theagilecoder

theagilecoder

Creating authentication from scratch in Phoenix is way too hard. Looking for advice...

I recently spent a few weeks studying Programming Elixir book by Dave Thomas and enjoyed it quite a lot. Now I am going through Programming Phoenix book and after cruising through the first 4 chapters, I am having tremendous difficulty in grasping chapter 5 which deals with creating authentication from scratch. I have prior experience in Rails and I had a similar experience when I learnt it from Micheal Hartl’s excellent RoR book. Eventually, I learnt devise so now knowing Authentication deeply didn’t hurt me I guess. My question is if I give up on this chapter and carry on and learn ueberauth and guardian, will I be fine ? My goal is be able to build well Authenticated web app and APIs in Phoenix.

Most Liked

danschultzer

danschultzer

Pow Core Team

I would recommend strongly against rolling your own authentication, especially for production apps. It’s a great exercise, but it’s not something you usually should have to mess with when actually building an app.

I would use any good open source auth system, ideally one that has security audits. Guardian and ueberauth may work well for you, but you should read up on them. Guardian is based on JWT, and it didn’t work for the kind of apps I was building.

I ended up writing Pow that uses short lived sessions by default. I wanted to have an auth system where I didn’t have to think of the internals, and that I can spin up in seconds for a new project :grin:

You can use Pow with Guardian though if you need JWT. It’s not one or the other.

jsm

jsm

Rolling your own is a lot of fun though :slight_smile: and I’ve learned a LOT by giving it a go once upon a time. However, I agree that it is generally a bad idea if you are trying to make a production-grade app. Didn’t know about pow, will definitely check that out!

Phillipp

Phillipp

Personally, I don’t like to use external packages for auth stuff. Especially those bigger packages that come with own migrations, controllers and templates. Customizing it takes 5x longer than building the stuff I need. I also want to keep control over how the data is handled and stored.

I am not saying the packages out there are ****, I just don’t feel comfortable using them.

Where Next?

Popular in Questions Top

nobody
How to bind a phoenix app to a specific ip address? could not find anything about that, nowhere, unfortunately, but for me this is quite...
New
baxterw3b
Hi guys, i’m new in the Elixir world, and i have to say, that i love it! i’m having some problem to understand anonymous functions with ...
New
sen
Hi All, I set a environment variables in dev.exs , like below code. when i start server, how can i set the ${enable} value? thanks. d...
New
JeremM34
Hello, how can I check the Phoenix version ? Thanks !
New
mgjohns61585
Could someone help me? I’m making my first elixir program, number guessing game. I can’t figure out how to convert the user’s guess from ...
New
stefanchrobot
What’s the safe way to decode a JSON string into a struct? I want to avoid calling String.to_atom. Jason.decode can give me a map with st...
New
fayddelight
I tried installing elixir 1.11.2 erlang 23.3.4 via asdf in my zsh shell. Enabled the versions locally and globally. When I list them ...
New
dotdotdotPaul
Okay, I’m having a heck of a time trying to figure out how to best handle the validation of belongs_to associations in Ecto. I’m sure I’...
New
earth10
Hi, I’m just starting to build a side-project with Elixir and Phoenix and doing some basic test with Elixir alone. What strikes me is th...
New
vegabook
I’m brand new to Phoenix and I have stripped one of the demo applications to the bone. I just want to get an svg up on the screen. Here i...
New

Other popular topics Top

Nvim
Anybody knows a comprehensive comparison of Django and Phoenix, thanks for the help. Where are they similar? Where do they differ the m...
New
gshaw
What is the idiomatic way of matching for not nil in Elixir? E.g., First way: defp halt_if_not_signed_in(conn, signed_in_account) when...
New
sen
Hi All, I set a environment variables in dev.exs , like below code. when i start server, how can i set the ${enable} value? thanks. d...
New
Patoshizzle
After calling mix ecto.create I get this error: 17:00:32.162 [error] GenServer #PID<0.412.0> terminating ** (Postgrex.Error) FATAL...
New
Lily
In templates/appointment/index.html.eex: <%= for appointment <- @appointments do %> <tr> <td><%= appoi...
New
joeerl
Hello again - after a longish gap I’ve decided I really must dig into Elixir and see what’s been happening here - so I have a few questio...
New
vonH
When I run the Plug and I recompile I wind up having to use Ctrl C to quit iex and start again. Witht the help of rlwrap I can use the cu...
New
fayddelight
I tried installing elixir 1.11.2 erlang 23.3.4 via asdf in my zsh shell. Enabled the versions locally and globally. When I list them ...
New
KronicDeth
Elixir plugin for JetBrain’s IntelliJ Platform (including Rubymine) This is a plugin that adds support for Elixir to JetBrains IntelliJ...
289 36432 110
New
komlanvi
Hi everyone, I was playing with phoenix liveView but I run into an issue. I have a form and want to validate each input text when the te...
New

We're in Beta

About us Mission Statement