3rd party auth / authz

Hi all,

I’m about to start a new site that will use Elixir / Phoenix and I’m exploring the use of 3rd party auth providers for it. When building a site, I normally just use Pow which I now understand quite well, however I would ideally like to offer things like 2FA / WebAuthN (Yubikey etc) for this new site as it’s going to contain fairly sensitive information and likely have to conform to some security guidelines (i.e. ISO27001 etc). Pow doesn’t seem to support WebAuthN / TOTP (although it is on the radar!).

I’m a bit lost in the number of options I have available to me. Ideally I’d like something open source and self hostable but with a cloud offering as well. Ory and Zitadel seem to fall into this category. It won’t need to function with a SPA as I’m planning on leaning heavily into LiveView.

Has anybody implemented third party auth recently and have some thoughts around this?

Some of the systems I’ve been looking at include:

  • Ory (I like the use of cookies for auth, no Elixir SDK though and I’m having some trouble understanding the auth flow)

  • Zitadel (Seems like I could just use Überauth to talk OAuth2.0 and get back user details which could be stored directly in a cookie)

  • Authelia (I use Caddy2 so the integration here is nice, however I have to maintain a YAML file of user logins?)

2 Likes

Auth0, no sdk, just make straight calls to their API and implement the cookie callbacks. Works great.

3 Likes