Has anyone successfully implemented client-side authentication and authorisation via Azure Active Directory (Azure AD)? I’ve been looking into the libraries shield, oidcc (Erlang library), oauth2, guardian and ueberauth today; trying to wrap my head around the essential differences between these libraries, and how to make use of them. Any advice and pointers would be greatly appreciated.
I’m finding it difficult to get a good understanding of how these libraries differ. It would be particularly useful if someone would be so kind as to highlight the important differences between the aforementioned libraries, to make it easier to understand their intended usages.
Edit: Below is a related thread, for future reference.
shield looks like an opinionated simple oauth2 and auth library only.
oidcc looks like an OpenID Connect client library (nothing else)
guardian is a token library (you really don’t need it in 99% of cases, don’t look at it unless JWT means something to you and you know the costs behind it)
ueberauth is an unopinionated authentication framework pluggable via a huge variety of strategies (and it’s easy to make your own), I’d use this one as the strategies means you can change and update auth far more easily.
More direct control can be good (although I always end up writing my own strategies for ueberauth anyway, super easy to do and you get that control back), but it also means that if you need to support other things then you have a lot more work you end up having to do. Either is fine depending on your expected current and future work though.
I only just saw this thread. I’m in the process of publishing an Azure Active Directory authentication library for ueberauth right now! Still has a bit of work to go, mostly around testing and documentation.
Oh! Right… I also discovered that after a while. It was a bit difficult to find, because the name and repo tags didn’t include “Azure” or “Azure AD,” etc. There was a conversation about that in a different forum thread. Also, since this topic was created, Pow has also entered the scene.
one thing I’ve noticed with the other ueberauth library is it seems to have far fewer validations in the callback for the token than mine. Has me wondering whether the extra validations were necessary.
@danschultzer@IRLeif do you guys want me to refactor out my validation stuff into a separate repo that everyone can use? I think it should be possible to write it in a way that is usable for anyone using openid, not just Azure Active Directory.