Support --no-html

[StephaneRob]

Is there any plan to add support of --no-html to provide a token based authentication generator?

[josevalim]

How would the token authentication work? You still need a place for users to sign in, sign out, change password, etc. Sure, we can skip the HTML, but most of the functionality in the generator is needed and token authentication is just a minor detail.

[StephaneRob]

My idea is to keep the same logic for tokens, but instead of generating a session token it would be an access token sent back to the browser in json (with other info like user), rename the remember_cookie into a refresh_cookie that we can add a max_age when remember_me params is true.

The main difference is that we need to fetch the current user from a header and need to add an endpoint to refresh the access token with the refresh cookie.

[josevalim]

Right, you can easily build that on top of the current output. My point though that's not all that you would have to change. You would need to reimplement all of the functionality (password changing, emails changing, confirmation etc, ...) without HTML. This is not something we plan to tackle, so my suggestion is to either use this as a starting point or provide an API centric generator.

[StephaneRob]

You're right other things to change, but for all functionalities like password changing, emails changing... the logic could remain the same except the endpoints need to send back json. The logic from the HTML need to be implemented in the front application not reimplemented in the generator.

But I understand that there is a lot of work, the main idea was to follow the --no-html of the phx_new generator. Thanks for your feedback :)