Unable to set secret_key in runtime.exs about guardian HOT 12 CLOSED

Hi @geofflane. Thanks for the bug report. As I read the code, if you omit the secret_key from your config at compile time, Guardian should correctly fetch it from the env at runtime. The compile time envs should only be used at compile time by the macro. With the change to use compile_env elixir now tools like Mix will store the values used during compilation and compare the compilation values with the runtime values whenever your system starts, raising an error in case they differ.
This properly why you get an error.

Would mind trying to not set the secret key at compile time and only at runtime.

from guardian.

# config/config.exs
config :photon, PhotonPerm.Guardian,
  issuer: "PFF.Photon"

with

# config/runtime.exs
config :photon, PhotonPerm.Guardian,
  ttl: {14, :days},
  secret_key: System.fetch_env!("SECRET_KEY_BASE")

Has the same issue:

* Compile time value was set to: [issuer: "PFF.Photon"]
* Runtime value was set to: [issuer: "PFF.Photon", ttl: {14, :days}, secret_key: "xxx"]

from guardian.

This is impacting us as well and I don't think the changes that were made are actually intended...

Just spelunking in the code a bit here:

https://github.com/ueberauth/guardian/blob/master/lib/guardian.ex#L343

      # Provide a way to get at the configuration during compile time
      # for other macros that may want to use them
      @config fn ->
        the_otp_app |> Application.compile_env(__MODULE__, []) |> Keyword.merge(the_opts)
      end
      @config_with_key fn key ->
        @config.() |> Keyword.get(key) |> Guardian.Config.resolve_value()
      end
      @config_with_key_and_default fn key, default ->
        @config.() |> Keyword.get(key, default) |> Guardian.Config.resolve_value()
      end

^^^ I don't see anywhere that this is used.

And the problem is actually this code itself I think. It's not obvious to me what this is being used for but I think it's the issue.
@doomspork can you comment on where @config is used?

I think the way to resolve this is to just delete that code. I think that Elixir releases means that it no longer behaves the way it was intended 5 years ago when it was written.

(but I could totally be wrong because it's not clear to me what uses it.)

from guardian.

Digging a bit deeper it looks like permissions uses @config_with_key. But I think it can be refactored so that it uses a function. @config_with_key_and_default isn't used.

If permissions really needs this at compile time maybe we could compile_env for just that one key?

from guardian.

# config/config.exs
config :photon, PhotonPerm.Guardian,
  issuer: "PFF.Photon"

with

# config/runtime.exs
config :photon, PhotonPerm.Guardian,
  ttl: {14, :days},
  secret_key: System.fetch_env!("SECRET_KEY_BASE")

Has the same issue:

* Compile time value was set to: [issuer: "PFF.Photon"]
* Runtime value was set to: [issuer: "PFF.Photon", ttl: {14, :days}, secret_key: "xxx"]

Yea okay, this seems to not be intended. As @idyll writes looks like this compile time env vars are specific to the permission, the only concern I have is if some library users use this as well. I guess we can fix this up and cut a major release just to be sure?

from guardian.

I think we should be able to the compile_only only for the permission key of the environment, and then consider that to be the only compile time var atm.

from guardian.

That's my expectation. That should fix it.

from guardian.

Would any of you @idyll @geofflane be interested in fixing this or maybe @yordis. I have quite a busy schedule lately so I wont have time to look at this atm.

from guardian.

Something told me that the fix wouldn't work. I asked Jose about it, and he said it was safe to merge. My apologies.

This week I am in the middle of deploying a brand new system, so I don't have time, but I am more than happy to help with some code review.

If you want to take the lead, please do. Otherwise, let me see if I find some time for it.

from guardian.

I probably can look in a day. If someone gets to it before me, let me know.

from guardian.

# config/config.exs
config :photon, PhotonPerm.Guardian,
  issuer: "PFF.Photon"

with

# config/runtime.exs
config :photon, PhotonPerm.Guardian,
  ttl: {14, :days},
  secret_key: System.fetch_env!("SECRET_KEY_BASE")

Has the same issue:

* Compile time value was set to: [issuer: "PFF.Photon"]
* Runtime value was set to: [issuer: "PFF.Photon", ttl: {14, :days}, secret_key: "xxx"]

Any update here? Running into the same issue on our application with this exact same configuration

from guardian.

Took a stab at a PR for this. It's runtime behaviour so it's a bit hard to write tests around. Any help there would be appreciated.

from guardian.