Use ash_authentication with Clerk
Hi!
I've been trying to use Ash Authentication with Clerk (auth0 competitor: https://clerk.com/) and haven't been able to make it work.
We're using the passwordless otp approach - based on the auth0 integration it seems like I should be able to do this using the oauth2 strategy. But I think validating the JWT requires a public key which the oauth2 strategy doesn't ask for.
I'm not sure I understand the oauth flow that's being executed via ash auth for things like auth0/clerk integration
2 Replies
Hi Rohan. Under the hood we just use assent from pow auth. I just swung by their GitHub repo and there’s no issues open about it so I guess no one else has tried yet.
My suggestion is to step out of ash auth and try getting a basic plug with assent to authorise a request and once you can do that we can make it work with ash auth.
i guess the thing i don't understand is what ash's auth0 flow is intended for
as in - I think I'm misunderstanding it's use-case. Because I would imagine that ash_auth just needs to validate the tokens coming from auth0, but I don't see where that could happen in ash_auth or assent since auth0's public key isn't made available anywhere
(I'm not sure if this question makes sense because I'm quite confused)
In case it's helpful to whoever sees this next -
The answer was to not use the oauth2 strategy since Clerk's default flow doesn't expect you to do server-side calls to sign-in a user.
Instead all you have to do is the token verification (and invalidation if needed) using the public signing key from Clerk. I used Joken for this, though guardian would also have worked fine.
It's basically the plug described here:
https://hexdocs.pm/ash_graphql/authorize-with-graphql.html