How do you build authentication in your Phoenix project in 2024?

Phoenix Forum Questions / Help
,
1

Hi all,

If you were to start a new project today that requires a standard user/password authentication, PasswordLess (Magic Link) and a couple of social auth (Google and Facebook), which direction would you take?

  • Using a library such as uberauth or pow (or other)? why?
  • Use Assent with phx_gen_auth and do the plumbing yourself?
  • Build everything by yourself?
  • Any other solution that I am not seeing?

Bonus point if you have resources (blog posts/yt/books) talking about this :slight_smile:

Based on the articles I have found so far, and on what I read in several forums, phx_gen_auth + Assent + plumbing might be the “easiest” in the long term as I would have more control over my code?

Here are 2 articles that seem interesting and are pushing me in that direction:

Phoenix auth in 2024: password and provider based auth

and

How To Add Magic Link Login to a Phoenix LiveView App

Thank you in advance for your opinions and help!

PS: If I was brave enough I would add “Authorization” to this question, but let’s keep this for an other thread later :slight_smile:

2 Likes
2

I built an identity provider this year with passwords, passkeys, OIDC (Google/Apple), TOTP, recovery codes, and support for multiple email addresses per user. I chose phx.gen.auth, ueberauth, nimble_totp, and wax. I was already familiar with phx.gen.auth and ueberauth, and I felt this choice would give me a great level of flexibility and control. Magic links should be fairly easy to add to the application, if needed in the future. I haven’t worked with pow or assent before, though.

3 Likes
3

I would love to see you how you did that

2 Likes
4

Not ready to open source it yet?

5

Alas, it’s closed source. We talked about releasing an open source version of it at some point, but there are no concrete plans at the moment.

6

I’ve had better experience with assent (without pow) than with ueberauth. But it’s been a while, so I forgot the specifics. But somehow the lesser known assent (standalone) for OAuth clients is always overlooked, in preference of ueberauth. Probably because it’s not known that it can be had without Pow.

I’m curious if others had a similar experience (and help me refresh my memory).

1 Like
7

I recently open-sourced a library designed to make authentication effortless. It’s called Magic Auth, and it’s tailored to help developers set up authentication quickly and easily.

This library is particularly useful for rapid prototyping and building MVPs, but it’s also robust enough for use in production applications. The main goal of Magic Auth is to enable everyone to configure authentication in less than 5 minutes, streamlining the process and saving valuable development time.

You can also check out the presentation post here: Magic Auth - An Phoenix Authentication Library Designed for Effortless Setup 🚀.

I hope you find it helpful!

4 Likes