I’m working on a toy project and I’d like to add user authentication to regulate the access to its Phoenix API.
As a starting point, I found this post and I like the approach it proposes.
I also found that Phoenix has the facility to generate tokens (Phoenix.Token
). I see that the post I linked above uses SecureRandom
to generate tokens. Is it recommended to use the output of Phoenix.Token.sign
instead? Given that it allows to check whether the token is expired or not it seems to be strictly better than a random number. That would also save me from needing to keep track of the active sessions in the database.
That approach should cover pretty much all I need. Later on I might want to invalidate tokens if the user explicitly logs out, but I could easily do that with a blacklist.
So, everything is good but that I also found out that there are a several competing authentication libraries and I wanted to check if any of those is the primary choice of the community and it’s recommended over the approach I’m thinking of adopting.