Best Authentication in 2022

What is the best “tech” for authentication in Elixir Phoenix?
My main concern is security and what is best for so-called "enterprise" -grade applications.

I see a few options:
a) “new” mix phx.gen.auth
b) Elixir library, like Guardian
c) 3rd party service, ie. OAuth0, Okta, AWS Cognito.

I would prefer Cookies sessions over JWT. Also, I’m aware that I need to take care about other issues, ie. XSS, CORS, etc. to make the application secure.


I’m returning back to the Elixir and Phoenix after 2 years break, so I need to catch up a bit.

2 Likes

Hello @tomantas, maybe this link will be useful for you.
https://hexdocs.pm/phoenix_live_view/security-model.html

3 Likes

Why not start with Phoenix auth and see how you get on? Personally I am a fan of rolling your own auth (or in this case, using Phoenix auth as a starting point). Adding auth to Phoenix was at the top of my wish list for ages, so you can imagine how pleased I was to see it :smiley:

4 Likes