Blog Post: Phoenix auth in 2024: password and provider based auth with phx.gen.auth

Hi! :wave:
I wanted to refresh my knowledge on how to mix phx.gen.auth with local password users db, as well as OAuth providers such as Github, and wrote a guide on this in the end.
Hope it helps in some confusion around the topic I have seen on Elixir Forum!

14 Likes

Thanks for sharing. This is handy - I’m new to Elixir/Phoenix and was a little bewildered by the choice of auth libraries. For now I’ve just been using phx.gen.auth but would like to add social auth at some point so will be referring to this.

1 Like

This guide uses :rand.bytes/1 to generate a password.

https://www.erlang.org/doc/apps/stdlib/rand

not cryptographically strong

The auto-generated code they are discussing uses :crypto.strong_random_bytes, just like the erlang docs recommend.

It is easily changed, but this is meant to be an auth guide.

2 Likes

@slouchpie thanks for a peer review! :clap: Indeed a grave mistake on my part. Now updated.

4 Likes

A swift and honourable response. You have my respect.

2 Likes

this is such a good blog post. Thanks!

Thanks , very helpful blog. I think we need something for 2FA “Two factor authentication”.
It is becoming increasingly a security requirement for sensitive/super users access to applications.

There is a lot of work done for this already.

Check this discussion:

https://elixirforum.com/t/i-added-2fa-to-the-phx-gen-auth-generator/63914/2

and this PR: