Now that the auth service returns a jwt on authenticate, we want to be able to fetch the information about a person based on this jwt.

• Create the /person/info endpoint where the header of the request will contain the jwt.

Currently the jwt created on the callback url for Google or Github is hardcoded:

• Use Joken to create a "real" jwt that will be send back to the client

We recently added a TestDouble to both elixir-auth-github and elixir-auth-google which makes it much easier for people using those packages to test their code. 🎉 see: dwyl/elixir-auth-google#35

That means we no longer need to have the files:

• https://github.com/dwyl/auth-mvp/blob/84f1b76b8903b5467ceb2f3977e1250af077fb20/lib/mock/elixir_auth_github.ex
• https://github.com/dwyl/auth-mvp/blob/84f1b76b8903b5467ceb2f3977e1250af077fb20/lib/mock/elixir_auth_google.ex

Additionally we will no longer need the following configuration lines in test.exs:

Todo

• Update packages in mix.exs
• Remove config lines from test.exs
• Update Tests if Necessary

Monitor the code of the project with

• coverage: https://github.com/parroty/excoveralls
• credo: https://hexdocs.pm/credo/Credo.html

While using the authentication service I noticed the application returns sometimes unauthorized response.

• Check the expiration time when a jwt is created

see

To allow applications to use the dwyl authentication service directly without using the api, we need to create a specific controller which will display the oauth urls to login with Google or Github.

see also: dwyl/app-mvp-elm#32

linked to dwyl/auth#40 (comment)

• Create a new Phoenix application with mix phx.new auth-mvp --app auth_mvp . We might need to render some html from the auth application so I'm not adding the --no-webpack and --no-html option

• Use elixir-auth-google and elixir-auth-github

  • Add the packages as dependencies
  • Create /auth/urls endpoint using the api scope and returns the list of the oauth urls
  • Create callback endpoints. These endpoints are were the Google and Github application will send the token once the user authenticate. /auth/google/callback and `/auth/github/callback

• Allow Cross Origin Resource Sharing to allow requests to access the auth api endpoints

  • Add the cors_plug dependency
  • Update the endpoint.ex file to add the line plug CORSPlug, origin: ["*"]

• Deploy the application on Heroku

  • Define the callback url to match the heroku name of the application. This allow the /api/auth/github/callback (and the google one) to be available for the Oauth apps
  • Generate a new secret key and add it to the environment variables on Heroku, mix phx.gen.secret
  • Add Postgres resource on Heroku
  • Follow the heroku deployment guide to make sure the application is ready: https://hexdocs.pm/phoenix/heroku.html

After running git pull on master branch and mix deps.get,
I attempted to run mix test on localhost and got the following error:

Compiling 3 files (.ex)

== Compilation error in file lib/plugs/authenticate_person.ex ==
** (ArgumentError) ranges (first..last) expect both sides to be integers, got: TokenAuthMvp..verify_and_validate(jwt)
    (elixir 1.10.1) lib/kernel.ex:3287: Kernel.range/3
    (elixir 1.10.1) expanding macro: Kernel.".."/2
    lib/plugs/authenticate_person.ex:33: AuthMvp.Plugs.AuthenticatePerson.validate_token/2

The line in question authenticate_person.ex:33 is AuthMvp.Token.verify_and_validate(jwt):

I have all the required environment variables listed in .env_sample ...

@SimonLab can you help clarify how to run the project on localhost?

Google and Github Oauth2 allow us to get basic information about the user.
We are currently only saving in our Postgres person database the email of the user:

We want now to be able to save the profile image of the user.
With Google the image url is already returned via ElixirAuthGoogle package under the picture value:

With Github the value to get will be saved under avatar_url

• Update the schema to add an avatar string field
• Add a new migration to create the avatar field in the database
• Update the person changeset to cast the avatar value:

def changeset(person, attrs) do
    person
    |> cast(attrs, [:email, :verified])
    |> validate_required([:email, :verified])
  end

On authentication we want know to be able to create person and session data.

• Create person table containing email and verified fields
• Create session table with valid field

using context: mix phx.gen.context People Person people email:string verified:boolean

This basic structure should be enough to allow a person to login and create a new session for the applications using auth-mvp. We will update the list of fields on the next PRs

see also:

• dwyl/auth#32
• https://hexdocs.pm/phoenix/Mix.Tasks.Phx.Gen.Schema.html
• https://hexdocs.pm/phoenix/Mix.Tasks.Phx.Gen.Context.html