Rya
Using both a password based and OpenId based authentication using Guardian
Issue:
I’m currently trying to implement support for openID authentication using guardian for a RESTful api.
The api i’m currently working with supports authentication with a password stored as a hash on the api’s db. I’d like to add another option to login using openID through authelia.
All users have a :distant, :boolean field used to denote wether a user authenticates through a password in the db or authelia. I want to make it so that guardian generates a token itself only when a user is not distant. If it is distant i want instead for guardian to store the token given by authelia, and use that token afterwards. That way i can use the protected endpoints of my project (based on the EnsureAuthenticated Plug) without any modifications
Goal:
I want to modify the way guardian creates and verifies tokens to switch between verifying the password itself or letting authelia handle verifications/token creation.
I want the resulting token to be used transparently by the EnsureAuthneicated Guardian plug so that i don’t have to modifiy the endpoints of my project.
I don’t fully understand the authentication life cycle of the phoenix connection, so i don’t know where to start.
Current pipeline
This is the pipeline is use for authentication. ideally i’d like to only modify this part so that changes are transparent for the rest of the code (apart from the new routes needed to authenticate through authelia ofc.)
defmodule Backend24hWeb.Auth.SwimmerPipeline do
use Guardian.Plug.Pipeline, otp_app: :backend24,
module: Backend24hWeb.Auth.GuardianNageur,
error_handler: Backend24hWeb.Auth.GuardianErrorHandler
plug Guardian.Plug.VerifySession
plug Guardian.Plug.VerifyHeader
plug Guardian.Plug.EnsureAuthenticated
plug Guardian.Plug.LoadResource
end
Thanks in advance.
First Post!
itzmidinesh
I understand you’re trying to integrate Authelia OpenID authentication alongside your existing Guardian password-based auth. Based on your description, there are a few key areas you might want to focus on:
- Consider where in Guardian’s authentication lifecycle you need to intervene. Since you mentioned wanting to handle tokens differently based on the :distant flag, you might want to look into Guardian’s token creation and verification callbacks.
- Take a look at Guardian’s documentation about implementing custom token types or encoding strategies. This could help you understand how to make Guardian work with Authelia’s tokens when needed.
- The pipeline you shared looks standard - but since Guardian is modular, you can likely achieve what you want by implementing the right callbacks in your Guardian module rather than modifying the pipeline itself.
Would you mind sharing what you’ve tried so far in terms of Guardian customization? That would help me give more specific guidance.
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance








