Background: I have a PHP/MySQL website set up long ago before Phoenix. The user does their username/password login on our /login.php page. Upon successful login, my site generates a random “login token”, which gets stored as an httpOnly cookie in their browser and also gets saved in the database. When the PHP session expires, we just look up the login token in the database and we know it’s the user renewing their PHP session, and we assign a new login token.
In regards to Phoenix, the login auth is already done on my PHP script, and I receive a PHP-generated auth token stored as a cookie. Based on advice here, it sounds like I will be using Phoenix as an API, since all the front-end stuff is done using my PHP website.
In regards to a strategy, I received this advice, which sounds promising:
So how exactly would I do this? Am I supposed to use CURL in my PHP script and send a POST request to Phoenix with the “login token” as a parameter, and then Phoenix looks up MySQL once more to authenticate on it’s end?
What would the Plug and Endpoint code look like in Phoenix for this?
I’m assuming I will use something like: Phoenix.Token — Phoenix v1.5.12 “Phoenix.Token.sign”, to create this “Bearer Token” and that gets sent back to my PHP login.php script via the CURL response?
What should my PHP script do when it receives this Bearer Token in the CURL response? Does that Bearer Token get stored as an httpOnly cookie before redirecting the user to whatever page they are browsing?
When the user is browsing through different pages and connects to Phoenix on each page load, do I use something like “Plug.Conn.get_req_header(conn, “cookie[bearer-token]”)” on each connection to fetch that token and run Phoenix.Token.verify on it to authenticate the user without having to do database calls on each connection?
Again, what would the full Plug/Endpoint look like? I ask because I cannot find any simple examples anywhere for my specific case. Most examples have the login/registration page all built into Phoenix.
I’m very gradually understanding this through much reading and by finding bits and pieces all around, but I want to make sure I’m on the right path.