I would like to find out the best way to start working on a multi-tenant SaaS product involving Elixir’s full-stack.
In the past, I already asked here about authentication and authorization, but without real luck. I am aware of Pow, Guardian, Phx.gen.auth… but somehow I still have a feeling that I will need to develop 2 products. The first one is my idea about Saas, and the second one is something to cover all these things around security.
I was looking into Keycloak, but I would rather avoid another external dependency.
Current tooling gives you the impression that all we have is basic support. Like the majority of products and use-cases would be running backends with minimum support for auth. Am I wrong? I mean I know I am, but I would like to challenge someone to give some useful feedback. Is there any real guide or tutorial or course on topics like Phx.gen.auth…
So I would like to build SaaS and use it as a multitenant platform with all sorts of roles behind and other modern options. And all that to be production-ready.
I would really like to get some guidance on where to go from here.
Can you explain what “all sorts of roles behind and other modern options” is meant to mean? In my experience the reason why authentication/authorization libraries are often such a pain-point is that a library is used, which does handle that “stuff” just not in a way it would align well with project/business requirements – especially when faced with continuous development and maintenance.
I would be interested to understand more of your needs. What do you mean by multi-tenancy?
I have a simplistic understanding of multi-tenancy basically meaning that the app supports multiple accounts where each account has it’s own set of data including users. At least that’s how my app works. Each table has an account_id column, almost all context functions receive %Account{} as the first argument. I find that manageable, though my app is pretty small. I support username+password authentication plus access token based for the mobile app API. I’m not a fan of generators, but I mostly got my code out of phx.gen.auth.