riverrun
commented
7 years ago I'll try answering your questions by explaining how Phauxth.Authenticate works. I think that will make things a little bit clearer.
Phauxth.Authenticate has two possible authentication methods, but both of these can be customized. By default, it uses Plug cookie-based sessions. You can also use tokens (similar to Phoenix.Token), and you would probably want to use tokens with a REST API.
The Plug sessions use signed (not encrypted) cookies to store a reference to the user (there is nothing stored on the server), and if the cookie is valid, Phauxth.Authenticate then makes a database call to collect information about the user. This can be overridden by creating your own Authenticate module with a custom check_session function.
In the case of tokens, Phauxth.Authenticate needs to be called with the option method: :token, and the token needs to be in the request headers. If the token is valid, Phauxth.Authenticate makes a database call to collect information about the user. This can be overridden by creating your own Authenticate module with a custom check_token function. If, for example, you wanted to use JWTs, you could have a custom check_token which validates the JWT, instead of the regular token.
Note that one of the goals of Phauxth is that it is highly extensible (instead of providing many options, I prefer to give the developer the opportunity to define their own options), so these methods can be overridden. In theory, there should be no problem with using Redis, or any other method, for session storage.
Here an example of a simple API using Phauxth.
If you have any further questions, just let me know.
guidotripaldi
Sorry if this is a silly question but I couldn't find any other way to ask it, and there was no information in the wiki.
Do I understand it right that: