danww
Phoenix and Auth0
Hi there,
I have an Elm frontend app, performing user login and token creation with Auth0 Lock, and then performing requests to a Phoenix API on the backend, passing the JWT token from Elm to Phoenix in an “Authorization: Bearer ” header.
I want the Phoenix API to be able to verify the supplied token in order to auth the request from the client app.
I’m currently using Guardian(API Reference — Guardian v2.4.0), configured along these lines:
Can I verify a JWToken created by Auth0 ? · Issue #211 · ueberauth/guardian · GitHub
I’m new to Phoenix.
I can’t get past ‘plug Guardian.Plug.EnsureAuthenticated’.
I’m not sure how to debug/inspect router/pipeline.
Ideally, I’d like Guardian.Plug.EnsureAuthenticated to reside in the pipeline, rather than in each controller.
Am I correct in assuming that Guardian will actually verify the supplied token with Auth0?
Because there doesn’t seem to be any provision in the config for the Auth0 ‘client_id’, which I expect would be necessary.
Marked As Solved
danww
I started from the beginning, setting up Guardian from scratch, and it worked.
I’m still not clear why it wasn’t working in the first instance.
If anyone is interested, I did the following:
mix.exs:
- Added Guardian.
...
def application do
[mod: {MyApp, []},
applications: [:phoenix, ..., :guardian, ...]]
end
...
defp deps do
[{:phoenix, "~> 1.2.1"},
...,
{:guardian, "~> 0.14"}]
end
…then ran mix deps.get
config.exs
- set
allowed_algosto HS256 - set
issuerto Auth0 domain - set
verify_issuerto false. This may have been what solved it, although I did try changing this in my initial attempt. - set
secret_keyto Auth0 client secret - set up my own serializer - see next step.
...
config :guardian, Guardian,
allowed_algos: ["HS256"], # optional
verify_module: Guardian.JWT, # optional
issuer: <Auth0 domain>,
ttl: { 30, :days },
allowed_drift: 2000,
verify_issuer: false,
secret_key: <Auth0 client secret>,
serializer: MyApp.GuardianSerializer
...
serializer.ex
- I’m not getting anything in/out of the token at this point, so this is not of any significance, just yet
defmodule MyApp.GuardianSerializer do
@behaviour Guardian.Serializer
def for_token(id), do: {:ok, id}
def from_token(id), do: {:ok, id}
end
router.ex
- Added the following Guardian plugs to the exisiting
:apipipeline, as follows
...
pipeline :api do
plug :accepts, ["json"]
plug Guardian.Plug.VerifyHeader, realm: "Bearer"
plug Guardian.Plug.EnsureAuthenticated
plug Guardian.Plug.LoadResource
end
...
And that seemed to do the trick.
Thanks all, for your help
Also Liked
krapans
How do you pass in the request from front-end the JWT token?
danww
I’m adding a header (Authorization: Bearer <token>) to the request.
I understand Guardian should find and verify this token with the plug Guardian.Plug.VerifyHeader, realm: "Bearer" in the pipeline. I’m using the same Auth0 secret in the config for both client and server.
krapans
Ok, from this what you are saying everything sounds fine. I guess you need provide some code examples, so maybe then I could check out it and give you feedback.
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #javascript
- #code-sync
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance








