Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Phoenix and Rails Authentication

Andrew Hao
October 06, 2016
Programming
0
160

Phoenix and Rails Authentication

How does one introduce a Phoenix Authentication API into a side project? By doing whatever it takes to learn, and doing the simple things.

Andrew Hao

October 06, 2016
Tweet

More Decks by Andrew Hao

See All by Andrew Hao
You Can Write Devastatingly Effective Docs - Barbara Minto and the Pyramid Principle
andrewhao
1
250
CascadiaJS 2021 - Creating a Culture of Frontend Performance
andrewhao
0
540
Platform-powered: Building a Frontend Platform that Scales
andrewhao
1
490
Can Neural Networks Make Me a Better Parent?
andrewhao
0
3.1k
Namegames: Solving the hardest parts of Computer Science
andrewhao
0
2.6k
The Slow-Cooked Side Project
andrewhao
2
2.6k
Building Beautiful Systems with Phoenix Contexts and DDD
andrewhao
14
7.2k
Built to Last: A domain-driven approach to beautiful systems
andrewhao
1
3.4k
Highly Cohesive, Loosely Coupled (& Very Awesome)
andrewhao
1
3k

Other Decks in Programming

See All in Programming
/←このスケジュール表に立ち向かう フロントエンド開発戦略 / A front-end development strategy to tackle a single-slash schedule.
nrslib
1
590
What’s New in Compose Multiplatform - A Live Tour (droidcon London 2024)
zsmb
1
340
詳細解説! ArrayListの仕組みと実装
yujisoftware
0
480
Server Driven Compose With Firebase
skydoves
0
400
CSC305 Lecture 13
javiergs
PRO
0
130
Vue.js学習の振り返り
hiro_xre
2
130
EventSourcingの理想と現実
wenas
6
2.1k
qmuntal/stateless のススメ
sgash708
0
120
Go言語でターミナルフレンドリーなAIコマンド、afaを作った/fukuokago20_afa
monochromegane
2
140
Kubernetes for Data Engineers: Building Scalable, Reliable Data Pipelines
sucitw
1
200
カラム追加で増えるActiveRecordのメモリサイズ イメージできますか?
asayamakk
4
1.6k
PLoP 2024: The evolution of the microservice architecture pattern language
cer
PRO
0
1.6k

Featured

See All Featured
How to Think Like a Performance Engineer
csswizardry
19
1.1k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
46
2.1k
Building Your Own Lightsaber
phodgson
102
6k
Reflections from 52 weeks, 52 projects
jeffersonlam
346
20k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
42
9.2k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
4
290
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
37
1.8k
The Power of CSS Pseudo Elements
geoffreycrofte
72
5.3k
Code Review Best Practice
trishagee
64
17k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
9
680
How To Stay Up To Date on Web Technology
chriscoyier
788
250k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
159
15k

Transcript

  1. Phoenix and Rails Authentication Introducing Phoenix Auth APIs to a

    diverse ecosystem.

  2. Hi! I'm Andrew. I work here.

  3. I'm a bike commuter A while ago I built a

    bunch of little tools to track where I was going on my bike.

  4. Sooo many different things It's kind of a mess: GPS

    track ingestion in Node and JS, Mongo Visualization in Ruby on Rails Storage in PostgreSQL Authentication & identity in... TBD

  5. What the app is

  6. I know, I'll use Elixir! Idea: What if I introduced

    Elixir into my project as an identity service? Responsibilities: Authentication Authorization (TBD)

  7. Fell in love!

  8. Desired architecture Introduce an identity system, which will store the

    list of users and their tokens - and manage sessions, too!

  9. Step 1: Phoenix app from scratch Played with Ueberauth Wrote

    a plugin: ueberauth_strava Wrote it inside my Elixir app, then extracted into its own hex package. Ueberauth is kind of like OmniAuth

  10. Demo See: Ueberauth code

  11. Step 1, done: At this point, the app can log

    you in (SSO) with Strava, and find (or create) a user account. It also stores a token.

  12. Step 2: Research authentication Ueberauth is closely aligned with Guardian,

    which pushes you to use JWT (JSON Web Tokens) as an auth and session mechanism.

  13. JWT, briefly. www.jwt.io JSON object that stores: Claims (authorizations, permissions)

    Signatures, tokens Expiry times Store it in: Cookie? Local Storage?

  14. Step 2, findings: Hm, that might not be for me.

    Why not? Session expirations complicated Complex implementation Overkill - this is just a side project! "Stop Using JWT For Sessions"

  15. Step 3: Rails and Phoenix session sharing! Rails and Phoenix

    share parallel implementations of the Rails session serialization and deserialization code. Stored in a cookie.

  16. Step 3: Rails and Phoenix session sharing! Rails and Phoenix

    share parallel implementations of the Rails session serialization and deserialization code. Stored in a cookie. I wrote a blog post on this: Rails, Meet Phoenix

  17. How to do this: Set up Phoenix and Rails with

    the same: SECRET_KEY cookie name prefix cookie salt (encrypted, and signing salt) Then add a plug library PlugRailsCookieSessionStore

  18. Tada!

  19. Finally: open a Users API Internal apps can access it

    to get a list of users and their tokens. GET /users Simple Bearer-Token auth, protected over SSL.

  20. Soooooo...

  21. Which brings us here... cyclecity.io

  22. Takeaways Get started with Elixir however you can. Just because

    it's shiny.. doesn't mean you have to use it!

  23. Thanks! Track your rides! cyclecity.io Me: [email protected] twitter.com/@andrewhao github.com/andrewhao