feng

feng

Using ueberauth and guardian to implement Auth, I get the token, but when I put the token in the header to access other routers, it still {"message": "invalid_token"}

When I visit http://localhost:4004/auth/sign_in The result is correct

{
	"data": {
		"id": 1,
		"token": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiIiLCJleHAiOjE2Njc0NjAzODcsImlhdCI6MTY2NzQ1ODU4NywiaXNzIjoiIiwianRpIjoiYjQ1Yzc2NWUtNTJkYS00MTIxLWEyNGUtN2VjNGYwODFhZDZmIiwibmJmIjoxNjY3NDU4NTg2LCJzdWIiOiIxIiwidHlwIjoiYWNjZXNzIn0.jPlcZjVo784A6_nPyZ8fJatO343TDxsvv-YFp9_Gs5dTSH3DjOqg12lQ24ciRi-JElG36__8I9ybBNazv7nnbA",
		"user_name": "gaofeng"
	}
}

And then I took the token to visit http://localhost:4004/user , the token is set in the header, and the result is incorrect
Header is

Result is

{

"message": "invalid_token"

}

This is the new content in my code
In config.exs.

config :ueberauth, Ueberauth,
  base_path: "/auth/sign_in",
  providers: [
    identity: {Ueberauth.Strategy.Identity, [
      callback_methods: ["POST", "GET"],
      nickname_field: :username,
      param_nesting: "user",
      uid_field: :username
    ]}
  ]

config :store_api, StoreApiWeb.Guardian,
        issure: "XXX",
        secret_key: "secret_key"
config :store_api, StoreApiWeb.Plug.AuthAccessPipeline,
  module: StoreApi.Auth,
  error_handler: StoreApiWeb.Plug.AuthErrorHandler

In auth module(auth.ex)

defmodule StoreApi.Auth do
  use Guardian, otp_app: :store_api

  def subject_for_token(%{id: id}, _claims) do
    {:ok, to_string(id)}
  end

  def subject_for_token(_, _) do
    IO.inspect "subject_for_token"
    {:error, :reason_for_error}
  end

  def resource_from_claims(%{"sub" => id}) do
    # Here we'll look up our resource from the claims, the subject can be
    # found in the `"sub"` key. In above `subject_for_token/2` we returned
    # the resource id so here we'll rely on that to look it up.
    resource = StoreApi.Accounts.get_user!(id)
    IO.inspect "resource_from_claims"
    IO.inspect resource
    {:ok,  resource}
  end

  def resource_from_claims(_claims) do
    IO.inspect "resource_from_claims=====_claims"
    {:error, :no_claims_sub}
  end
end

Auth Controller(authentication_controller.ex)

defmodule StoreApiWeb.AuthenticationController do
  use StoreApiWeb, :controller

  alias StoreApi.Accounts
  alias StoreApi.Accounts.User

  plug Ueberauth

  def identity_callback(conn, %{"user" => user_params}) do
    IO.inspect(user_params)
    user_name = user_params["user_name"]
    password = user_params["password"]
    handle_user_conn(Accounts.check_user(user_name, password), conn)
  end

  defp handle_user_conn(user, conn) do
    # IO.inspect(user)
    case user do
      {:ok, user} ->
        {:ok, jwt, _full_claims} =
          StoreApi.Auth.encode_and_sign(user, %{}, secret: "custom", ttl: {30, :minute})
        conn
        |> put_resp_header("authorization", "Bearer " <> jwt)
        |> json(%{data: %{token: jwt, user_name: user.user_name, id: user.id}})

      # Handle our own error to keep it generic
      {:error, msg} ->
        conn
        |> put_status(401)
        |> json(%{data: %{ status: false, msg: msg}})
    end
  end
end

In pulg
(auth_access_pipeline.ex)

defmodule StoreApiWeb.Plug.AuthAccessPipeline do
  use Guardian.Plug.Pipeline, otp_app: :store_api

  plug Guardian.Plug.VerifySession, claims: %{"typ" => "access"}
  plug Guardian.Plug.VerifyHeader, realm: "Bearer", claims: %{"typ" => "access"}
  plug Guardian.Plug.EnsureAuthenticated
  plug Guardian.Plug.LoadResource, ensure: true
end

auth_error_handler.ex

defmodule StoreApiWeb.Plug.AuthErrorHandler do
  import Plug.Conn
  import Phoenix.Controller, only: [json: 2]

  def auth_error(conn, {type, _reason}, _opts) do
    conn
    |> put_status(401)
    |> json(%{message: to_string(type)})
    |> halt()
  end
end

In my routers

defmodule StoreApiWeb.Router do
  use StoreApiWeb, :router

  pipeline :api do
    plug :accepts, ["json"]
  end

  scope "/api", StoreApiWeb do
    pipe_through :api
    resources "/user", UserController, except: [:new, :edit]
  end

  pipeline :browser do
    plug(:accepts, ["json"])
  end

  pipeline :authenticated do
    plug StoreApiWeb.Plug.AuthAccessPipeline
  end

  # 用户登录
  scope "/auth", StoreApiWeb do
    pipe_through :browser

    post "/sign_in", AuthenticationController, :identity_callback
  end

  @doc """
  用户信息相关API
  """
  scope "/user", StoreApiWeb do
    pipe_through :browser
    pipe_through :authenticated

