richjdsmith

richjdsmith

Phauxth vs Coherence

I was hoping to discuss the merits between the two libraries. I’ve been comparing them for a greenfield project and as someone new to Elixir and Phoenix, I am struggling to see any major difference between them.

Things I see they share in common:

  • Both appear to be primarily front-end (not API) based - more for web apps versus API serving apps.
  • Both appear to be somewhat opinionated on context design.
  • Both have installers and seem straightforward to implement.
  • Both have both Authentication and Authorization built in.

Differences:

  • Phauxth seems to be more actively developed? Perhaps it is because it is because Phauth is newer or because the lead dev for Coherence is just tied up, but Coherence has had a security flaw open since August on github, whereas Phauxth seems to be regularly worked on by its maintainer.
  • Phauxth is significantly less popular than Coherence.

But I don’t know. As stated, I’m still a pretty darn Jr dev. I’m curious to get opinions from the community? I’m certainly not trying to pit them against each other - I appreciate any and all work done within this community as well as the OSS community in general! I’m just hoping to get someone to explain the differences so I or anyone else who sees this can choose the best option for their specific needs.

Thanks all! :slight_smile:

Most Liked

riverrun

riverrun

Hi, I’m the maintainer of Phauxth, and it’s nice to see a little bit of interest in it :blush:
I don’t really know enough about coherence to comment on it, so I’ll just make a few points about what I’m trying to achieve with Phauxth:

  • It should be secure. This obviously applies to the core library, but it also has an impact on how I write documentation. I think that the documentation should make developers aware of security concerns as well as inform them about the basic workings of the library (this is also an important part of Comeonin, another library I maintain).
  • It should be easy to use. Again, documentation is important here. Also, the API is very straightforward - the library consists of Plugs (which you call with plug) and verify/3 functions, which are called like normal functions (with params, context module and options as arguments).
  • It should be extensible / customizable. By default, the number of options are quite limited, but I aim to make it as easy as possible to extend the base functionality so that developers can achieve their various goals. For example, it takes little effort to use a token implementation for authentication, or add additional checks to the login function.

For more information, see this blog post or the Phauxth wiki.

If anyone has any questions, just let me know.

13
Post #6
LostKobrakai

LostKobrakai

Phauxth does not include authorization. It just gives examples on how to implement in it on top of phoenix and phauxth in userland.

OvermindDL1

OvermindDL1

As I recall coherence has only authentication, not authorization.

As for phxauth, I’ve not looked closely enough at it yet but I recall it doing only the absolute basics of authorization, not enough to really be useful except in the most basic of cases?

Phxauth is newer, hence more development and less usage thus far.

Personally neither are really a fit for what I need to do (API auth, non-local auth like oauth2 and so forth, in addition to needing detailed permission control for authorization).

Guardian is ