Closed iteles closed 1 year ago
There's a pretty great module for Github/Google/Twitter OAuth that requires minimal setup - Ueberauth. It doesn't handle cookies, jwts or storing users in a db, just the actual OAuth flow. I wrote a WiP guide that uses it a couple weeks ago:
https://github.com/finnhodgkin/learn-phoenix-todo-example#oauth-authentication
I could pare this down to just the bits of code required for authentication, because Ueberauth really does do a great job of OAuth flow.
The only issue is that it's hard to tell how much test coverage it has. There are some tests, but they look more like business logic tests than blanket coverage. It's the highest result on Google (in an incognito tab) for Pheonix Authentication and seems to be top of everyone's recommendation list, but sometimes that doesn't mean much :woman_shrugging:
There's definitely room for a module wrapped around Ueberauth that handles the app-specific authentication stuff (cookies, protected routes, etc.), but IMO circumventing Ueberauth entirely and writing an OAuth flow from scratch would be a big time sink for a very similar wheel, at least at the start.
We could start by setting up a module around Ueberauth and then think about replacing it after..?
I ran code coverage on ueberauth, and their coverage is high, but not 100%.
Rather than making something from scratch, we could potentially look into adding tests to ueberauth to bring it up to 100%.
I would say that it would be an excellent learning exercise to write up the implementation plan for something like this (being built from scratch) as well as for utilising ueberauth; both of which should be broken down and estimated.
@ZooeyMiller Whilst that is certainly a potential solution; from experience, it's unlikely that the 100% test coverage would be maintained without us policing it. Creating that kind of dependency on us is also quite taxing and ultimately not worthwhile.
We push hard with our clients to allow us to spend the time to get to 100% test coverage because it makes everyone's lives so much easier in terms of minimising bugs and especially for future maintenance.
conn
containing a Github response code and makes two requests using it: a token request and then one for user data. Add the user data to the conn
and return it.
mix.exs
filemix hex.publish
Our idea of an "MVP" for this module would be to have it so the the module handles:
The user would still have to handle:
Quite hard to judge specifics until we've done some more research on building modules
Total: 12-14hrs
I would say, rather than creating a module for use with ueberauth if that is what we decided, we would write a detailed tutorial for ueberauth with github, extending that which @finnhodgkin has already written here: https://github.com/finnhodgkin/learn-phoenix-todo-example#oauth-authentication
@finnhodgkin @ZooeyMiller The breakdown of the various spike you'll have to do is great!
Carrying out these spikes and documenting your learning in the appropriate repo (that might even be learn-elixir
or learn-phoenix
) is a great learning experience. This is all core knowledge that all Elixir developers who come after you will need.
Definitely worth dedicating a couple of days to.
As our tech stack has now evolved github.com/dwyl/technology-stack , I'd like to explore having this module as an elixir module rather than hapi.
The idea is for us to have a login module that we can pick up and run with for future projects without having to rebuild a login for every project.
The key is that the module is:
This one is next: https://github.com/dwyl/hapi-auth-google