Ash Framework•2mo ago

How to Use DB/Redis based Sessions with AshAuthentication Instead of JWTs?

Hi everyone! 👋 I just purchased the Ash Framework book from pragstudio.com to learn more about the framework, as I'm hoping to port a legacy Rails app over to Elixir/Phoenix/Ash. When I reached the authentication section, I noticed that it only covers JWT-based sessions for the two chapters on authentication and authorization and there is no mention of database-stored / cookie-based sessions. For my use case, I'd prefer traditional server-side sessions (ideally stored in Redis). Could someone guide me on how I might implement this with AshAuthentication? Any examples, docs, or best practices would be greatly appreciated! 🙏

12 Replies

ZachDaniel•2mo ago

The JWT with AshAuthentication is only used to identify the user and for you to add additional claims if you want You can use Phoenix's standard session logic, orthogonally to how your user is authenticated

bigtomcallahanOP•2mo ago

I'm running into an issue and have documented everything in a Markdown file. For some reason, I can't paste it directly into this Discord chat. Is there a reference on how to post console output and code snippets with syntax highlighting?

ZachDaniel•2mo ago

🤔 you should be able to just copy/paste it essentially is it just too much content? Otherwise, http://gist.github.com would probably do well enough. '''markdown <your stuff> ''' replace the quotes with backticks is the syntax for sytnax highlighting

bigtomcallahanOP•2mo ago

Looks like gist is the best method. Here you go: https://gist.github.com/pupdogg/ee45f4ae3020701bb292096a6efa22b2

Gist

ash-issue.md

GitHub Gist: instantly share code, notes, and snippets.

ZachDaniel•2mo ago

Hmm...... Try copying the source of the hash password change from AshAuthentication into your own change You can then see whats going wrong hashing the password

bigtomcallahanOP•2mo ago

Ok, let me track that down The Assumption failed: Error hashing password error occurs because: 1. Root Cause: AshAuthentication.Info.find_strategy/3 returns :error when called from HashPasswordChange 2. Missing Context: The create_with_password action doesn't automatically map to the :password strategy 3. Bcrypt Works Fine: Direct Bcrypt.hash_pwd_salt/1 and AshAuthentication.BcryptProvider.hash/1 both work perfectly Immediate Fix Add explicit strategy context to changeset: |> Ash.Changeset.set_context(%{strategy_name: :password}) Working seed:

# Test password for all users
test_password = "Start123!"

# Create System User (Admin)
IO.puts("Creating System User...")

case Accounts.SystemUser
     |> Ash.Changeset.for_create(:create_with_password, %{
       email: "admin@salon.com",
       username: "admin",
       first_name: "System",
       last_name: "Administrator",
       role: "super_admin",
       status: "active",
       timezone: "America/New_York",
       password: test_password,
       password_confirmation: test_password
     })
     |> Ash.Changeset.set_context(%{strategy_name: :password})
     |> Ash.create(domain: Salon) do
  {:ok, _user} ->
    IO.puts("✅ System User created: admin@salon.com")

  {:error, changeset} ->
    IO.puts("❌ Failed to create System User: #{inspect(changeset.errors)}")
end

# Test password for all users
test_password = "Start123!"

# Create System User (Admin)
IO.puts("Creating System User...")

case Accounts.SystemUser
     |> Ash.Changeset.for_create(:create_with_password, %{
       email: "admin@salon.com",
       username: "admin",
       first_name: "System",
       last_name: "Administrator",
       role: "super_admin",
       status: "active",
       timezone: "America/New_York",
       password: test_password,
       password_confirmation: test_password
     })
     |> Ash.Changeset.set_context(%{strategy_name: :password})
     |> Ash.create(domain: Salon) do
  {:ok, _user} ->
    IO.puts("✅ System User created: admin@salon.com")

  {:error, changeset} ->
    IO.puts("❌ Failed to create System User: #{inspect(changeset.errors)}")
end

ZachDaniel•2mo ago

🤔 ah, you can put that in your action change set_context(%{strategy_name: :password}) Can you open an issue for us to improve that error message?

bigtomcallahanOP•2mo ago

Which repo should I create it under? ash-project/ash or ash-authentication

bigtomcallahanOP•2mo ago

done! https://github.com/team-alembic/ash_authentication/issues/1057

GitHub

Confusing error message: "Assumption failed: Error hashing password...

Summary The HashPasswordChange produces a misleading error message "Assumption failed: Error hashing password" when the actual issue is that the strategy cannot be found in the changeset ...

ZachDaniel•2mo ago

@bigtomcallahan I like your proposed fix BTW if you just want to open a PR with that change

bigtomcallahanOP•2mo ago

You got it, thank you! 🙏

bigtomcallahanOP•2mo ago

https://github.com/team-alembic/ash_authentication/pull/1058

GitHub

Update hash_password_change.ex by pupdogg · Pull Request #1058 · ...

Updated change method in AshAuthentication.Strategy.Password.HashPasswordChange per issue #1057

Gaming

Programming

How to Use DB/Redis based Sessions with AshAuthentication Instead of JWTs?

Did you find this page helpful?