How to use Oban.Web behind a live_session?

sezaru · April 5, 2024, 4:56pm

In my system, I use live_session to make sure that an user is logged in and has the correct authorization to load a certain route.

I would like to use that logic to allow/disallow access to Oban.Web pages as-well.

But when i try to do it like this:

live_session :admin_authenticated,
      on_mount: [
        AshAuthentication.Phoenix.LiveSession,
        Hooks.RedirectFlash,
        {Hooks.LiveUserAuth, :user_authenticated},
        Hooks.IsActive,
        Hooks.IsPhoneNumberConfirmed,
        Hooks.IsAnAdmin
      ],
      session: {AshAuthentication.Phoenix.LiveSession, :generate_session, []} do
  oban_dashboard("/oban", resolver: Pacman.Oban.WebResolver)
end

It will fail because apparently oban_dashboard already defines a live_session and you can have nested live_session calls.

Is there some way to achieve that?

sorentwo · April 6, 2024, 9:38am

Oban Web has a built-in mechanism for authentication that you can use: Oban.Web.Resolver — Oban Web v2.10.3. Alternatively, you can use a pipeline with plugs to gate initial access.

We’ll make it possible to pass on_mount options to oban_dashboard/2 in a future version, so you could write this instead:

oban_dashboard("/oban", on_mount: [...], resolver: MyApp.Resolver)