Hello!
I’m neither an Elixir nor Phoenix or Ash expert, but I believe I found misinformation in the A brief detour into LiveView process shenanigans section in the book. The paragraph describes the authentication process for the LiveView process with Ash.Authentication as follows:
The page liveviews, such as TunezWeb.Artists.ShowLive, get the current user via an on_mount callback set up in your app’s router with ash_authentication_live_session. This callback will read the authentication token stored in the session, load the correct user record, and store it in socket.assigns.
I believe this information is not correct. According to ash_authentication_live_session docs:
Generate a live session wherein all subject assigns are copied from the conn into the socket.
Basically, this function copies all assigns from the conn object. The process of getting user_id from the session and loading it into conn.current_user happens in TunezWeb.Router via plug :load_from_session for the browser pipeline. This function comes from AshAuthentication.Plug.Helpers and is described in the documentation as:
Attempt to retrieve all actors from the connections’ session.
A wrapper around
AshAuthentication.Plug.Helpers.retrieve_from_session/2with theotp_appas extracted from the endpoint.
And if we look at mentioned AshAuthentication.Plug.Helpers.retrieve_from_session/2 function:
Attempt to retrieve all users from the connections’ session.
Iterates through all configured authentication resources for
otp_appand retrieves any users stored in the session, loads them and stores them in the assigns under their subject name (with the prefixcurrent_).If there is no user present for a resource then the assign is set to
nil.
PS. Thank you for the book. It’s an excellent resource on Ash Framework!