Hi. I am new to Elixir and I’m trying to build a REST api as a hobby/ learning project. The recommendation I found in the forums for implementing auth is to go the phx.gen.auth route and amend as necessary to suit REST workflow (I suspect Phoenix.Token would be of help here). Because I generated the project with --no-html --no-assets flags it seems the phx.gen.auth is not available. Can I ask what is the recommended solution in such case? Would I have to add html (I wanted to keep the project lean)? Would I build the auth from scratch using Phoenix.Token (I imagine as a plug)? Or maybe this is too much to implement and properly set up for a beginner? I am not a commercial programmer and I’ve had limited exposure to auth implementations (Python Flask, Flask-RESTful and FastAPI) and following the guides and sample/ toy projects for these technologies adding auth seemed fairly trivial (with the complexity hidden within libraries), so I am quite surprised to hit a bit of a roadblock in Phoenix. Thanks in advance for any help
The sooner you get acquainted with Plug and its functions the better off you’ll be, as you’ll see how Phoenix builds on-top of it.
So yes, you would build the Auth from scratch with a Plug using Phoenix.Token.
Here are some guides that I think would be useful as reference.
If you don’t want to roll your own, then guardian may be what you’re interested in using, which can hide some of the implementation details like the previous languages you’ve worked with.
There are other auth libraries to use as well. I can’t vouch for any of them. I’ve not used Guardian before, but looking around the forum Guardian is the one I see come up.
Thanks for a quick response and the necessary resources.
I did come across guardian and some other propositions, but I think I’ve read Jose Valim saying that in this case the best library is no library (hence the auth generator). My only worry was that as a noob I may miss on some edge cases building it from scratch as a Plug. I guess I will give it a try and I’ll treat guardian as a fallback alternative.
Thanks for help
