Use more than one type of user for authentication

Hi, I’m trying to set up ash_authenticator_phoenix to allow sign_in for admins and for users. Admins would access the /dashboard/ scope and users would access the /users scope. As such, I’d prefer to nest the auth-paths under these scopes. Is it possible to do that in the current version of ash_authentication_phoenix?

When I try to add more than one call to sign_in_route() in my router, I get the following error.

== Compilation error in file lib/my_app_web/router.ex ==
** (RuntimeError) attempting to redefine live_session :sign_in.
live_session routes must be declared in a single named block

Likely because this line hardcodes the name for the live session. But other than that, is this a non-feature?

this not an answer but I checked what ash-hq is using to protect the blog, and its just htcaccess :rofl: So I would guess ash-admin is really not a tool you would expose to users or even admins. I think ash admin is really a development tool more than anything else. You can quickly test out your domain without messing around with live view generators and stuff. But I guess @zachdaniel or co has a better answer for you :slight_smile:

You are correct that it is generally not intended to expose to end users, but there is a way to sign in to the admin dashboard by setting an actor in a plug ahead of time, which allows for some basic “let admins access the admin dashboard” type behavior. It sounds like we may potentially be missing some logic to allow separate sign in routes mounted at multiple places. I can see why that would be useful though. @jimsynz will have more for you on this front.

Just to be sure, I’m not talking about ash_admin, but a custom dashboard

Gotcha, then the stuff about ash_admin is not important :laughing: But mounting sign_in_routes at multiple places is something @jimsynz will still need to answer :+1:

Huh. So I didn’t even know that live_session names had to be unique (can you tell that I don’t do that much frontend stuff?) I’m open to suggestions on how to fix it.

Maybe it’s just as simple as making the live session name configurable? Hard to say without looking into it more, but maybe we’ll get lucky :laughing: