and then a user just gets connected and can join any channel and listen for its events but what if an access token expired during listening or joining another channel? nothing happens because we just check the token in connect fun only. The solutions that come into my mind are
To verify token in every channel’s join and its events but I don’t know if that is the best choice!
To run a GenServer with a user token to broadcast an event if the access token expired and then terminate it
I do not think it matters if it expires, on connect verify the token and then assign the current user in the socket, and then you have access to the user in the assigns for you joins.
If you want to always have an active token in the client, you can use some sort of heartbeat that keeps on checking or if using JWT you can just look at when it expires and ask for a refreshed token.
That’s what I’m trying to do but it doesn’t make sense to me to verify it on every channel’s join and its events, There should be a way like a middleware to verify there before access any channel and its events.
If I know when it expired how could you notify a user? (server side)
First thing that comes to mind is to check validity on join and Process.send_after the time remaining difference to terminate the channel. If your client responds to the termination by checking it’s jwt validity and grabbing a new token, it should generally be pretty seamless.
You could handle this via the channel macro to get it across your entire system easily. Although, having a ton of Channels is probably rare.
Thanks for replying. I just used macro to handle this across all the channels. Here is the code
defmodule Api.Middleware do
@moduledoc """
The aim of using this is to provide a generic way
to validate tokens across all channels.
"""
defmacro middleware(head, [do: body]) do
alias Api.Guardian
{fn_name, args_ast} = Macro.decompose_call(head)
[topic_arg, socket_arg] = args_ast
quote do
def unquote(fn_name)(unquote(topic_arg), payload = %{"token" => token}, unquote(socket_arg)) do
case Guardian.decode_and_verify(token) do
{:ok, _claims} -> unquote(body)
{:error, reason} -> handle_auth_failure(reason)
end
end
def unquote(fn_name)(unquote(topic_arg), _, unquote(socket_arg)), do: handle_auth_failure("token_not_found")
def handle_auth_failure(reason), do: {:error, %{ reason: reason }}
end
end
end