acrolink

acrolink

What are the advantages of using guardian_db?

I understand that using a database storage for authentication tokens as provided by guardian_db:

a. makes it possible to revoke tokens server-side / especially in case a clients token had been stolen
b. makes it possible to limit valid tokens per user to say 1 at each given time

Are there any additional advantages beyond these? I will be happy if you could share your ideas / experiences regarding this. Thank you.

Most Liked

OvermindDL1

OvermindDL1

Honestly, guardian_db breaks the contract that JWT is supposed to hold, which is a time-limited, database-less token with information. If you even have a database to hold and verify it with then you probably don’t need guardian at all.

OvermindDL1

OvermindDL1

A port? Unsure of the terminology there.

But bog-standard plug, the same way you would do any other, nothing special. ^.^

EDIT: There’s even a library of pre-built plugs to handle all the common cases of phoenix token usage too (but it is so trivial to write your own for your own customized usage that there is usually no point):

OvermindDL1

OvermindDL1

Uhh, but guardian doesn’t handle authentication. o.O

Things like Ueberauth (any form of authentication) or Coherence (identity authentication only, but lots of templates pre-built) is generally what is used.

Guardian can pass authentication or authorization information (or not, or other information, or whatever) between servers that do not share the same security information. If you only have one server, or the servers share the same security information, then there is absolutely no point to using Guardian, just use Phoenix.Token as its already built in, smaller, faster, more efficient, easier API, etc…

In essence, if you don’t know what JWT is or you don’t need it, then Guardian is not useful (and use Guardian handles more than just JWT now, but similar styles, if you still don’t know what JWT is, you don’t need Guardian).

I am curious though, where are you getting the ‘handle the authentication’ part of Guardian from, it does no username/password validation, no OAuth, no anything of the sort, it is just a JWT-based information storage library. The information you store in it you have to get from somewhere else anyway.

Where Next?

Popular in Questions Top

Darmani72
If I have a post route which an argument: post /my_post_route/:my_param1, MyController.my_post_handler How would get the post params ...
New
johnnyicon
Hi all, I’ve just started learning Elixir and Phoenix Framework, so please pardon my n00bness at this stage. I’m trying to use Postgres...
New
Fl4m3Ph03n1x
About me? ( if you have nothing better to do than reading about some random guy in the internet :stuck_out_tongue: ) Hello all, this is ...
New
sergio_101
I am VERY much an elixir newbie. I have taken one elixir course and one phoenix course on Udemy. During that course, I saw the instructor...
New
romenigld
I am trying to run a deploy with docker and I successfully runned with this command: docker build -t romenigld/blog-prod . but when I t...
New
nsuchy
Hi. I’ve noticed that Windows Powershell has it’s own IEX command and you cannot access Elixir’s IEX due to the conflict. This isn’t a cr...
New
yawaramin
In the Dialyzer docs ( dialyzer — OTP 29.0.2 (dialyzer 6.0.1) ), there is a way to turn off a specific warning for a function: -dialyzer...
New
hariharasudhan94
Lets say I have map like this fetching from my database %{"_id" => #BSON.ObjectId<58eb1a7a9ad169198c3dXXXX>, "email" => ...
New
jononomo
For some reason my phoenix channels are working for me in my local dev environment, but as soon as I deploy via Docker, I get a 403 error...
New
dokuzbir
I want to highlight html closing tags when i click a html tag. That works in .html files but doesnt work for html.eex templates. How can...
New

Other popular topics Top

AstonJ
Posting this to see if we can make things easier for people to get into Neovim. If you use Neovim and have a favourite distro please let ...
New
greenz1
I have a phoenix application from which a user can download multiple(5-6) files of size 1MB. I couldn’t find anything related to sending ...
New
ovidiubadita
Hey all, I discovered Elixir and I love it. I always wanted to learn a functional programming and I intended to go for Haskell, but afte...
New
Lily
In templates/appointment/index.html.eex: <%= for appointment <- @appointments do %> <tr> <td><%= appoi...
New
RisingFromAshes
I’ve read in another post that it may be possible with a router helper - but I couldn’t find an appropriate one, and tbh, I’m still just ...
New
nobody
Hi! In PHP: $_SERVER[‘SERVER_ADDR’] - in Elixir? Searched the docs for ip address and the web, no good results. Thanks!
New
ashish173
I am using Ecto timestamps with postgres, I can see the timestamps() use the :naive_dateime but for my use case I wanted to store the ti...
New
dblack
I’ve got an issue with an app and I’ve no idea of how to troubleshoot it. I’m hoping someone here might have seen something similar. I p...
New
Brian
What is the proper way to load a module from a file in to IEX? In the python world, doing something like this pretty standard: from ....
New
sergio
Kind of like when jquery came out, it was super necessary. Existing drag and drop libraries have a bunch of baggage to support old browse...
New

We're in Beta

About us Mission Statement