Why verify_claims function gets called two times?

ueberauth / guardian

Elixir Authentication

MIT License

3.44k stars 381 forks source link

Why verify_claims function gets called two times? #488

Closed jsangilve closed 6 years ago

jsangilve commented 6 years ago

I'm working on a Guardian module that implements verify_claims callback. I realized the function was always called two times. After having a look into Guardian's code, I realized that's indirectly called two times within Guardian.decode_and_verify:

Guardian.Token.JWT https://github.com/ueberauth/guardian/blob/72df24d7e27e0a13ee7538c9d9537ae19ab60aff/lib/guardian.ex#L618 Previous call in Guardian.decode_and_verify leads to this first call in Guardian.Token.JWT: https://github.com/ueberauth/guardian/blob/086c9e99332eecbda563b4f3dfbcce8bb91e0bb9/lib/guardian/token/jwt.ex#L324
Directly in Guardian.decode_and_verify https://github.com/ueberauth/guardian/blob/72df24d7e27e0a13ee7538c9d9537ae19ab60aff/lib/guardian.ex#L619

So, my question is why do you call verify_claims callback in Guardian.Token.JWT.verify_claims?

yordis commented 6 years ago

@jsangilve the second function is optional. https://github.com/ueberauth/guardian/blob/72df24d7e27e0a13ee7538c9d9537ae19ab60aff/lib/guardian.ex#L259

You don't need to pass define a verify_claims callback on your MyGuardian module.

Did you define that callback?

jsangilve commented 6 years ago

Thanks for your reply @yordis.

Yes, as I mentioned in the original post, I'm implementing this callback in MyGuardian module.

Sorry, I still don't understand what's the purpose of calling it twice in the code. By default, this callback just return {:ok, claims}. So, even if I don't implement it in MyGuardian module, it's still called twice.

Wouldn't be enough ONLY to call this function at guardian/lib/guardian.ex?

https://github.com/ueberauth/guardian/blob/72df24d7e27e0a13ee7538c9d9537ae19ab60aff/lib/guardian.ex#L619

yordis commented 6 years ago

@jsangilve if you need to do some custom verification as the documentation describe then you add the callback. That is the propose of that callback.

jsangilve commented 6 years ago

@yordis yes, I understand that. I'm implementing the callback because I need to do some custom verification. The problem is that this custom verify_claims callback is called twice while running the app.

So, my question is: the reason why a custom verify_claims callback gets called twice seems to be because Guardian do it by itself (as I explained in the first post). Is this a bug or intended behavior?

This is not a question about my code, but about Guardian's behavior.

yordis commented 6 years ago

@jsangilve it should call once per module. One in the Token module and the other your Guardian module.

yordis commented 6 years ago

Feel free to open it again.

verify_claims is called twice.

On the Token module
On your Guardian module so you can customize verification