Ueberauth Identity Strategy for a pure json API - How to implement the request phase?

I am currently setting up Ueberauth in combination with Guardian to make the future phoenix backend of a mobile app able to perform a bunch of OAuth authentications. The backend is a pure Json API without any HTML views.

While the authentication for providers like google etc. works fine, because they actually need a request phase for the user to enter their credentials, I can’t figure out how to provide this flow for the Identity strategy (simple email and password authentication), without generating an extra HTML view, which I obivously don’t want. I tried to trigger the callback function directly with a request containing a mocked ueberauth struct, but it just won’t work. Has somebody tried something similar? Is there a way to skip the request phase or mocking it for this case?

I know I could write my own Identity authentication, but I want to avoid to split my authentication if possible and stick to one workflow.

Hi @EleMenk,
there was a similar thread on the forum.

Tutorial on creating API authentication (token based) for Phoenix 1.3?

If you check out the phauxth repo, there is a complete example implementing a email/password authentication.

Also there is an article How to Authenticate your Elixir/Phoenix APIs using Guardian on that topic which might be interesting for you.

1 Like

Hi @f34nk,

I actually followed the second article you linked there before I came here:) Unfortunately it doesn’t explain how to set up the simple identity authorization.

Luckily I figured out my problem yesterday: You have to tell Überauth where to look for the credentials in your request.
Just in case anybody should ever stumble over a similar problem, here is how I solved mine:

In your confix.exs you have to do something like

config :ueberauth, Ueberauth,
  base_path: "/api/v1/auth",
  providers: [
          param_nesting: "user",

The param_nesting: "user" parameter tells Überauth to search the required information (email and password in my case) in the user parameter of your request.

That way you can post a request with a body like this

	"user": {

directly to the ‘callback’ function, without having to provide an extra view and Überauth will recognize it properly.