FullstackPhoenix
Sign In

Screencast

Combining Guardian with Phx Gen Auth

24. Combining Guardian with Phx Gen Auth

auth guardian jwt

Add JWT Authentication to Phoenix User Sessions

When building a Phoenix application with both web and API interfaces, you often need to support different authentication methods. While Phoenix's built-in authentication works great for web sessions, APIs typically require token-based authentication. Here's how to combine them using Guardian, allowing users to authenticate with the same credentials regardless of interface. 

defmodule Tutorial.Users.Guardian do

  use Guardian, otp_app: :tutorial

  

  def subject_for_token(user, _claims) do

    {:ok, %{user_id: to_string(user.id)}}

  end

  

  def resource_from_claims(%{"sub" => %{"user_id" => user_id}}) do

    user = Users.get_user!(user_id)

    {:ok, %{user: user}}

  end

end

Secure Phoenix API Endpoints with JWT Authentication

Protecting API endpoints with JWT authentication in Phoenix is straightforward once you have the basic setup in place. Guardian provides pre-built plugs that handle token verification and user loading, making it easy to secure specific routes or entire API sections. 

defmodule TutorialWeb.Api.AuthAccessPipeline do

  use Guardian.Plug.Pipeline, otp_app: :tutorial



  plug Guardian.Plug.VerifyHeader, claims: %{"typ" => "access"}

  plug Guardian.Plug.EnsureAuthenticated

  plug Guardian.Plug.LoadResource, allow_blank: true

end

Implement JWT Token Generation for API Authentication

When a user authenticates successfully with their email and password, you'll want to generate a JWT token they can use for subsequent API requests. This process reuses the existing Phoenix authentication while adding the token generation step. 

def create(conn, %{"email" => email, "password" => password}) do

  case Users.get_user_by_email_and_password(email, password) do

    %User{} = user ->

      {:ok, jwt, _full_claims} = Guardian.encode_and_sign(user)

      conn

      |> put_status(:created)

      |> render(:create, user: user, jwt: jwt)

    nil ->

      # Handle authentication failure

  end

end

What you'll learn in this video:

  • How to set up Guardian for JWT authentication alongside Phoenix's built-in authentication
  • Techniques for securing API endpoints with JWT verification
  • Best practices for implementing token-based authentication in Phoenix
  • How to handle authentication errors and provide meaningful responses
  • Strategies for managing user sessions across web and API interfaces
  • Ways to customize JWT claims and handle token verification
Subscribe to Video Access now!
Back to Screencasts