hanrelan:

Hi! I’ve been trying to use Ash Authentication with Clerk (auth0 competitor: https://clerk.com/ ) and haven’t been able to make it work.

We’re using the passwordless otp approach - based on the auth0 integration it seems like I should be able to do this using the oauth2 strategy. But I think validating the JWT requires a public key which the oauth2 strategy doesn’t ask for.

I’m not sure I understand the oauth flow that’s being executed via ash auth for things like auth0/clerk integration

jharton:

Hi Rohan. Under the hood we just use assent from pow auth. I just swung by their GitHub repo and there’s no issues open about it so I guess no one else has tried yet. My suggestion is to step out of ash auth and try getting a basic plug with assent to authorise a request and once you can do that we can make it work with ash auth.

hanrelan:

i guess the thing i don’t understand is what ash’s auth0 flow is intended for

hanrelan:

as in - I think I’m misunderstanding it’s use-case. Because I would imagine that ash_auth just needs to validate the tokens coming from auth0, but I don’t see where that could happen in ash_auth or assent since auth0’s public key isn’t made available anywhere

hanrelan:

(I’m not sure if this question makes sense because I’m quite confused)

hanrelan:

In case it’s helpful to whoever sees this next - The answer was to not use the oauth2 strategy since Clerk’s default flow doesn’t expect you to do server-side calls to sign-in a user.

Instead all you have to do is the token verification (and invalidation if needed) using the public signing key from Clerk. I used Joken for this, though guardian would also have worked fine.

It’s basically the plug described here: https://hexdocs.pm/ash_graphql/authorize-with-graphql.html