I am using Guardian to add authentication in my app.
My router.ex file looks like this:
defmodule HineshBlogsWeb.Router do
use HineshBlogsWeb, :router
pipeline :auth do
plug HineshBlogs.UserManager.Pipeline
end
pipeline :ensure_auth do
plug Guardian.Plug.EnsureAuthenticated
end
pipeline :browser do
plug :accepts, ["html"]
plug :fetch_session
plug :fetch_flash
plug :protect_from_forgery
plug :put_secure_browser_headers
end
pipeline :api do
plug :accepts, ["json"]
end
pipeline :admin_layout do
plug :put_layout, {HineshBlogsWeb.LayoutView, :admin}
end
scope "/", HineshBlogsWeb do
pipe_through :browser
get "/", PageController, :index
end
scope "/admin", HineshBlogsWeb do
pipe_through [:browser, :admin_layout, :auth]
get "/login", SessionController, :new
post "/login", SessionController, :login
get "/logout", SessionController, :logout
end
scope "/admin", HineshBlogsWeb do
pipe_through [:browser, :auth, :admin_layout, :ensure_auth]
get "/", Admin.AdminController, :home
end
# Other scopes may use custom stacks.
# scope "/api", HineshBlogsWeb do
# pipe_through :api
# end
# Enables LiveDashboard only for development
#
# If you want to use the LiveDashboard in production, you should put
# it behind authentication and allow only admins to access it.
# If your application does not have an admins-only section yet,
# you can use Plug.BasicAuth to set up some basic authentication
# as long as you are also using SSL (which you should anyway).
if Mix.env() in [:dev, :test] do
import Phoenix.LiveDashboard.Router
scope "/" do
pipe_through :browser
live_dashboard "/dashboard", metrics: HineshBlogsWeb.Telemetry
end
end
end
I have two pipelines:
-
auth-> which checks if the admin is potentially logged in -
ensure_auth-> which checks if the admin is logged in
My auth pipleline looks like this:
defmodule HineshBlogs.UserManager.Pipeline do
use Guardian.Plug.Pipeline,
otp_app: :hinesh_blogs,
error_handler: HineshBlogs.UserManager.ErrorHandler,
module: HineshBlogs.UserManager.Guardian
# If there is a session token, restrict it to an access token and validate it
plug Guardian.Plug.VerifySession, claims: %{"typ" => "access"}
# If there is an authorization header, restrict it to an access token and validate it
plug Guardian.Plug.VerifyHeader, claims: %{"typ" => "access"}
# Load the user if either of the verifications worked
plug Guardian.Plug.LoadResource, allow_blank: true
end
However, when I access /admin I get an invalid_token error, I commented out plug Guardian.Plug.VerifySession, claims: %{"typ" => "access"} and it seems to work.
I am running my application in a docker container.
What am I missing?
