search

ueberauth / guardian

Elixir Authentication
MIT License
3.44k stars 381 forks source link

my token is invalid_token when I send request and my pipeline don't recognize #475

Closed shahryarjb closed 6 years ago

shahryarjb commented 6 years ago

Hi, My token shows me {"message":"invalid_token"} when I send request and my pipeline don't recognise it. I guess my problem is plug Guardian.Plug.VerifyHeader, realm: "Bearer" , but I dont know how to fix it.

My request image : https://devheroes.club/uploads/default/original/1X/28f63c2ff97e12a4763ecd317b0481396aa32142.png

E.x : 

curl -H "Authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJhcGlfdHJhbmdlbGwiLCJleHAiOjE1Nzk2MTIzODcsImlhdCI6MTUxOTczNzE4NywiaXNzIjoiYXBpX3RyYW5nZWxsIiwianRpIjoiMmNiZmI0NGQtM2Y1Yy00YzAzLWE5YWQtNmRjZjRmZmY3NjY0IiwibmJmIjoxNTE5NzM3MTg2LCJzb21lIjoiY2xhaW0iLCJzdWIiOiIxIiwidHlwIjoiYWNjZXNzIn0.1IXxsdB4DDoCkMPuHqy6YHD4eA63SNv6l4NXzYs9JXaskj7Kggkjg21C_T8N-gK9Vzy38Z--63nnZ__Zt2l65w" -X POST -d '{"username":"xyz","password":"xyz"}' http://localhost:4000/api/users/sign-out

Or : 

curl -H "Authorization: Bearer YOUR TOKEN" -X POST -d '{"username":"xyz","password":"xyz"}' http://localhost:4000/api/users/sign-out

My pipeline : 

  # json VerifyHeader
  plug Guardian.Plug.VerifyHeader, realm: "Bearer"
  plug Guardian.Plug.LoadResource, ensure: true, allow_blank: true

My project repositorie link: https://github.com/shahryarjb/ESOGIP

Thanks

hassox commented 6 years ago

The two issues that are causing Guardian not to work for you are:

In your pipeline you're setting the module to ApiTrangell.Tokens but this module does not exist. You should change this to: ApiTrangell.Guardian

In ApiTrangell you do not have the function you're trying to call in ApiTrangell.Guardian You'll need to implement that.

For your application it would be as simple as:

defmodule ApiTrangell do
  def get_resource_by_id(id) do
    %{id: id, user: "shahryar"}
  end
end

A couple of other things though that are just general good practices. You should have a .gitignore and include at least _build and deps in it. That repo has them checked in :(

Nested routes in your router are not something that is encouraged. It makes it very difficult to work out what's going on when your application grows a bit.