I just pushed the start of a little experiment in authentication: AuthPipe
Up until now, I’ve used Ueberauth in projects, and made a toy with Coherence to try it out … but nothing really “clicked” with me, to be honest. Ueberauth is amazingly capable, but when I just want to do local authentication using Ecto it is a little “messy”. It also doesn’t provide a built-in path that I could see to do things like 2FA/MFA, etc.
I have done auth over websockets with Ueberauth, but found I wasn’t really using Ueberauth much in those cases other than for a couple of convenience methods.
Also, I have this personal itch to scratch: I’d like to have MFA on my mail (and other) servers that don’t natively provide anything of the sort because they are from the digital stone age.
Finally, I wanted something as easy as Plug. Specifically I want to be able to do something like:
defmodule AuthDef do
use AuthPipe
auth_stage :session_token, required: false
auth_stage :captcha
auth_stage :password, implicit: true
end
… and be done! I want to be able those definitions to be usable over raw TCP, websockets or HTTP; I want to change up those pipelines at will; and I want to be able to re-use the code behind the stages as much as possible.
On the other hand, while I don’t want to write mechanics to active accounts via email (i.e.), I also don’t want a framework that injects HTML forms or other UI into my projects. I want something purely data-centric, leaving the front-ends to each aplpication. It won’t always be HTML, after all … I have mobile and desktop apps to worry about as well, and I do use different HTML/JS frameworks between projects. There is no one-sized fits all there, even if the data being passed around is identical.
On that note, I also wanted something where the client could negotiate with the server as to what challenges it can accept and which not, and for the authentication pipeline to accept that negotiation or not. This will allow me to hook up my stupid IMAP server to it, as well as offer different features between web/mobile/desktop apps.
But still simple. Yes, I want it all! The moon and the stars!
Therefore AuthPipe … I have gotten the core sketch of the infrastructure more or less completed, as you can see in the tests. It’s an amazingly small amount of code, really. Next I will begin implementing some actual authentication stages, starting with a passwords-via-Ecto one.
Things will certainly change between now and the weeks to come, that’s how it goes, but I’m relatively happy with the general design sketch. So, in the spirit of release-early/release-often, I thought I’d put this out there now, despite being still firmly in experimental stages, for your feedback and thoughts should you have any. Code is also more than welcome, though at this stage be prepared for an infinite number of paper cuts