search

ueberauth / guardian

Elixir Authentication
MIT License
3.44k stars 381 forks source link

AuthPipeline Phoenix Example #386

Closed praveenperera closed 5 years ago

praveenperera commented 7 years ago

It might be helpful to have an example of how to use the auth pipeline concept with the phoenix router. Here is what I ended up with, it works but I don't know if its a good way of doing it.

defmodule MyApp.Guardian.AuthPipeline.Browser do
  use Guardian.Plug.Pipeline, otp_app: :myapp,
                              module: MyApp.Guardian,
                              error_handler: MyApp.Auth.ErrorHandler

  plug Guardian.Plug.VerifySession
  plug Guardian.Plug.LoadResource, ensure: true, allow_blank: true
end

defmodule MyApp.Guardian.AuthPipeline.JSON do
  use Guardian.Plug.Pipeline, otp_app: :myApp,
                              module: MyApp.Guardian,
                              error_handler: MyApp.Auth.ErrorHandler

  plug Guardian.Plug.VerifyHeader, realm: "Bearer"
  plug Guardian.Plug.LoadResource, allow_blank: true
end

defmodule MyApp.Guardian.AuthPipeline.Authenticate do
  use Guardian.Plug.Pipeline, otp_app: :qchat,
                              module: Qchat.Guardian

  plug Guardian.Plug.EnsureAuthenticated
end

and the router.ex file

  pipeline :browser_session do
    plug MyApp.Guardian.AuthPipeline.Browser
    plug MyApp.Auth.CurrentUser
  end

  pipeline :login_required do
    plug MyApp.Guardian.AuthPipeline.Authenticate
  end

  pipeline :authorize_admin do
    plug MyApp.Guardian.AuthPipeline.Authenticate
    plug MyApp.Auth.Authorize, :admin
  end

  pipeline :api do
    plug :accepts, ["json"]
    plug MyApp.Guardian.AuthPipeline.JSON
  end
doomspork commented 7 years ago

@praveenperera we're going to be working on an updated example application for Guardian and Ueberauth to better illustrate the features and implementations 👍

In the mean time, do you have specific questions?

praveenperera commented 7 years ago

@doomspork Sounds good! Nothing specific right now, I got the upgrade done yesterday and it went pretty smoothly. I guess the only thing is, does the AuthPipeline above look okay?

One other thing yesterday I stupidly put the LoadResource plug before VerifySession and I was wondering why logging in wasn't working. I eventually realized my mistake. But I'm wondering if it makes sense to add a warning, message, or maybe just a note in the docs. Not sure if this is a common mistake people might make or just me.

praveenperera commented 7 years ago

@doomspork I actually have another question. This is about the remember_me function. I want to remember the user on login, so I do the following.

  alias MyApp.Guardian.Plug, as: GuardianPlug

  def login(conn, user) do
    conn
    |> GuardianPlug.sign_in(user)
    |> remember_me(user)
  end

  def remember_me(conn, user) do
    GuardianPlug.remember_me(conn, user, GuardianPlug.current_claims(conn), [])
  end

And I have this in my pipeline

  plug Guardian.Plug.VerifySession
  plug Guardian.Plug.VerifyCookie
  plug Guardian.Plug.LoadResource, ensure: true, allow_blank: true

Is this correct way to implement it, or am I missing something? Thanks again.

Also a note on the docs:

# Set a "refresh" token directly on a cookie.
# Can be used in conjunction with `Guardian.Plug.VerifyCookie`
conn = MyApp.Guardian.Plug.remember_me(conn, resource)

But I don't think there is a MyApp.Guardian.Plug.remember_me/2 function.

oskar1233 commented 7 years ago

Hi, I have already created something like walkthrough for beginners with Guardian 1.0; for now it lies here. I would appreciate every help with improving the article or sample app (uses Phoenix and lies in the same repo). I plan to publish this on my not-yet-existing blog, but wanted someone to review it. Let me know if it looks good for you.

EDIT Uploaded this to my brand new blog (click).

zhulinpinyu commented 7 years ago

@TylerPachal I think this blog is very well. https://medium.com/@tylerpachal/session-authentication-example-for-phoenix-1-3-using-guardian-1-0-beta-a228c78478e6 https://github.com/TylerPachal/auth_ex

Hanspagh commented 7 years ago

@praveenperera Currently the remember_me and verify_cookie, does not look for/store the token under the same key. So even though the above is correct it wont work. Its getting fixed in #419 And you right about the docs, I will put that into the PR.

steveops commented 6 years ago

Hi all, could someone clarify to me this part of the documentation, the part where it says the plug does nothing if session is not loaded. I thought this should not depend on the session?

screen shot 2017-11-26 at 23 55 04
iacobson commented 6 years ago

I see that the remember_me function was removed.

# Set a "refresh" token directly on a cookie.
# Can be used in conjunction with [`Guardian.Plug.VerifyCookie`](Guardian.Plug.VerifyCookie.html)
conn = MyApp.Guardian.Plug.remember_me(conn, resource)

Is there another way to use the Guardian.Plug.VerifyCookie ?

Thank you

Hanspagh commented 6 years ago

@iacobson the remember_me functionality was removed temporarily, but we in the process of adding it back. See #419

iacobson commented 6 years ago

Perfect. Thanks. I will keep an eye on that. Hope will be merged soon

hassox commented 6 years ago

@steveops good catch. Can you please put up a PR with edits. Verify header has nothing to do with the session and this was likely a copy pasta error.

hassox commented 6 years ago

I've added a guide to my PR for some docs covering pipelines. Love some feedback on it. https://github.com/ueberauth/guardian/pull/474/files#diff-95ceda80a9f5416db3388ae5eeb5e747

Hanspagh commented 5 years ago

@ueberauth/developers I think we can close this?