Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Phoenix and Rails Authentication

Andrew Hao
October 06, 2016
Programming
0
140

Phoenix and Rails Authentication

How does one introduce a Phoenix Authentication API into a side project? By doing whatever it takes to learn, and doing the simple things.

Andrew Hao

October 06, 2016
Tweet

More Decks by Andrew Hao

See All by Andrew Hao
You Can Write Devastatingly Effective Docs - Barbara Minto and the Pyramid Principle
andrewhao
1
190
CascadiaJS 2021 - Creating a Culture of Frontend Performance
andrewhao
0
420
Platform-powered: Building a Frontend Platform that Scales
andrewhao
1
360
Can Neural Networks Make Me a Better Parent?
andrewhao
0
2.9k
Namegames: Solving the hardest parts of Computer Science
andrewhao
0
2.5k
The Slow-Cooked Side Project
andrewhao
2
2.5k
Building Beautiful Systems with Phoenix Contexts and DDD
andrewhao
14
6.9k
Built to Last: A domain-driven approach to beautiful systems
andrewhao
1
3.3k
Highly Cohesive, Loosely Coupled (& Very Awesome)
andrewhao
1
2.9k

Other Decks in Programming

See All in Programming
見た目から始める生産性向上
ikumatadokoro
10
1.5k
Balkan Ruby 2024 — How and why to run SQLite on Rails in production
fractaledmind
0
100
Site Reliability Engineering for GMO
pyama86
9
1.1k
障害対応を起点としたもっといい開発と運用のサイクル作りのためにできること / Hatena Enginner Seminar #29
polamjag
0
410
TCAとKMPを用いた新規動画配信アプリ 「ABEMA Live」の設計
tomu28
2
130
Introducing Kotlin Multiplatform in an existing mobile app - Workshop Edition | AndroidMakers Paris
prof18
0
160
デフォルトにして至高、RubyMineの大好きな所
ruzia
0
1k
Sheets API使ってみた
toshi0383
2
170
Deep Dive into React Stream/Serialize
mugi_uno
3
740
Micro Frontends for Java Microservices - Utah JUG 2024
mraible
PRO
1
110
ServerAction で Progressive Enhancement はどこまで頑張れるか? / progressive-enhancement-with-server-action
takefumiyoshii
6
460
Ruby GitHub Packages
bkuhlmann
0
650

Featured

See All Featured
Writing Fast Ruby
sferik
622
60k
Building Better People: How to give real-time feedback that sticks.
wjessup
356
18k
Optimising Largest Contentful Paint
csswizardry
13
2.4k
How GitHub Uses GitHub to Build GitHub
holman
468
290k
Raft: Consensus for Rubyists
vanstee
133
6.3k
Debugging Ruby Performance
tmm1
70
11k
Pencils Down: Stop Designing & Start Developing
hursman
117
11k
Atom: Resistance is Futile
akmur
260
25k
How STYLIGHT went responsive
nonsquared
92
4.8k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
660
120k
Reflections from 52 weeks, 52 projects
jeffersonlam
345
19k
Thoughts on Productivity
jonyablonski
60
3.9k

Transcript

  1. Phoenix and Rails Authentication Introducing Phoenix Auth APIs to a

    diverse ecosystem.

  2. Hi! I'm Andrew. I work here.

  3. I'm a bike commuter A while ago I built a

    bunch of little tools to track where I was going on my bike.

  4. Sooo many different things It's kind of a mess: GPS

    track ingestion in Node and JS, Mongo Visualization in Ruby on Rails Storage in PostgreSQL Authentication & identity in... TBD

  5. What the app is

  6. I know, I'll use Elixir! Idea: What if I introduced

    Elixir into my project as an identity service? Responsibilities: Authentication Authorization (TBD)

  7. Fell in love!

  8. Desired architecture Introduce an identity system, which will store the

    list of users and their tokens - and manage sessions, too!

  9. Step 1: Phoenix app from scratch Played with Ueberauth Wrote

    a plugin: ueberauth_strava Wrote it inside my Elixir app, then extracted into its own hex package. Ueberauth is kind of like OmniAuth

  10. Demo See: Ueberauth code

  11. Step 1, done: At this point, the app can log

    you in (SSO) with Strava, and find (or create) a user account. It also stores a token.

  12. Step 2: Research authentication Ueberauth is closely aligned with Guardian,

    which pushes you to use JWT (JSON Web Tokens) as an auth and session mechanism.

  13. JWT, briefly. www.jwt.io JSON object that stores: Claims (authorizations, permissions)

    Signatures, tokens Expiry times Store it in: Cookie? Local Storage?

  14. Step 2, findings: Hm, that might not be for me.

    Why not? Session expirations complicated Complex implementation Overkill - this is just a side project! "Stop Using JWT For Sessions"

  15. Step 3: Rails and Phoenix session sharing! Rails and Phoenix

    share parallel implementations of the Rails session serialization and deserialization code. Stored in a cookie.

  16. Step 3: Rails and Phoenix session sharing! Rails and Phoenix

    share parallel implementations of the Rails session serialization and deserialization code. Stored in a cookie. I wrote a blog post on this: Rails, Meet Phoenix

  17. How to do this: Set up Phoenix and Rails with

    the same: SECRET_KEY cookie name prefix cookie salt (encrypted, and signing salt) Then add a plug library PlugRailsCookieSessionStore

  18. Tada!

  19. Finally: open a Users API Internal apps can access it

    to get a list of users and their tokens. GET /users Simple Bearer-Token auth, protected over SSL.

  20. Soooooo...

  21. Which brings us here... cyclecity.io

  22. Takeaways Get started with Elixir however you can. Just because

    it's shiny.. doesn't mean you have to use it!

  23. Thanks! Track your rides! cyclecity.io Me: [email protected] twitter.com/@andrewhao github.com/andrewhao