vloaix
commented
6 years ago It is not a switch for the installer, but this?
Also, I think it has made clear that using JWT for client auth is not a good idea in several elixirforum's discussions.
Closed acrolink closed 5 years ago
vloaix
commented
6 years ago It is not a switch for the installer, but this?
Also, I think it has made clear that using JWT for client auth is not a good idea in several elixirforum's discussions.
riverrun
commented
6 years ago I'm really busy at the moment, but early June I should be able to address this. Sorry for the delay.
riverrun
commented
6 years ago I can update the Phauxth Authenticate plug to handle tokens that are stored in cookies. Is that what you want?
acrolink
commented
6 years ago @riverrun, I think it would be nice to allow storing and reading the tokens from cookies. I have already done that within Guardian and it is working fine.
riverrun
commented
5 years ago I have added information about how to customize Authenticate.Token to the documentation for that module, and there is also an example module in the custom_authenticate.exs file (Phauxth.AuthenticateTokenCookie).
The current behavior of
phauxthinstaller is to provide either:1) Session based authentication if the application is HTML based. 2) Token based authentication if the
apiswitch is used.It would be nice to have additional switch for the installer to specify a JSON API setup based on session / cookie storage (not tokens) since storing the token inside a session cookie provided best security (compared to storing it for example in local storage by the client side JS application).
You are welcome to join the discussion here: Sending cookies for stateless SPA authentication using JWT