Hi! I recently finished adding authentication to my Phoenix API, so I wanted to share what I learned.
I haven’t created authentication for an API only application before, so not using sessions/cookies was a little confusing at first. I hope this post can help others who haven’t writter an API before!
@mhanberg, thank you very much. I want to ask, for how long is the token valid? How to configure that setting and does the token refresh / extends its validity the user actively is using it (i.e. does it expire only if it had been idle for some time)
Would you elaborate this piece of code, how to handle email errors here (email not found or wrong password), i.e. how to return 401 if email not found or credentials are wrong, here:
def sign_in(conn, params) do
# Find the user in the database based on the credentials sent with the request
with %User{} = user <- Accounts.find(params.email) do
# Attempt to authenticate the user
with {:ok, token, _claims} <- Accounts.authenticate(%{user: user, password: login_cred.password}) do
# Render the token
render conn, "token.json", token: token
end
end
end
I’m on a business trip right now, I’ll reply to this when I get some free
time. But in the meantime, look into the Phoenix Fallback Controller
functionality.
defmodule AcrosapWeb.FallbackController do
@moduledoc """
Translates controller action results into valid `Plug.Conn` responses.
See `Phoenix.Controller.action_fallback/1` for more details.
"""
use AcrosapWeb, :controller
def call(conn, {:error, %Ecto.Changeset{} = changeset}) do
conn
|> put_status(:unprocessable_entity)
|> render(AcrosapWeb.ChangesetView, "error.json", changeset: changeset)
end
def call(conn, {:error, :not_found}) do
conn
|> put_status(:not_found)
|> render(AcrosapWeb.ErrorView, :"404")
end
def call(conn, {:error, :unauthorized}) do
conn
|> put_status(:forbidden)
|> json(%{status: "forbidden"})
end
end
it is working except at the situation that the user object cannot be found by his email address, I get this error:
(FunctionClauseError) no function clause matching in AcrosapWeb.FallbackController.call/2