    # 获取所有用户信息
    resources "/", UserController, except: [:new, :edit]
    post "/detail", UserController, :show
    #post "/delete", UserController, :delete
  end

  @doc """
  应用信息相关API
  """
  scope "/appinfo", StoreApiWeb do
    pipe_through :browser

    # 获取应用信息信息
    resources "/", AppinfoController, except: [:new, :edit]
    # 新增应用
    #post "/user_create", UserController, :user_create
  end

  # Enables LiveDashboard only for development
  #
  # If you want to use the LiveDashboard in production, you should put
  # it behind authentication and allow only admins to access it.
  # If your application does not have an admins-only section yet,
  # you can use Plug.BasicAuth to set up some basic authentication
  # as long as you are also using SSL (which you should anyway).
  if Mix.env() in [:dev, :test] do
    import Phoenix.LiveDashboard.Router

    scope "/" do
      pipe_through [:fetch_session, :protect_from_forgery]

      live_dashboard "/dashboard", metrics: StoreApiWeb.Telemetry
    end
  end

  # Enables the Swoosh mailbox preview in development.
  #
  # Note that preview only shows emails that were sent by the same
  # node running the Phoenix server.
  if Mix.env() == :dev do
    scope "/dev" do
      pipe_through [:fetch_session, :protect_from_forgery]

      forward "/mailbox", Plug.Swoosh.MailboxPreview
    end
  end
end

Thanks indeed!!!

Marked As Solved

feng

feng

Thanks everyone!
I found a solution.https://github.com/ueberauth/guardian/issues/559.
My config.exs is incorrect
Before

config :store_api, StoreApi.Guardian,
        issure: "store_api",
        secret_key: "xMIfc......"

After

config :store_api, StoreApi.Auth,
        issure: "store_api",
        secret_key: "xMIfc......"

auth.exs is my guardian module. But I made a mistake

Thank you all so much!!!!

Also Liked

voltone

voltone

I haven’t used Guardian, but the token should probably be sent as a “bearer token” in the Authorization header. So I suspect you have to set the Authorization header value to “Bearer eyJhbGciOiJIUzUxMiIsInR…”

Where Next?

Popular in Questions Top

hariharasudhan94
lets say i have a sample like a = 20; b = 10; if (a &gt; b) do {:ok, "a"} end if (a &lt; b) do {:ok, b} end if (a == b) do {:ok, "equa...
New
albydarned
Hello all! I am typing this post from my new MacBook Pro with the M1 chip. I’m loving it so far, and will probably use it as my daily dr...
New
greenz1
I have a phoenix application from which a user can download multiple(5-6) files of size 1MB. I couldn’t find anything related to sending ...
New
ovidiubadita
Hey all, I discovered Elixir and I love it. I always wanted to learn a functional programming and I intended to go for Haskell, but afte...
New
Fl4m3Ph03n1x
About me? ( if you have nothing better to do than reading about some random guy in the internet :stuck_out_tongue: ) Hello all, this is ...
New
stefanluptak
Hello everybody, usually, I use a 29" ultra-wide monitor for VSCode which can easily accomodate explorer (files panel) + file with code ...
New
LegitStack
I’m trying to make a websocket server in Phoenix or raw Elixir. I heard about gun, I think I could use cowboy, but since I’m not that sma...
New
dblack
I’ve got an issue with an app and I’ve no idea of how to troubleshoot it. I’m hoping someone here might have seen something similar. I p...
New
rms.mrcs
Hi, I need to transform a list of numbers into a map where the keys are the indexes and the values are the original values of the list. ...
New
romenigld
I am trying to run a deploy with docker and I successfully runned with this command: docker build -t romenigld/blog-prod . but when I t...
New

Other popular topics Top

hariharasudhan94
lets say i have a sample like a = 20; b = 10; if (a &gt; b) do {:ok, "a"} end if (a &lt; b) do {:ok, b} end if (a == b) do {:ok, "equa...
New
lastday4you
I wanted to check elixir version in phoenix because i found that my elixir is 1.5 but when i use Enum.chunk_by it said the function is un...
New
TunkShif
This post is an instruction guide to help you setup your Neovim for Elixir development from scratch. It includes general information on h...
274 41989 114
New
Nvim
Anybody knows a comprehensive comparison of Django and Phoenix, thanks for the help. Where are they similar? Where do they differ the m...
New
Patoshizzle
After calling mix ecto.create I get this error: 17:00:32.162 [error] GenServer #PID&lt;0.412.0&gt; terminating ** (Postgrex.Error) FATAL...
New
jononomo
I am trying to figure out how Mix knows whether the environment is test, dev, or prod – where is this set? Thanks.
New
AngeloChecked
What learn first? Rust or Elixir Hi Elixir community! I’m here because i want learn a new language. I’m a junior developer and mainly i ...
New
jay1
Why is it that the mnesia database isn’t the most preferred database for use in Elixir/Phoenix?
New
sergio_101
I am VERY much an elixir newbie. I have taken one elixir course and one phoenix course on Udemy. During that course, I saw the instructor...
New
nobody
Hi! In PHP: $_SERVER[‘SERVER_ADDR’] - in Elixir? Searched the docs for ip address and the web, no good results. Thanks!
New

We're in Beta

About us Mission Statement