Do you have any idea?

Would setting a randomly generated password work?


You could also just make it nullable.

And leverage the changeset to either require a password, or not.


You probably want to make sure, that you don’t introduce any timing attacks;

The generator is meant to be a simple and straight-forward starting point. If you have basic needs for authentication

Given that phx.gen.auth is just a starting point, then I would discourage the use of making password_hash nullable in any production env, unless you know what you are doing, and in that case you probably don’t need this, there is other solution out there, that play nice with SSO and are production ready: Guardian and Pow

1 Like