Oauth2 workflow


#1

Continuing the discussion from Confused about OAUTH2 workflow:
First I recognize that my question is not Elm-specific and I apologize if some feel it is inappropriate in scope for this forum.

@pdamoc can you elaborate on the setup for this? Is the Elm side involved in the process of obtaining the JWT at all? If not how are you obtaining the JWT? I can understand how one would parse the token on the backend and pass that info as a flag to Elm, but I’m confused about how to implement the initial step.

Thanks in advance.

==========
I’ve found many variations on the following taken from this blog:

After checking for approval, your web-server code should then validate that the state parameter from the redirect is the same that was stored in the user’s session. Checking the state is important to protect against Cross-Site Request Forgery attacks. Your web-server code then needs to take the code parameter and call back to OAuth provider to validate it and turn it into an access-token. You web-server code should send a POST to the URL

But how does one get the server to parse the params of the redirect URL?


#2

No. In my setup, the obtaining of the JWT is exclusively the responsibility of the server.

All Elm does is check if the JWT exists and is valid in order to display either the authenticated view or some kind of login dialog.

The flow for the OAuth part is like this:

  1. User clicks “Login with Google” link that is a special route of Phoenix.
  2. It gets redirected to an authentication dialog
  3. The authentication dialog (controlled by Google or some other provider) redirects to a specific callback into the Phoenix app.
  4. This final Callback is responsible for redirecting to an in app route (either / or, as I prefer to do it, the referer path from the request headers)

The JWT token involved in this is handled by Guardian. I just extract it with jwt = Guardian.Plug.current_token(conn) and I render it.

The relevant part of the page template looks like this:

    <%= if @current_user do %>
    var user = 
        { "first_name": "<%= @current_user.first_name %>",
          "last_name": "<%= @current_user.last_name %>",
          "email": "<%= @current_user.email %>",
          "avatar" : "<%= @current_user.avatar %>",
          "phone" : "<%= @current_user.phone %>",
          "jwt" : "<%= @jwt %>",
          "user_type" : "<%= raw @user_type  %>",
        }
    <% else %>
    var user = null
    <% end %>

The user variable is used as flags for the Elm app.


#3

Template is the magic word. Thank you so much.


closed #4

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.