ash_authentication icon indicating copy to clipboard operation
ash_authentication copied to clipboard

Published 20 hours ago verified publisher icon team-alembic

'Get Started' tutorial issue: `The ':password' authentication strategy requires tokens be enabled.`

Open arcanemachine opened this issue 1 year ago • 5 comments

NOTE: In order to get this far in the tutorial, I had to upgrade the ash_authentication dependency to ~> 4.0 in mix.exs (the tutorial uses an outdated version (~> 3.11). I will be making a pull request with my fixes after I have completed the tutorial. (Edit: Pull request here #680)

NOTE 2: For this tutorial, I am using the Helpdesk app created in the main Ash 'Get Started' guide. I will refer to the application as MyApp to be consistent with the AshAuthentication docs, even though my application is called Helpdesk.

I am following the tutorial for the newest versions of Ash and am getting an error after setting up the user/token as described in this section of the Get Started tutorial:

** (EXIT from #PID<0.99.0>) an exception was raised:
    ** (Spark.Error.DslError) [nil]
 authentication -> tokens -> enabled?:
  The `:password` authentication strategy requires tokens be enabled.

To fix this error you can either:
  1. disable the `:password` strategy, or
  2. enable tokens.

        lib/helpdesk/accounts/user.ex:1: anonymous fn/1 in Helpdesk.Accounts.User.__verify_spark_dsl__/1
        (elixir 1.16.2) lib/enum.ex:987: Enum."-each/2-lists^foreach/1-0-"/2
        lib/helpdesk/accounts/user.ex:1: Helpdesk.Accounts.User.__verify_spark_dsl__/1
        (elixir 1.16.2) lib/enum.ex:987: Enum."-each/2-lists^foreach/1-0-"/2
        (elixir 1.16.2) lib/module/parallel_checker.ex:271: Module.ParallelChecker.check_module/3
        (elixir 1.16.2) lib/module/parallel_checker.ex:82: anonymous fn/6 in Module.ParallelChecker.spawn/4

The issue is resolved by adding a single line to the tokens section of the MyApp.Accounts.User module:

    tokens do
      enabled? true # <-- Adding this line fixes the compiler error
      token_resource Helpdesk.Accounts.Token

      signing_secret fn _, _ ->
        Application.fetch_env(:helpdesk, :token_signing_secret)
      end
    end

I found this solution by digging into the old commits for the repo. Namely, in commit 03b38bd ("feat!: Tokens are now enabled by default.").

Of course, the commit implies that the enabled? true value shouldn't be required at all (since part of the commit involved the removal of that exact line from the tutorial code example), so I'm guessing there a is bug somewhere.

Thanks

arcanemachine avatar May 13 '24 01:05 arcanemachine

🤔 interesting. @jimsynz I thought we made the tokens optional as long as sign_in_tokens was disabled?

zachdaniel avatar May 13 '24 04:05 zachdaniel

Dang, I must have missed a spot in the transformer.

my bad

jimsynz avatar May 14 '24 02:05 jimsynz

Okay, so two things:

  1. there was a bug with the verifier where it should have told you to disable sign-in tokens rather than the whole password strategy.
  2. you do have to have enabled? true in the tokens section. I've put that back in the guide.

jimsynz avatar May 14 '24 03:05 jimsynz

This is also an issue here: https://ash-hq.org/docs/guides/ash_authentication_phoenix/latest/tutorials/get-started

diit avatar May 25 '24 01:05 diit

@diit Already fixed

https://github.com/team-alembic/ash_authentication_phoenix/pull/447

arcanemachine avatar May 25 '24 06:05 arcanemachine