Canary vs Bodyguard, thoughts and suggestions

Recently I’ve been wondering which of these two libraries would be the most recommended for resource authorisation, regardless of the app purpose (but maybe taking into account different app sizes and structures).

I would very much like to know your thoughts about these two libraries, and what are the reasons one should choose one of them over another:

At a first glance (not having used any), the best thought I can have is: the first one (Bodyguard) seems a little less invasive, simpler and easier to test, but also harder to find rules and maintain, and the latter (canary) makes authorisation more centralised (thus making its rules easier for modification and maintenance).

Thanks in advance.


We’ve been using and it works pretty well. I haven’t checked out bodyguard though.


I just use my own built on my permissions_ex matcher library combined with bog-standard phoenix tokens.

1 Like