MarkHarper

MarkHarper

An upcoming authentication solution for Phoenix

Just came across this article today. I’m interested to see what people think. I’m currently using Pow, but it’s nice to know that a solution with a generator is coming in the future.

Most Liked

danschultzer

danschultzer

Pow Core Team

Interesting! Looking forward to see this in action.

Auth is so implementation specific that a scaffold makes sense, but I agree with @bennelsonweiss that rolling your own is risky if you are new to auth and security.

Even after years of dealing with this I still introduce vulnerabilities and miss things :smile:

16
Post #3
josevalim

josevalim

Creator of Elixir

I want to add a small remark on the “easily”. Updating on the library approach is not necessarily easy because the library may have moved to a new major version, it may have fixed bugs you were relying on, or it now depends on a dependency you are not ready to update yet.

When we did security releases with Devise, we had to provide patches/diffs for many versions back, because people were stuck on previous versions for many reasons. I would say applying a patch/diff is most likely the simplest way to fix a security issue, because you want to do the minimal change ASAP, and updating the package may bring unrelated changes unless you are running on the latest version and you just need to bump the patch release.

So from this particular perspective, I actually don’t worry about the generator approach. Especially because I expect the generators to be less prone to bugs due to the much smaller surface area.

My main concern with the generator approach is developers modifying the generated code in unsafe ways, which would be harder to do if the code is in a lib.

PJextra

PJextra

Will this authentication work out-of-the-box with LiveView and Phoenix Channels or do we need to handle that ourselves?

Where Next?

Popular in Discussions Top

crispinb
On reading dhh’s latest The One Person Framework it strikes me that Phoenix with LiveView is already pretty much this. However, never hav...
New
AstonJ
If a newbie asked you about Phoenix Contexts, how would you explain the basics to them? Feel free to be as concise or in-depth as you li...
New
lorenzo
Hey everone! I created a prototype for my app using Nodejs for the api. But the framework I chose wasnt great (in general theresnt any g...
New
AlexMcConnell
The reason that Rails is as popular as it is is because it’s very easy for relatively inexperienced developers to get a lot of work done....
588 19652 166
New
ejpcmac
I have discovered Nix last month and I am currently on my way to migrating to it—both on macOS at home and the full NixOS distrubution at...
New
shishini
I think this twitter post and youtube video didn’t get as much attention as I hoped I am still new to Elixir, so can’t really judge ...
New
hazardfn
I suppose this question is effectively hackney vs. ibrowse but we are at a point in our project where we have to make a choice between th...
New
chulkilee
Here are the list of HTTP client libraries/wrappers, and some thoughts on HTTP client in general. I’d like to hear from others how they w...
New
acrolink
How does the two languages compare when it comes to server side application development? Any experiences or ideas? Thank you.
New
New

Other popular topics Top

Patoshizzle
After calling mix ecto.create I get this error: 17:00:32.162 [error] GenServer #PID<0.412.0> terminating ** (Postgrex.Error) FATAL...
New
JeremM34
Hello, how can I check the Phoenix version ? Thanks !
New
stefanluptak
Hello everybody, usually, I use a 29" ultra-wide monitor for VSCode which can easily accomodate explorer (files panel) + file with code ...
New
msaraiva
Surface is an experimental library built on top of Phoenix LiveView and its new LiveComponent API that aims to provide a more declarative...
564 43757 214
New
gausby
I asked this very same question on twitter and got some interesting feedback, but I thought it would be a good question to ask here as we...
1207 39467 209
New
ashish173
I am using Ecto timestamps with postgres, I can see the timestamps() use the :naive_dateime but for my use case I wanted to store the ti...
New
bsollish-terakeet
Credo is smart enough to check for (something like) this: assert length(the_list) == 0 with this response: Checking if an enum is empt...
New
boundedvariable
I am going through the kafka architecture. All the features what the kafka is providing are already in Erlang. I would like hear your opi...
New
hariharasudhan94
Lets say I have map like this fetching from my database %{"_id" => #BSON.ObjectId<58eb1a7a9ad169198c3dXXXX>, "email" => ...
New
sergio
Kind of like when jquery came out, it was super necessary. Existing drag and drop libraries have a bunch of baggage to support old browse...
New

Latest on Elixir Forum

Elixir Forum

We're in Beta

About us Mission Statement