MarkHarper
An upcoming authentication solution for Phoenix
Just came across this article today. I’m interested to see what people think. I’m currently using Pow, but it’s nice to know that a solution with a generator is coming in the future.
Most Liked
danschultzer
Interesting! Looking forward to see this in action.
Auth is so implementation specific that a scaffold makes sense, but I agree with @bennelsonweiss that rolling your own is risky if you are new to auth and security.
Even after years of dealing with this I still introduce vulnerabilities and miss things ![]()
josevalim
I want to add a small remark on the “easily”. Updating on the library approach is not necessarily easy because the library may have moved to a new major version, it may have fixed bugs you were relying on, or it now depends on a dependency you are not ready to update yet.
When we did security releases with Devise, we had to provide patches/diffs for many versions back, because people were stuck on previous versions for many reasons. I would say applying a patch/diff is most likely the simplest way to fix a security issue, because you want to do the minimal change ASAP, and updating the package may bring unrelated changes unless you are running on the latest version and you just need to bump the patch release.
So from this particular perspective, I actually don’t worry about the generator approach. Especially because I expect the generators to be less prone to bugs due to the much smaller surface area.
My main concern with the generator approach is developers modifying the generated code in unsafe ways, which would be harder to do if the code is in a lib.
PJextra
Will this authentication work out-of-the-box with LiveView and Phoenix Channels or do we need to handle that ourselves?
Popular in Discussions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #javascript
- #code-sync
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance








