acrolink
What are the advantages of using guardian_db?
I understand that using a database storage for authentication tokens as provided by guardian_db:
a. makes it possible to revoke tokens server-side / especially in case a clients token had been stolen
b. makes it possible to limit valid tokens per user to say 1 at each given time
Are there any additional advantages beyond these? I will be happy if you could share your ideas / experiences regarding this. Thank you.
Most Liked
OvermindDL1
Honestly, guardian_db breaks the contract that JWT is supposed to hold, which is a time-limited, database-less token with information. If you even have a database to hold and verify it with then you probably don’t need guardian at all.
OvermindDL1
A port? Unsure of the terminology there.
But bog-standard plug, the same way you would do any other, nothing special. ^.^
EDIT: There’s even a library of pre-built plugs to handle all the common cases of phoenix token usage too (but it is so trivial to write your own for your own customized usage that there is usually no point):
OvermindDL1
Uhh, but guardian doesn’t handle authentication. o.O
Things like Ueberauth (any form of authentication) or Coherence (identity authentication only, but lots of templates pre-built) is generally what is used.
Guardian can pass authentication or authorization information (or not, or other information, or whatever) between servers that do not share the same security information. If you only have one server, or the servers share the same security information, then there is absolutely no point to using Guardian, just use Phoenix.Token as its already built in, smaller, faster, more efficient, easier API, etc…
In essence, if you don’t know what JWT is or you don’t need it, then Guardian is not useful (and use Guardian handles more than just JWT now, but similar styles, if you still don’t know what JWT is, you don’t need Guardian).
I am curious though, where are you getting the ‘handle the authentication’ part of Guardian from, it does no username/password validation, no OAuth, no anything of the sort, it is just a JWT-based information storage library. The information you store in it you have to get from somewhere else anyway.
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance










