aboozaid
Phoenix channels authentication with refresh token
The flow of currently supported authentication through phoenix socket and channels is to use
connect(%{"token" => token}, socket, _connect_info)
and then a user just gets connected and can join any channel and listen for its events but what if an access token expired during listening or joining another channel? nothing happens because we just check the token in connect fun only. The solutions that come into my mind are
- To verify token in every channel’s join and its events but I don’t know if that is the best choice!
- To run a GenServer with a user token to broadcast an event if the access token expired and then terminate it
What do you think?
First Post!
tomkonidas
I do not think it matters if it expires, on connect verify the token and then assign the current user in the socket, and then you have access to the user in the assigns for you joins.
If you want to always have an active token in the client, you can use some sort of heartbeat that keeps on checking or if using JWT you can just look at when it expires and ask for a refreshed token.
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance








