Discord App
Discord Web

{@thread.name}

talha-azeem
2023-01-25
Phoenix Authentication Solved

talha-azeem: 

Couldn't recognize the signer algorithm.
Possible values are:

["HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512", "Ed25519", "Ed25519ph", "Ed448", "Ed448ph"]

Having this issue after implementing Ash Auth

talha-azeem:

<@346791515923939328> can you please help me out here?

jart:

Hi there.

jart:

You turned on tokens? Can I see your config?

talha-azeem:

yes let me share it

talha-azeem:

Here it is: 

# General application configuration
import Config

config :dummy,
  ecto_repos: [Dummy.Repo],
  ash_apis: [
    Dummy.Experiments,
    Dummy.Hardware
  ]

config :dummy,
  ash_apis: [Dummy.Accounts]

config :dummy,
  ecto_repos: [Dummy.Repo]

config :ash, :use_all_identities_in_manage_relationship?, false

config :dummy, :token_signing_secret, signing_secret: "<dummy_secret>"

talha-azeem:

Removed some comments from it so i can share it here

jart:

sorry, I meant the authentication DSL section from your user resource

talha-azeem:

<@346791515923939328> here it is: 

defmodule Dummy.Accounts.User do
  use Ash.Resource,
    data_layer: AshPostgres.DataLayer,
    extensions: [AshAuthentication]

  attributes do
    uuid_primary_key :id
    attribute :email, :ci_string, allow_nil?: false
    attribute :hashed_password, :string, allow_nil?: false, sensitive?: true
  end

  authentication do
    api Dummy.Accounts

    strategies do
      password :password do
        identity_field :email
      end
    end

    tokens do
      enabled? true
      token_resource Dummy.Accounts.Token
      signing_secret fn _, _ ->
        Application.fetch_env(:dummy, :token_signing_secret)
      end
    end
  end

  postgres do
    table "users"
    repo Dummy.Repo
  end

  identities do
    identity :unique_email, [:email]
  end
end

jart:

What version of Joken did hex bring in?

jart:

nvm.

jart:

it hasn’t had a release in a year

talha-azeem:

joken is 2.5.0

jart:

Can you tell me what the result of calling AshAuthentication.Info.authentication_tokens_signing_algorithm!(Dummy.Accounts.User) is please?

jart:

or is the above a compile-time error?

talha-azeem:

Let me check

talha-azeem:

<@346791515923939328> I am new to ash framework. how can i get the result of the above?

talha-azeem:

😅

jart:

just call it from iex

talha-azeem:

okay

talha-azeem: 

iex(3)> AshAuthentication.Info.authentication_tokens_signing_algorithm!(Dummy.Accounts.User)
"HS256"

jart:

okay well that’s fine.

jart:

where are you encountering the error?

talha-azeem:

After pressing the register button i get this

jart:

that’s so weird.

jart:

are you using a custom register action or just the one that ash auth defined?

talha-azeem:

ash auth defined

jart:

Can you run AshAuthentication.Info.strategy_for_action!(Dummy.Accounts.User, :register_with_password) please?

jart:

if it returns the strategy then I can’t see why it would be failing

talha-azeem: 

config :dummy, :token_signing_secret, signing_secret: "<dummy_secret>"

I ran mix phx.gen.secret 32 and added that here.

talha-azeem: 

iex(4)> AshAuthentication.Info.strategy_for_action!(DataDrivenMicroscopy.Accounts.User, :register_with_password)
%AshAuthentication.Strategy.Password{
  identity_field: :email,
  hashed_password_field: :hashed_password,
  hash_provider: AshAuthentication.BcryptProvider,
  confirmation_required?: true,
  password_field: :password,
  password_confirmation_field: :password_confirmation,
  register_action_name: :register_with_password,
  sign_in_action_name: :sign_in_with_password,
  resettable: [],
  name: :password,
  provider: :password,
  resource: DataDrivenMicroscopy.Accounts.User
}

talha-azeem:

<@346791515923939328> what should i be replacing with?

jart:

it’s fine how it is

jart:

you’re getting an error about the signing algorithm not the secret

jart:

I am expecting that calling this will cause an exception: AshAuthentication.Jwt.Config.token_signer(Dummy.Accounts.User)

jart:

if it works it will contain your secret so don’t paste it here

talha-azeem:

it doesn’t work

talha-azeem: 

** (Joken.Error) Couldn't recognize the signer algorithm.

Possible values are:

["HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512", "PS256", "PS384", "PS512", "Ed25519", "Ed25519ph", "Ed448", "Ed448ph"]

    (joken 2.5.0) lib/joken/signer.ex:102: Joken.Signer.create/3
    iex:5: (file)

jart:

just out of interest can you try this: AshAuthentication.Jwt.Config.token_signer(Dummy.Accounts.User, signing_algorithm: "HS256")

talha-azeem:

same error

jart:

that makes literally no sense.

jart:

can you run mix clean --deps and recompile and try it again?

talha-azeem:

sure

jart:

looks like you’re not the only one who has seen this: https://github.com/joken-elixir/joken/issues/369

talha-azeem:

what should i do to fix it? 😅

jart:

recompiling didn’t work?

talha-azeem:

compilin to check

talha-azeem:

It worked

talha-azeem:

strange

jart:

that is so frustrating

talha-azeem:

Thank you for your help <@346791515923939328>

talha-azeem:

I really appreciate it

talha-azeem:

yes indeed

talha-azeem:

It happened again today. Can you please look into it because compiling the deps again and again is frustrating.

talha-azeem:

and this time this issue is persisting.

ZachDaniel:

Unfortunately that is not our library, there is not so much that we can do. And keep in mind, this is free and open source software, we encourage the community to help with issues like this.

ZachDaniel:

I would suggest commenting on that issue, also

ZachDaniel:

Actually…I’m not entirely sure that issue reflects what is happening here

ZachDaniel:

that person said it was their own fault

ZachDaniel:

Are you setting signing_algorithm in your DSL anywhere?

ZachDaniel:

nvm, the fact that this line: 

AshAuthentication.Jwt.Config.token_signer(Dummy.Accounts.User, signing_algorithm: "HS256")

Doesn’t work tells me that the issue can’t be on our end TBH

ZachDaniel:

Its strange that you’re the only one having this issue though.

ZachDaniel:

Is there anything special about your development set up that you can think of?

ZachDaniel:

You said that the issue is persisting does that mean compiling dependencies isn’t helping?

jart:

<@1029405171027026033> sorry to hear it’s still going wrong. Can you call Joken.Signer.create("HS256", "s3cret") from iex? If not I think you should raise an issue on the joken repo and I’ll jump in and backfill as much info as I can.

ZachDaniel:

Will mark this as solved & close it for now, but keen to keep the conversation going if this ends up being an issue in AshAuthentication. For now we don’t really have a good way of knowing where the issue is/why its coming up for you and not others.

talha-azeem:

is ash_authentication_phoenix yours?

talha-azeem:

running this gives me %Joken.Signer struct

talha-azeem:

<@346791515923939328> https://discord.com/channels/711271361523351632/1067733106662047764 I enabled tokens in his app as well just to check if i am missing something but his app gives the same error as well.

ZachDaniel:

Are you on windows? Tokens are working for me just fine in my app, I’m just trying to understand what might be different about your setup.

talha-azeem:

I am using MacOS

ZachDaniel:

Can you push the changes you made to that example app up as a fork?

ZachDaniel:

I will clone it and see if I get the same results

talha-azeem:

okay let me do that.

talha-azeem:

https://github.com/talhaazeemmughal/ash_authentication_phoenix_example

talha-azeem:

here is the forked version

ZachDaniel:

Found it 🙂

ZachDaniel:

I don’t know why the JWT library gives such a bad error here

ZachDaniel:

This config: 

config :ash_auth_phoenix_example, :token_signing_secret, signing_secret: "dummy salt"

ZachDaniel:

Combined with this: 

      signing_secret fn _, _ ->
        Application.fetch_env(:ash_auth_phoenix_example, :token_signing_secret)
      end

ZachDaniel:

Is returning {:ok, signing_secret: "dummy_salt"}

ZachDaniel:

causing us to call Joken.Signer.create(algorithm, signing_secret: "dummy_salt")

ZachDaniel:

The signing_secret fn _, _ -> callback should be returning {:ok, } not {:ok, signing_secret: }

ZachDaniel:

If the config was this instead: 

config :ash_auth_phoenix_example, :token_signing_secret, "dummy salt"

ZachDaniel:

Then it would work

talha-azeem:

okay let me check

talha-azeem:

yes it worked. Thank you so much

talha-azeem:

It should be adding tokens automatically now, right?

ZachDaniel:

Do you want a token created for every session?

talha-azeem:

yes

ZachDaniel:

You probably want this config in your tokens section then: 

      store_all_tokens? true
      require_token_presence_for_authentication? true

ZachDaniel:

without store_all_tokens it only stores confirmation/reset tokens

ZachDaniel:

and with require_token_presence_for_authentication? it will look up tokens in the tokens table before authenticating

talha-azeem:

Noted. Thank you <@197905764424089601> . I have gotten really interested in it.

ZachDaniel:

I’ve made a PR to prevent this error in the future by validating the value better.