Rya

Rya

Using both a password based and OpenId based authentication using Guardian

Issue:

I’m currently trying to implement support for openID authentication using guardian for a RESTful api.

The api i’m currently working with supports authentication with a password stored as a hash on the api’s db. I’d like to add another option to login using openID through authelia.

All users have a :distant, :boolean field used to denote wether a user authenticates through a password in the db or authelia. I want to make it so that guardian generates a token itself only when a user is not distant. If it is distant i want instead for guardian to store the token given by authelia, and use that token afterwards. That way i can use the protected endpoints of my project (based on the EnsureAuthenticated Plug) without any modifications

Goal:

I want to modify the way guardian creates and verifies tokens to switch between verifying the password itself or letting authelia handle verifications/token creation.
I want the resulting token to be used transparently by the EnsureAuthneicated Guardian plug so that i don’t have to modifiy the endpoints of my project.

I don’t fully understand the authentication life cycle of the phoenix connection, so i don’t know where to start.

Current pipeline

This is the pipeline is use for authentication. ideally i’d like to only modify this part so that changes are transparent for the rest of the code (apart from the new routes needed to authenticate through authelia ofc.)

defmodule Backend24hWeb.Auth.SwimmerPipeline do
  use Guardian.Plug.Pipeline, otp_app: :backend24,
  module: Backend24hWeb.Auth.GuardianNageur,
  error_handler: Backend24hWeb.Auth.GuardianErrorHandler

  plug Guardian.Plug.VerifySession
  plug Guardian.Plug.VerifyHeader
  plug Guardian.Plug.EnsureAuthenticated
  plug Guardian.Plug.LoadResource


end

Thanks in advance.

First Post!

itzmidinesh

itzmidinesh

I understand you’re trying to integrate Authelia OpenID authentication alongside your existing Guardian password-based auth. Based on your description, there are a few key areas you might want to focus on:

  1. Consider where in Guardian’s authentication lifecycle you need to intervene. Since you mentioned wanting to handle tokens differently based on the :distant flag, you might want to look into Guardian’s token creation and verification callbacks.
  2. Take a look at Guardian’s documentation about implementing custom token types or encoding strategies. This could help you understand how to make Guardian work with Authelia’s tokens when needed.
  3. The pipeline you shared looks standard - but since Guardian is modular, you can likely achieve what you want by implementing the right callbacks in your Guardian module rather than modifying the pipeline itself.

Would you mind sharing what you’ve tried so far in terms of Guardian customization? That would help me give more specific guidance.

Where Next?

Popular in Questions Top

marius95
Hello everyone, I try to use an Javascript Event Handler in my root.html.leex file. Therefore I created a function in the app.js file: ...
New
tduccuong
Hi, is there any work on GUI with Elixir, that is similar to Electron/Javascript? My idea is to bundle Phoenix and BEAM into a single se...
New
vegabook
I’m brand new to Phoenix and I have stripped one of the demo applications to the bone. I just want to get an svg up on the screen. Here i...
New
lucidguppy
I have a super simple question about elixir - how would I take a file like this foo bar baz and output a new file that enumerates th...
New
Qqwy
Original source of discussion: This topic on the Pragmatic Programmers’ Functional Web Development with Elixir, OTP, and Phoenix forum. ...
New
nobody
Hi! In PHP: $_SERVER[‘SERVER_ADDR’] - in Elixir? Searched the docs for ip address and the web, no good results. Thanks!
New
chensan
I have a User schema with a :from_id field set to type :string: defmodule TweetBot.Repo.Migrations.CreateUsers do use Ecto.Migration ...
New
romenigld
I am trying to run a deploy with docker and I successfully runned with this command: docker build -t romenigld/blog-prod . but when I t...
New
shijith.k
I am trying to start a new phoenix project with elixir 1.9, but mix phx.new does not work. It says that ** (Mix) The task "phx.new" could...
New
jononomo
For some reason my phoenix channels are working for me in my local dev environment, but as soon as I deploy via Docker, I get a 403 error...
New

Other popular topics Top

danschultzer
None of the current solutions worked well for me, so I went ahead and built a user management system from scratch. This project took far...
548 29377 241
New
greenz1
I have a phoenix application from which a user can download multiple(5-6) files of size 1MB. I couldn’t find anything related to sending ...
New
ovidiubadita
Hey all, I discovered Elixir and I love it. I always wanted to learn a functional programming and I intended to go for Haskell, but afte...
New
hariharasudhan94
lets say i have a sample like a = 20; b = 10; if (a > b) do {:ok, "a"} end if (a < b) do {:ok, b} end if (a == b) do {:ok, "equa...
New
aesmail
Hello guys, I have finally made it. I created an admin interface for a framework. It’s been on my todo list for years and with the curre...
New
joeerl
Hello again - after a longish gap I’ve decided I really must dig into Elixir and see what’s been happening here - so I have a few questio...
New
fayddelight
I tried installing elixir 1.11.2 erlang 23.3.4 via asdf in my zsh shell. Enabled the versions locally and globally. When I list them ...
New
axelson
This post is a wiki (feel free to hit the edit button near the bottom right of this post to add your own changes!) This post collects co...
239 47930 226
New
marick
I had some trouble figuring out how to make many-to-many associations work. Once I got it working, I wrote a blog post. Because I’m a nov...
New
sergio
Kind of like when jquery came out, it was super necessary. Existing drag and drop libraries have a bunch of baggage to support old browse...
New

We're in Beta

About us Mission Statement