richjdsmith

richjdsmith

Phauxth vs Coherence

I was hoping to discuss the merits between the two libraries. I’ve been comparing them for a greenfield project and as someone new to Elixir and Phoenix, I am struggling to see any major difference between them.

Things I see they share in common:

  • Both appear to be primarily front-end (not API) based - more for web apps versus API serving apps.
  • Both appear to be somewhat opinionated on context design.
  • Both have installers and seem straightforward to implement.
  • Both have both Authentication and Authorization built in.

Differences:

  • Phauxth seems to be more actively developed? Perhaps it is because it is because Phauth is newer or because the lead dev for Coherence is just tied up, but Coherence has had a security flaw open since August on github, whereas Phauxth seems to be regularly worked on by its maintainer.
  • Phauxth is significantly less popular than Coherence.

But I don’t know. As stated, I’m still a pretty darn Jr dev. I’m curious to get opinions from the community? I’m certainly not trying to pit them against each other - I appreciate any and all work done within this community as well as the OSS community in general! I’m just hoping to get someone to explain the differences so I or anyone else who sees this can choose the best option for their specific needs.

Thanks all! :slight_smile:

Most Liked

riverrun

riverrun

Hi, I’m the maintainer of Phauxth, and it’s nice to see a little bit of interest in it :blush:
I don’t really know enough about coherence to comment on it, so I’ll just make a few points about what I’m trying to achieve with Phauxth:

  • It should be secure. This obviously applies to the core library, but it also has an impact on how I write documentation. I think that the documentation should make developers aware of security concerns as well as inform them about the basic workings of the library (this is also an important part of Comeonin, another library I maintain).
  • It should be easy to use. Again, documentation is important here. Also, the API is very straightforward - the library consists of Plugs (which you call with plug) and verify/3 functions, which are called like normal functions (with params, context module and options as arguments).
  • It should be extensible / customizable. By default, the number of options are quite limited, but I aim to make it as easy as possible to extend the base functionality so that developers can achieve their various goals. For example, it takes little effort to use a token implementation for authentication, or add additional checks to the login function.

For more information, see this blog post or the Phauxth wiki.

If anyone has any questions, just let me know.

13
Post #6
LostKobrakai

LostKobrakai

Phauxth does not include authorization. It just gives examples on how to implement in it on top of phoenix and phauxth in userland.

OvermindDL1

OvermindDL1

As I recall coherence has only authentication, not authorization.

As for phxauth, I’ve not looked closely enough at it yet but I recall it doing only the absolute basics of authorization, not enough to really be useful except in the most basic of cases?

Phxauth is newer, hence more development and less usage thus far.

Personally neither are really a fit for what I need to do (API auth, non-local auth like oauth2 and so forth, in addition to needing detailed permission control for authorization).

Guardian is ‘mostly’ just JWT, useful in remote API’s, not in a local authentication system.

Uberauth is purely an authentication library, fantastic for front-end and back-end both, less useful than coherence for purely local logins, but absolutely fantastic for remote logins (like oauth2, ldap, whatever), doesn’t come with templates (which I actually prefer libraries not to come with).

Good to know, so yeah both phxauth and coherence are purely authentication (and coherence is local only, I think phxauth has ‘some’ remote auth support?).

Where Next?

Popular in Discussions Top

cvkmohan
The upcoming Phoenix 1.6 release looks very interesting. Became a habit to watch the commits - and - what they are bringing in. phx.gen...
New
Fl4m3Ph03n1x
Background This question comes mainly from my ignorance. Today is Black Friday, one of my favorite days of the year to buy books. One boo...
New
pillaiindu
I want to convert a Phoenix LiveView CRUD website to a CRUD mobile app. What do you think is the easiest way to do so?
New
ricklove
I was just introduced to Elixir and Phoenix. I was told about the 2 million websocket test that was done 2 years ago. From my research, t...
New
nburkley
AWS re:Invent is on at the moment with some interesting announcements. One new feature in particular is the Lambda Runtime API for AWS La...
New
IVR
Hi all, I’ve seen a number of related threads in the past, but I’d still be very curious to hear an up-to-date opinion on this topic. I...
New
boundedvariable
I am going through the kafka architecture. All the features what the kafka is providing are already in Erlang. I would like hear your opi...
New
acrolink
How does the two languages compare when it comes to server side application development? Any experiences or ideas? Thank you.
New
scouten
I’m looking for a host for the server part of a small (personal) side project that I’m working on. It’s currently written in Node.js and ...
New
kostonstyle
Hi all How can I compare haskell with elixir, included tools, webservices, ect. Thanks
New

Other popular topics Top

marius95
Hello everyone, I try to use an Javascript Event Handler in my root.html.leex file. Therefore I created a function in the app.js file: ...
New
siddhant3030
Hi, I have to write a raw query for one of my project. But till now I have used ecto queries and don’t have much experience writing raw ...
New
mcarvalho
What is the difference between System.get_env and Application.get_env? For example, what are best practices to use one versus another.
New
Fl4m3Ph03n1x
About me? ( if you have nothing better to do than reading about some random guy in the internet :stuck_out_tongue: ) Hello all, this is ...
New
chrismccord
This release brings a number of exciting features, including integration with the new Phoenix LiveDashboard and Phoenix LiveView. There h...
New
SoCreat
i’m a new one to elixir which editor can i use vs code? or atom? Thanks! :smiley:
New
klo
Got a question about when to concat vs. prepending items to list then reversing to achieve appending. So i know lists boil down to [1 | ...
New
PeterCarter
There are pre-rolled solutions for other frameworks that do work. However, Phoenix does not seem to have these. Have people had good expe...
New
hariharasudhan94
Lets say I have map like this fetching from my database %{"_id" => #BSON.ObjectId<58eb1a7a9ad169198c3dXXXX>, "email" => ...
New
vonH
In asking this question I am more interested about the expressiveness of the language itself and less concerned about the availability of...
New

We're in Beta

About us Mission Statement