theagilecoder
Creating authentication from scratch in Phoenix is way too hard. Looking for advice...
I recently spent a few weeks studying Programming Elixir book by Dave Thomas and enjoyed it quite a lot. Now I am going through Programming Phoenix book and after cruising through the first 4 chapters, I am having tremendous difficulty in grasping chapter 5 which deals with creating authentication from scratch. I have prior experience in Rails and I had a similar experience when I learnt it from Micheal Hartl’s excellent RoR book. Eventually, I learnt devise so now knowing Authentication deeply didn’t hurt me I guess. My question is if I give up on this chapter and carry on and learn ueberauth and guardian, will I be fine ? My goal is be able to build well Authenticated web app and APIs in Phoenix.
Most Liked
danschultzer
I would recommend strongly against rolling your own authentication, especially for production apps. It’s a great exercise, but it’s not something you usually should have to mess with when actually building an app.
I would use any good open source auth system, ideally one that has security audits. Guardian and ueberauth may work well for you, but you should read up on them. Guardian is based on JWT, and it didn’t work for the kind of apps I was building.
I ended up writing Pow that uses short lived sessions by default. I wanted to have an auth system where I didn’t have to think of the internals, and that I can spin up in seconds for a new project ![]()
You can use Pow with Guardian though if you need JWT. It’s not one or the other.
jsm
Rolling your own is a lot of fun though
and I’ve learned a LOT by giving it a go once upon a time. However, I agree that it is generally a bad idea if you are trying to make a production-grade app. Didn’t know about pow, will definitely check that out!
Phillipp
Personally, I don’t like to use external packages for auth stuff. Especially those bigger packages that come with own migrations, controllers and templates. Customizing it takes 5x longer than building the stuff I need. I also want to keep control over how the data is handled and stored.
I am not saying the packages out there are ****, I just don’t feel comfortable using them.
Popular in Questions
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #elixirconf-us
- #advent-of-code
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #hex









