Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Phoenix and Rails Authentication

Andrew Hao
October 06, 2016
Programming
0
170

Phoenix and Rails Authentication

How does one introduce a Phoenix Authentication API into a side project? By doing whatever it takes to learn, and doing the simple things.

Andrew Hao

October 06, 2016
Tweet

More Decks by Andrew Hao

See All by Andrew Hao
You Can Write Devastatingly Effective Docs - Barbara Minto and the Pyramid Principle
andrewhao
1
290
CascadiaJS 2021 - Creating a Culture of Frontend Performance
andrewhao
0
670
Platform-powered: Building a Frontend Platform that Scales
andrewhao
1
610
Can Neural Networks Make Me a Better Parent?
andrewhao
0
3.2k
Namegames: Solving the hardest parts of Computer Science
andrewhao
0
2.7k
The Slow-Cooked Side Project
andrewhao
2
2.7k
Building Beautiful Systems with Phoenix Contexts and DDD
andrewhao
14
7.4k
Built to Last: A domain-driven approach to beautiful systems
andrewhao
1
3.6k
Highly Cohesive, Loosely Coupled (& Very Awesome)
andrewhao
1
3.2k

Other Decks in Programming

See All in Programming
Strategic Design (DDD) for the Frontend @DDD Meetup Stuttgart
manfredsteyer
PRO
0
160
Dissecting and Reconstructing Ruby Syntactic Structures
ydah
1
820
PHP で学ぶ OAuth 入門
azuki
1
210
七輪ライブラリー: Claude AI で作る Next.js アプリ
suneo3476
1
120
AI Coding Agent Enablement - エージェントを自走させよう
yukukotani
14
6.2k
生成AIを使ったQAアプリケーションの作成 - ハンズオン補足資料
oracle4engineer
PRO
3
250
SwiftUI API Design Lessons
niw
1
300
On-the-fly Suggestions of Rewriting Method Deprecations
ohbarye
1
3.2k
Building Scalable Mobile Projects: Fast Builds, High Reusability and Clear Ownership
cyrilmottier
2
300
Compose Hot Reload is here, stop re-launching your apps! (Android Makers 2025)
zsmb
1
550
Fiber Scheduler vs. General-Purpose Parallel Client
hayaokimura
1
110
Sharing features among Android applications: experience feedback
jbvincey
0
110

Featured

See All Featured
Automating Front-end Workflow
addyosmani
1369
200k
Git: the NoSQL Database
bkeepers
PRO
430
65k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.6k
Docker and Python
trallard
44
3.3k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
47
2.7k
Mobile First: as difficult as doing things right
swwweet
223
9.6k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
120k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
30
2.3k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
40
7.2k
Measuring & Analyzing Core Web Vitals
bluesmoon
7
390
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
34
2.9k
How to train your dragon (web standard)
notwaldorf
90
6k

Transcript

  1. Phoenix and Rails Authentication Introducing Phoenix Auth APIs to a

    diverse ecosystem.

  2. Hi! I'm Andrew. I work here.

  3. I'm a bike commuter A while ago I built a

    bunch of little tools to track where I was going on my bike.

  4. Sooo many different things It's kind of a mess: GPS

    track ingestion in Node and JS, Mongo Visualization in Ruby on Rails Storage in PostgreSQL Authentication & identity in... TBD

  5. What the app is

  6. I know, I'll use Elixir! Idea: What if I introduced

    Elixir into my project as an identity service? Responsibilities: Authentication Authorization (TBD)

  7. Fell in love!

  8. Desired architecture Introduce an identity system, which will store the

    list of users and their tokens - and manage sessions, too!

  9. Step 1: Phoenix app from scratch Played with Ueberauth Wrote

    a plugin: ueberauth_strava Wrote it inside my Elixir app, then extracted into its own hex package. Ueberauth is kind of like OmniAuth

  10. Demo See: Ueberauth code

  11. Step 1, done: At this point, the app can log

    you in (SSO) with Strava, and find (or create) a user account. It also stores a token.

  12. Step 2: Research authentication Ueberauth is closely aligned with Guardian,

    which pushes you to use JWT (JSON Web Tokens) as an auth and session mechanism.

  13. JWT, briefly. www.jwt.io JSON object that stores: Claims (authorizations, permissions)

    Signatures, tokens Expiry times Store it in: Cookie? Local Storage?

  14. Step 2, findings: Hm, that might not be for me.

    Why not? Session expirations complicated Complex implementation Overkill - this is just a side project! "Stop Using JWT For Sessions"

  15. Step 3: Rails and Phoenix session sharing! Rails and Phoenix

    share parallel implementations of the Rails session serialization and deserialization code. Stored in a cookie.

  16. Step 3: Rails and Phoenix session sharing! Rails and Phoenix

    share parallel implementations of the Rails session serialization and deserialization code. Stored in a cookie. I wrote a blog post on this: Rails, Meet Phoenix

  17. How to do this: Set up Phoenix and Rails with

    the same: SECRET_KEY cookie name prefix cookie salt (encrypted, and signing salt) Then add a plug library PlugRailsCookieSessionStore

  18. Tada!

  19. Finally: open a Users API Internal apps can access it

    to get a list of users and their tokens. GET /users Simple Bearer-Token auth, protected over SSL.

  20. Soooooo...

  21. Which brings us here... cyclecity.io

  22. Takeaways Get started with Elixir however you can. Just because

    it's shiny.. doesn't mean you have to use it!

  23. Thanks! Track your rides! cyclecity.io Me: [email protected] twitter.com/@andrewhao github.com/andrewhao