leifericf
Authentication and authorisation via Azure Active Directory (Azure AD)
Continuing the discussion from Ueberauth, Ruby CAS and other SSO options for Elixir or Phoenix:
Has anyone successfully implemented client-side authentication and authorisation via Azure Active Directory (Azure AD)? I’ve been looking into the libraries shield, oidcc (Erlang library), oauth2, guardian and ueberauth today; trying to wrap my head around the essential differences between these libraries, and how to make use of them. Any advice and pointers would be greatly appreciated.
I’m finding it difficult to get a good understanding of how these libraries differ. It would be particularly useful if someone would be so kind as to highlight the important differences between the aforementioned libraries, to make it easier to understand their intended usages.
Edit: Below is a related thread, for future reference.
Marked As Solved
OvermindDL1
shield looks like an opinionated simple oauth2 and auth library only.
oidcc looks like an OpenID Connect client library (nothing else)
guardian is a token library (you really don’t need it in 99% of cases, don’t look at it unless JWT means something to you and you know the costs behind it)
ueberauth is an unopinionated authentication framework pluggable via a huge variety of strategies (and it’s easy to make your own), I’d use this one as the strategies means you can change and update auth far more easily.
Also Liked
whossname
I only just saw this thread. I’m in the process of publishing an Azure Active Directory authentication library for ueberauth right now! Still has a bit of work to go, mostly around testing and documentation.
https://github.com/whossname/ueberauth_azure_ad
Functionally the main thing missing is validation for the nonce and some error handling.
OvermindDL1
More direct control can be good (although I always end up writing my own strategies for ueberauth anyway, super easy to do and you get that control back), but it also means that if you need to support other things then you have a lot more work you end up having to do. Either is fine depending on your expected current and future work though.
leifericf
Solid advice, thanks again.
I’ll probably go for ueberauth, looking at the existing strategies to get some ideas on how it’s done.
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance









