Use API access token to login into LiveView
Currently my system has two different ways to login, one is from our frontend which uses a GraphQL mutation to do the login and the other is via AshAuthentication LiveSession for LiveView.
This means that for GraphQL I send the access token in the header as a Bearer authentication, but for LiveView, Phoenix will actually sign that same access token with the csrf and store that signature into a cookie called
What I want to do is to make both system login process seamless, meaning that if the user is logged from the frontend (which uses the GraphQL api), it will also automatically be logged when the user go to the LiveView part of the system.
What I tried to do was to actually compute the same signature LiveView computes and send that signature as part of the sign-in GraphQL mutation response, that way the frontend can create that same cookie phoenix creates with it and when the user joins any LiveView page, it will find the cookie and be already logged-in.
I couldn't find what is the best way to compute the signature manually, also I'm not sure if that is the best approach for this use case or if AshAuthentication has a better way to handle that.
Any suggestions are welcome.
This means that for GraphQL I send the access token in the header as a Bearer authentication, but for LiveView, Phoenix will actually sign that same access token with the csrf and store that signature into a cookie called
_marketplace_key.What I want to do is to make both system login process seamless, meaning that if the user is logged from the frontend (which uses the GraphQL api), it will also automatically be logged when the user go to the LiveView part of the system.
What I tried to do was to actually compute the same signature LiveView computes and send that signature as part of the sign-in GraphQL mutation response, that way the frontend can create that same cookie phoenix creates with it and when the user joins any LiveView page, it will find the cookie and be already logged-in.
I couldn't find what is the best way to compute the signature manually, also I'm not sure if that is the best approach for this use case or if AshAuthentication has a better way to handle that.
Any suggestions are welcome.
