search

ueberauth / guardian_db

Guardian DB integration for tracking tokens and ensuring logout cannot be replayed.
MIT License
368 stars 87 forks source link

Tokens not being tracked in database #87

Closed albertchan closed 6 years ago

albertchan commented 6 years ago

I've installed guardian_db 1.1.0 with guardian 1.0.1 in my Phoenix application. I have followed the README by adding the configs, adding the lifecycle methods to my token module, and running the migration as instructed. However, when I try signing in an user with Guardian.encode_and_sign, the login is successful but I don't see a token entry added to the guardian_tokens table. Am I missing something?

My token module is just basically copying and pasting the snippet from the README:

defmodule ApiServer.Auth.Tokens do
  use Guardian, otp_app: :api_server

  def after_encode_and_sign(resource, claims, token, _options) do
    with {:ok, _} <- Guardian.DB.after_encode_and_sign(resource, claims["typ"], claims, token) do
      {:ok, token}
    end
  end

  def on_verify(claims, token, _options) do
    with {:ok, _} <- Guardian.DB.on_verify(claims, token) do
      {:ok, claims}
    end
  end

  def on_refresh({old_token, old_claims}, {new_token, new_claims}, _options) do
    with {:ok, _} <- Guardian.DB.on_refresh({old_token, old_claims}, {new_token, new_claims}) do
      {:ok, {old_token, old_claims}, {new_token, new_claims}}
    end
  end

  def on_revoke(claims, token, _options) do
    with {:ok, _} <- Guardian.DB.on_revoke(claims, token) do
      {:ok, claims}
    end
  end
end

Also, when I compile and run the server, I get the following warning:

function Guardian.DB.on_refresh/2 is undefined or private

Not sure what else I need to do to get it working. Any help will be greatly appreciated. Thanks!

svileng commented 6 years ago

Looks like the version of Guardian.DB that contains on_refresh/2 is not released — what we see in the docs and source code is not actually published on Hex but has been committed ~3 months ago.

@doomspork @hassox @samhamilton When are you planning to publish those changes to Hex, anything stopping this from being released?

doomspork commented 6 years ago

@albertchan I'm currently using the versions released on Hex. I just checked production and I can see tokens inserted and sweep from my DB.

We're going to need more info from you to troubleshoot why you're not seeing things inserted. Did you migrate your tables?

@svileng we've been working on other changes but can probably cut another reason. For future reference, you don't really need to rely on a release being pushed to Hex. You can use master (or a specific commit):

{:guardian_db, github: "ueberauth/guardian_db"}
yordis commented 6 years ago

@albertchan as @doomspork described, he is not having any issues. Fee free to open the issue with the information requested if your issues persists.