any way to restrict login to external provider only?

pow-auth / pow_assent

Multi-provider authentication for your Pow enabled app

https://powauth.com

MIT License

321 stars 50 forks source link

any way to restrict login to external provider only? #185

Open mus0u opened 4 years ago

mus0u commented 4 years ago

i have successfully set up the auth0 provider and am able to log in with it, but i don't want to let users be able to auth against the local DB, only the auth0 one. it appears that removing pow_session_routes() from the router seems to break pow_assent, however. is there a correct way to accomplish this?

wodow commented 4 years ago

Hack alert: I've found that replacing pow_routes() with its sub-macro pow_session_routes() prevents registration using the default Pow route (though /session/new will 50x) whilst not affecting Pow Assent.

jbosse commented 4 years ago

@wodow Double Hack alert: if you hijack the /session/new route before defining the pow_sesssion_routes you can "redirect" session/new to a different action:

scope "/" do
  pipe_through(:browser)

  # Hack Alert
  get("/session/new", MyAppWeb.PageController, :index)
  # 
  pow_session_routes()
  pow_assent_routes()
end