This adds a reauthorization plug and additional logic that makes it very easy to enable PowPersistentSession.
In short, you just have to add this to your pipeline:
defmodule MyAppWeb.Router do
use Phoenix.Router
# ...
pipeline :browser do
plug :accepts, ["html"]
plug :fetch_session
plug :fetch_flash
plug :protect_from_forgery
plug :put_secure_browser_headers
plug PowAssent.Plug.Reauthorization,
handler: PowAssent.Phoenix.ReauthorizationPlugHandler
end
# ...
end
A cookie will be stored when the user authorizes through a provider. Once the session has expired, the user will then be redirected back to the provider for reauthorization (happens after they have been redirected to the user_not_authenticated_path/1 path).
If you instead want to use PowPersistentSession, all you have to do is this:
defmodule MyAppWeb.Router do
use Phoenix.Router
# ...
pipeline :browser do
plug :accepts, ["html"]
plug :fetch_session
plug :fetch_flash
plug :protect_from_forgery
plug :put_secure_browser_headers
plug :pow_assent_persistent_session
end
defp pow_assent_persistent_session(conn, _opts) do
PowAssent.Plug.put_create_session_callback(conn, fn conn, _provider, _config ->
PowPersistentSession.Plug.create(conn, Pow.Plug.current_user(conn))
end)
end
# ...
end
One last detail missing is to remove the cookie when the user logs out.
Resolves #116 and supersedes #139
This adds a reauthorization plug and additional logic that makes it very easy to enable PowPersistentSession.
In short, you just have to add this to your pipeline:
A cookie will be stored when the user authorizes through a provider. Once the session has expired, the user will then be redirected back to the provider for reauthorization (happens after they have been redirected to the
user_not_authenticated_path/1path).If you instead want to use
PowPersistentSession, all you have to do is this:One last detail missing is to remove the cookie when the user logs out.