In the project I am planning I will be using Phoenix Auth but this is a more general question.
In most Phoenix examples I see, people either use API-token auth or HTTP sessions. In my project, I want both (it has an API and a browser web app).
I know I can pipe different things in the router scopes for API and HTML, but what do I do about modules for SessionController, which would have different logic in each case + returns different kinds of views?
Is the best approach to have two session controllers?
Thanks for any help and examples.
Personally I’d have 2 different session controllers, rather than try and mash them together.
If you need the traditionally rendered views to be able to make API requests you could send a token to the client in the layout, which your javascript can consume (see https://hexdocs.pm/phoenix/Phoenix.Token.html#module-usage for details on how it’s recommended to do it with channels)
1 Like
Thanks @theangryangel that’s what I was thinking of doing.
Believe I have done what @theangryangel suggests, but I am using guardian for JWT instead of phoenix tokens because I like the ability to encode data into the token and sign it.
I have a separate login application bundle that is delivered to all unauthenticated HTTP sessions, and where all unauthenticated sessions are redirected too. (/login)
Logging in will generate a HTTP session via cookie, and serve the main application bundle + a JWT used to authenticate a phoenix socket for duplex communication with the server. (/)
Logging out destroys the token, and session.
