Boruta - Yet an other OAuth 2.0 provider

Hi there!

I’ve been working on an OAuth provider for quite a time now. I published a package including the functional core and its corresponding Ecto/Cache adapters. Being quite new in the Elixir world, all feedbacks are welcome !


The package is based on an hexagonal architecture, Application layer is still a work in progress.

I use the package for personal projects, the interface begins to be stable while I integrate it. If it looks good for you and want to integrate it do not hesitate to reach me out.

It was an happy journey developing the package as it was intended to have a use case in order to learn Elixir.


Thanks for sharing your library with us :slight_smile:

Whats is the meaning of Boruta?

Just a word of caution… Your package is a work in progress but already released as 1.0.0 and that means a stable library that is production ready.

In my opinion you should have started with 0.1.0.

Also, can you explain why the current libraries were not suitable for you?

1 Like

I use to start with 0.X releases. As I made breaking changes, I incremented the major version in order to impact that. Was not aware about the fact that 1.0 meant to be production ready. Application layer is decoupled from the core which is kind of stable with the use cases I faced, hence the release. That said there is no production use case yet.

Boruta is a demon guarding a castle in a small town in Poland. I have one representation of him by my home keeping me from bad fate. It is said that if you have such a demon at home nothing can happen to you.

Other packages might surely be suitable and easier to integrate, I built the package in order to test hexagonal architecture in such use case. It is suitable if you want to decouple users and authorization logic. It is better to test it too by Moxing the secondary adapters.

1 Like

Well, not really. 1.0.0 when using SemVer mean that the API is stable, and will not change as long as major version stays the same. It doesn’t say anything about “production readiness” nor even “stability” (depending on the definition of “stable”).

Actually he is a devil :wink: If you want to see more about it, then you can check out “Legendy Polskie” (Polish Legends) which is series of short movies (it was meant to be fully cinematic, but they canceled it):


In my opinion the common sense is that 1.0.0 means something that is production ready, at least is what I have seen in all my years amongst all developers I work with, in forums, etc., but I understand that others may see it differently.

SemVer is not a good standard, and a lot of developers and libraries use the x.y.z version scheme without necessarily understand it or even knowing that others may thing they are using it, and also a lot of developers give in their work a different meaning to each part of x.y.z, but less not start discussing SemVer here, because this thread is about Boruta :slight_smile: