Invalid token in guardian pipeline

I am using Guardian to add authentication in my app.

My router.ex file looks like this:

defmodule HineshBlogsWeb.Router do
  use HineshBlogsWeb, :router

  pipeline :auth do
    plug HineshBlogs.UserManager.Pipeline
  end

  pipeline :ensure_auth do
    plug Guardian.Plug.EnsureAuthenticated
  end

  pipeline :browser do
    plug :accepts, ["html"]
    plug :fetch_session
    plug :fetch_flash
    plug :protect_from_forgery
    plug :put_secure_browser_headers
  end

  pipeline :api do
    plug :accepts, ["json"]
  end

  pipeline :admin_layout do
    plug :put_layout, {HineshBlogsWeb.LayoutView, :admin}
  end

  scope "/", HineshBlogsWeb do
    pipe_through :browser

    get "/", PageController, :index
  end

  scope "/admin", HineshBlogsWeb do
    pipe_through [:browser, :admin_layout, :auth]

    get "/login", SessionController, :new
    post "/login", SessionController, :login
    get "/logout", SessionController, :logout
  end

  scope "/admin", HineshBlogsWeb do
    pipe_through [:browser, :auth, :admin_layout, :ensure_auth]

    get "/", Admin.AdminController, :home
  end

  # Other scopes may use custom stacks.
  # scope "/api", HineshBlogsWeb do
  #   pipe_through :api
  # end

  # Enables LiveDashboard only for development
  #
  # If you want to use the LiveDashboard in production, you should put
  # it behind authentication and allow only admins to access it.
  # If your application does not have an admins-only section yet,
  # you can use Plug.BasicAuth to set up some basic authentication
  # as long as you are also using SSL (which you should anyway).
  if Mix.env() in [:dev, :test] do
    import Phoenix.LiveDashboard.Router

    scope "/" do
      pipe_through :browser
      live_dashboard "/dashboard", metrics: HineshBlogsWeb.Telemetry
    end
  end
end

I have two pipelines:

  • auth -> which checks if the admin is potentially logged in
  • ensure_auth -> which checks if the admin is logged in

My auth pipleline looks like this:

defmodule HineshBlogs.UserManager.Pipeline do
  use Guardian.Plug.Pipeline,
    otp_app: :hinesh_blogs,
    error_handler: HineshBlogs.UserManager.ErrorHandler,
    module: HineshBlogs.UserManager.Guardian

  # If there is a session token, restrict it to an access token and validate it
  plug Guardian.Plug.VerifySession, claims: %{"typ" => "access"}
  # If there is an authorization header, restrict it to an access token and validate it
  plug Guardian.Plug.VerifyHeader, claims: %{"typ" => "access"}
  # Load the user if either of the verifications worked
  plug Guardian.Plug.LoadResource, allow_blank: true
end

However, when I access /admin I get an invalid_token error, I commented out plug Guardian.Plug.VerifySession, claims: %{"typ" => "access"} and it seems to work.

I am running my application in a docker container.

What am I missing?