I have a few questions about the authentication system generator for Phoenix.
Does the generated code cover authentication for SPA clients? Which part would need to be adapted?
Why is there a session token generated in the user codebase?
Plug.Conn.put_session/3, Phoenix already generates a cookie-session (it uses Phoenix.Token if I’m not wrong), where one can for example store the user ID. The cookie is signed and cannot be altered. The subsequent requests can retrieve the user ID from the cookie and user data can be fetched from db.
However, instead of storing just the user ID in the Phoenix token with
put_session/3, the generator stores a token in the Phoenix token itself (and then retrieves user data from db based on the token). Isn’t that redundant? Why do we need to create a session token in the user codebase if
get_session/2handles that already?
I’ll start with these two questions first:) Thank you for any help.