Remember me functionality in Phoenix using Guardian

浪尽此生 提交于 2019-12-11 07:20:05

问题


I'm developing a login system for a web application using Guardian to handle authentication. In my Guardian config i have

ttl: {30, :days}

User's token is stored in cookies by calling:

defp login(conn, user) do
  conn
  |> Guardian.Plug.sign_in(user)
end

Like this, token is valid for 30 days and stays there even if browser is closed (expected behaviour for a cookie). User, however, should be able to choose if being remembered or not during login. If not, token must be deleted from cookies upon closing browser window. I've tried to set

ttl: {0, :days}

and it seems to accomplish the needed behaviour. Said that:

  1. Is ttl: {0, :days} a proper way to authenticate a user until browser window gets closed? If so, how to programmatically change ttl value in the pipeline before Guardian.Plug.sign_in(conn, user) is called?
  2. Is Guardian able to store token in cookies or in session storage based on the user selection? (cookies for selected remember me, session storage if not)

回答1:


Maybe check the Guardian.Plug.remember_me/4 function. There's an example on Guardian's GitHub.

# Set a "refresh" token directly on a cookie.
# Can be used in conjunction with `Guardian.Plug.VerifyCookie`
conn = MyApp.Guardian.Plug.remember_me(conn, resource)

Changing the TTL is very dangerous here, because it means that right after login you have expired token so every single API route would not work if you authorize the request based on the token.

Guardian is able to store the session and store the token in the same time, so propably you would need to customize the auth system to your needs.



来源:https://stackoverflow.com/questions/47097955/remember-me-functionality-in-phoenix-using-guardian

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!