As far as I can tell, the only means for authenticating a user from their session is using Pow.Plug.authenticate_user/2, but this takes a Plug.Conn, not a socket. I want my user_socket.ex file to authenticate connections in the usual way in the connect/3 function generated by Phoenix, but I'm not sure how to do this with Pow.
I understand authentication is usually done in connect/3 using Phoenix.Tokens, but my session already contains a token created via the PowPersistentSession extension, and apparently it is unsafe to access the session in websockets anyway, due to cross origin attacks.
I'm not asking how I can access the session in a channel; I'm asking how I can authenticate a socket using Pow.
AFAIK, there's no simple way to authenticate a WebSocket connection using Pow because Phoenix does not expose the handshake phase of ws connections to the developer. The question is why you don't want to use the default token authentication strategy? The token authentication of Phoenix channels is pretty good as long as the key of signing the tokens is strong enough to prevent the client-side to forge a token.