Authentication and Authorisation - which Packages?

I’m know this is a duplicate post of sorts - but I would like to get a few opinions if I’m choosing the right packages after studying elixir, phoenix framework, and looking through this forum and a few tut’s - and after developing my app dev strategy.

My current goal is to build an app skeleton that I can use for different projects, all of which have auth in common.

My most ambitious project that I am working towards once I know more, is a SaaS app - where I have:

  • an admin app running on its own server(s) (reverse proxy, app, and db servers),
  • publicly accessible web page with user generated content - from free and paying users,
  • standard free users who can generate content.
  • paying tenants eg companies that can use their company name as a subdomain or .com/companyname, admin their own user base’s permissions for publishing content privately and publicly - with each tenant having its own db.

Perhaps all as umbrella apps?

My simplest project is just getting an app skeleton going that allows standard free users to join and generate content.

And my next - middle difficulty project - is creating the admin app as an umbrella app that connects to the user content generating app, allowing banning of users, eventually checking payment once the paying tenant app is released, etc.

I’ve started with Guardian, but after finding a previous discussion about auth and someone replying to a previous post of mine, it appears best suited for APIs.

From what I’ve read so far, at this time, Ueberauth_Identity, Coherence, and either Canary, Bodyguard, or Policy Wonk is a good combination.

Am I on the right track in choosing packages, or are there problems you can see?


I haven’t had a chance to read all the posts yet, but currently this is our main thread on authentication in Phoenix:

It’s quite possible that different packages will be favoured by different people (for different reasons or apps).

We also have a list of starter templates and example apps here :slight_smile:

Phoenix_Guardian - An example implementation of authentication in Phoenix using Überauth and Guardian by Daniel Neighman.

Openmaize-Phoenix - Examples of using Openmaize authentication / authorization library in a Phoenix web application by David Whitlock.

Hope these threads are of some use to you :slight_smile:


Thanks AstonJ,

I have read that thread on authentication several times and ended up rather confused, but I didn’t know about the wiki - useful to check against the list I have of open source elixir/phoenix framework apps I’ve found. I’ll try to find time to contribute to the wiki soon.

I guess I’m feeling a little overwhelmed in choices for authorization - Canary or Policy Wonk or Bodyguard, and a bit worried that whatever I choose won’t be maintained long enough or extensible/modifiable in the way I may need it to be, especially for the SaaS app. And then there’s the issue of how it may fit with the authentication package. But that’s reality, and I’m already amazed at how far I’ve got building with elixir and phoenix framework.

I’ll keep an eye on that thread.