Authentication scenario in Phoenix

Hello!
Now i have minimal Phoenix app configured with Webpack and React. And i don’t understand how to realize authentication in the best way.

  1. Is needed Authentication API? In future will be realized mobile clients, so here it’s needed. But what about my browser client?

  2. Which good solutions(i mean packages) can be used for that task?

I would highly recommend reading through https://pragprog.com/book/phoenix14/programming-phoenix-1-4 as it covers A to Z of Phoenix development. It’s my desk book I’m returning to for a while now.

Answering your question, I would suggest looking at https://github.com/riverrun/comeonin for your authentication needs if you need it to be done in a classic way. If all you need is Basic HTTP Auth using the standard browser dialog, here’s an article on Medium you may find helpful – https://medium.com/@paulfedory/basic-authentication-in-your-phoenix-app-fa24e57baa8 .

1 Like

thank u

@helicon interestingly I had this same question a few weeks back and decided to document my travels :wink:

note: this blog shows how to setup very simple cookie based authentication w/ Phoenix using an html login form. Feedback welcome (good/ bad/ ugly)

https://toranbillups.com/blog/archive/2018/11/18/implementing-basic-authentication/

For mobile authentication you have too choices:

  1. Authentication screen is native UI - credentials are sent to your server using REST
  2. Loading the UI in a Webview, and programmatically get the cookie in your mobile app upon a specific event (e.g. when redirecting to the success page)

Native UI forces you to duplicate some code (web + api authentication endpoints) whereas the webview might not be so good on a UI/UX perspective (at least you’ll need to work out the login view to make it fit mobile screens and UX). Both solutions are ok as long as you own all of apps, i.e. no third-party (Openapish) accessing your data.

How do you intend to access data from your mobile app? Loading web pages and parsing them? Or on dedicated APIs?

Should you have app on different domains (cookies are not shared between domains) or you want to allow access to third-parties, you might consider using OAuth2 & OpenID Connect.