MarkHarper

MarkHarper

An upcoming authentication solution for Phoenix

Just came across this article today. I’m interested to see what people think. I’m currently using Pow, but it’s nice to know that a solution with a generator is coming in the future.

Most Liked

danschultzer

danschultzer

Pow Core Team

Interesting! Looking forward to see this in action.

Auth is so implementation specific that a scaffold makes sense, but I agree with @bennelsonweiss that rolling your own is risky if you are new to auth and security.

Even after years of dealing with this I still introduce vulnerabilities and miss things :smile:

16
Post #3
josevalim

josevalim

Creator of Elixir

I want to add a small remark on the “easily”. Updating on the library approach is not necessarily easy because the library may have moved to a new major version, it may have fixed bugs you were relying on, or it now depends on a dependency you are not ready to update yet.

When we did security releases with Devise, we had to provide patches/diffs for many versions back, because people were stuck on previous versions for many reasons. I would say applying a patch/diff is most likely the simplest way to fix a security issue, because you want to do the minimal change ASAP, and updating the package may bring unrelated changes unless you are running on the latest version and you just need to bump the patch release.

So from this particular perspective, I actually don’t worry about the generator approach. Especially because I expect the generators to be less prone to bugs due to the much smaller surface area.

My main concern with the generator approach is developers modifying the generated code in unsafe ways, which would be harder to do if the code is in a lib.

PJextra

PJextra

Will this authentication work out-of-the-box with LiveView and Phoenix Channels or do we need to handle that ourselves?

Where Next?

Popular in Discussions Top

vans163
So useless benchmarks aside, Its possible to write a webserver that can serve 300k requests per second (perhaps more with optimizations)....
New
AngeloChecked
What learn first? Rust or Elixir Hi Elixir community! I’m here because i want learn a new language. I’m a junior developer and mainly i ...
New
nburkley
AWS re:Invent is on at the moment with some interesting announcements. One new feature in particular is the Lambda Runtime API for AWS La...
New
AstonJ
If a newbie asked you about Phoenix Contexts, how would you explain the basics to them? Feel free to be as concise or in-depth as you li...
New
New
Qqwy
I would like to spark a discussion about the static access operator: .. For whom does not know: it is used in Elixir to access fields of...
New
restack_oslo
Hello, Please pardon me for any faux paux. I am 46 and this is my first time on a forum of any kind. I wanted to to get answers from tho...
New
RudManusachi
What configs will make sense to put to runtime.exs? – A bit of how I configure apps: I have generic configs in config/config.exs, dev...
New
ben-pr-p
In general I’ve been sticking to this community style guide GitHub - christopheradams/elixir_style_guide: A community driven style guide ...
New
acrolink
How does the two languages compare when it comes to server side application development? Any experiences or ideas? Thank you.
New

Other popular topics Top

aadeshere1
I have a another noob question about loop. Since elixir is immutable, while loop is not directly possible. total = 10 while total != 0 ...
New
gshaw
What is the idiomatic way of matching for not nil in Elixir? E.g., First way: defp halt_if_not_signed_in(conn, signed_in_account) when...
New
electic
Hi, I am new to Elixir. I am trying to use the DateTime component to insert a date into MySQL however the there seems to be no way to fo...
New
minhajuddin
I have seen a lot of code which picks the first element from a list using Enum.at(0) instead of List.first. Is there a reason why people ...
New
vrod
I am using the Starship cross-shell prompt – it seems pretty nice, but I get some errors: [WARN] - (starship::utils): Executing command ...
New
alice
Hey, Just curious what are the main benefits of Elixir compared to Clojure? When is Elixir more useful than Clojure and vice versa? Th...
New
grych
Hi folks, Few months ago I have announced the proof-of-concept of the library to manipulate the browsers DOM objects directly from Elixi...
639 52341 488
New
sergio_101
I am VERY much an elixir newbie. I have taken one elixir course and one phoenix course on Udemy. During that course, I saw the instructor...
New
dblack
I’ve got an issue with an app and I’ve no idea of how to troubleshoot it. I’m hoping someone here might have seen something similar. I p...
New
joaquinalcerro
Hi there, I am working with Ecto-Postgresql and I need to call all of the records from a specific table but the table has 40,000 records...
New

We're in Beta

About us Mission Statement