Is there a way to validate the cookie instead of validating authorization header in guardian?
thanks
Is there a way to validate the cookie instead of validating authorization header in guardian?
thanks
Sure, what have you tried so far?
I send the cookie from the server using
conn
|> Plug.Conn.put_resp_cookie(“token”,token,http_only: true)
|> Plug.Conn.send_resp(:no_content,"")
but i get : unauthenticated from Guardian.Plug.EnsureAuthenticated
Is there anything i am missing?
Thanks
Have you tried adding Guardian.Plug.VerifyCookie to your router.ex
pipeline?
I’m not sure about this one, but as I’ve understood, that plug fetches token from cookie (correct me if I’m wrong).
If you have a separate server for frontend, please ensure that you’re adding credentials: 'include'
(fetch api) or withCredentials: true
(axios).
Guardian.Plug.VerifyCookie doesnt seem to be working.I get nil trying to get the token using
Guardian.Plug.current_token(conn).
This is the conn
%Plug.Conn{
adapter: {Plug.Cowboy.Conn, :…},
assigns: %{},
before_send: [#Function<0.93523768/1 in Plug.Telemetry.call/2>],
body_params: %{“folder” => “folder”},
cookies: %{
“token” => “eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJhcGkiLCJleHAiOjE2MjM2ODY0NTcsImlhdCI6MTYyMTI2NzI1NywiaXNzIjoiYXBpIiwianRpIjoiM2U5MWQyYTEtNzU4Yi00MjgwLThjZDgtYmI4NTUzOTMzNDNiIiwibmJmIjoxNjIxMjY3MjU2LCJzdWIiOiJncmVhdGlzZ3JlYXQiLCJ0eXAiOiJhY2Nlc3MifQ.VSCXvWFRna_fao3PSDHdw9hohqgUFShvnv0BnqsInA64dJLY4LmOkJ6QQSMD_nhuw4yu7BjNbTcj8Domt2Uqkw”
},
halted: false,
host: “192.168.1.13”,
method: “POST”,
owner: #PID<0.1147.0>,
params: %{“folder” => “folder”},
path_info: [“folder”],
path_params: %{},
port: 4000,
private: %{
ApiWeb.Router => {[], %{}},
:guardian_error_handler => Api.UserManager.ErrorHandler,
:guardian_module => Api.UserManager.Guardian,
:phoenix_action => :create,
:phoenix_controller => ApiWeb.FolderController,
:phoenix_endpoint => ApiWeb.Endpoint,
:phoenix_format => “json”,
:phoenix_layout => {ApiWeb.LayoutView, :app},
:phoenix_request_logger => {“request_logger”, “request_logger”},
:phoenix_router => ApiWeb.Router,
:phoenix_view => ApiWeb.FolderView,
:plug_session_fetch => #Function<1.55231287/1 in Plug.Session.fetch_session/1>
},
query_params: %{},
query_string: “”,
remote_ip: {192, 168, 1, 6},
req_cookies: %{
“token” => “eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJhcGkiLCJleHAiOjE2MjM2ODY0NTcsImlhdCI6MTYyMTI2NzI1NywiaXNzIjoiYXBpIiwianRpIjoiM2U5MWQyYTEtNzU4Yi00MjgwLThjZDgtYmI4NTUzOTMzNDNiIiwibmJmIjoxNjIxMjY3MjU2LCJzdWIiOiJncmVhdGlzZ3JlYXQiLCJ0eXAiOiJhY2Nlc3MifQ.VSCXvWFRna_fao3PSDHdw9hohqgUFShvnv0BnqsInA64dJLY4LmOkJ6QQSMD_nhuw4yu7BjNbTcj8Domt2Uqkw”
},
req_headers: [
{“accept”, “application/json, text/plain, /”},
{“accept-encoding”, “gzip, deflate, br”},
{“accept-language”, “en-IN,en-GB;q=0.9,en-US;q=0.8,en;q=0.7”},
{“connection”, “close”},
{“content-length”, “15”},
{“content-type”, “application/json;charset=UTF-8”},
{“cookie”,
“token=eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJhcGkiLCJleHAiOjE2MjM2ODY0NTcsImlhdCI6MTYyMTI2NzI1NywiaXNzIjoiYXBpIiwianRpIjoiM2U5MWQyYTEtNzU4Yi00MjgwLThjZDgtYmI4NTUzOTMzNDNiIiwibmJmIjoxNjIxMjY3MjU2LCJzdWIiOiJncmVhdGlzZ3JlYXQiLCJ0eXAiOiJhY2Nlc3MifQ.VSCXvWFRna_fao3PSDHdw9hohqgUFShvnv0BnqsInA64dJLY4LmOkJ6QQSMD_nhuw4yu7BjNbTcj8Domt2Uqkw”},
{“dnt”, “1”},
{“host”, “192.168.1.13:4000”},
{“origin”, “http://192.168.1.13:4000”},
{“referer”, “http://localhost:3000/home”},
{“sec-ch-ua”,
“” Not A;Brand";v=“99”, “Chromium”;v=“90”, “Google Chrome”;v=“90"”},
{“sec-ch-ua-mobile”, “?0”},
{“sec-fetch-dest”, “empty”},
{“sec-fetch-mode”, “cors”},
{“sec-fetch-site”, “same-origin”},
{“user-agent”,
“Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36”},
{“x-forwarded-for”, “127.0.0.1”},
{“x-forwarded-host”, “localhost:3000”},
{“x-forwarded-port”, “3000”},
{“x-forwarded-proto”, “http”}
],
request_path: “/folder”,
resp_body: nil,
resp_cookies: %{},
resp_headers: [
{“cache-control”, “max-age=0, private, must-revalidate”},
{“x-request-id”, “Fn_l-w9MvNr4aakAAAXj”}
],
scheme: :http,
script_name: [],
secret_key_base: :…,
state: :unset,
status: nil
}
I’m not sure if this is the cause of your difficulties, but it’s possible this is causing CORS weirdness since the two hostnames don’t agree.
Did you put option to VerifyCookie plug which key your cookie stored (based on the options
section of the doc). In your case, should be token.
i tried plug Guardian.Plug.VerifyCookie, key: “token” but it did not fix it
i am using my phoenix server as the proxy in my react website.But i dont think it is the problem because VerifyHeader works.
i can get the cookie using conn.req_cookies[“token”] but is there some way i can connect it to Guardian.Plug.EnsureAuthenticated to verify the token.
According to:
and
If you want to mimic what Guardian is doing, you need put your token at the cookie key: guardian_default_token
naming the cookie guardian_default_token using
Plug.Conn.put_resp_cookie(“guardian_default_token”,token,http_only: true)
worked
thanks
Hi, I have the exact same issue. I also put the cookie with
Plug.Conn.put_resp_cookie(“guardian_default_token”,token,http_only: true)
But I cannot validate the cookie with this Auth pipeline
defmodule Api.Guardian.AuthPipeline do
use Guardian.Plug.Pipeline, otp_app: :Api,
module: Api.Guardian,
error_handler: Api.AuthErrorHandler
plug :fetch_session
plug Guardian.Plug.VerifySession, key: “guardian_default_token”
plug Guardian.Plug.VerifyCookie
plug Guardian.Plug.EnsureAuthenticated
plug Guardian.Plug.LoadResource
end
Could you possibly provide me some information about the auth pipeline you used?
Thanks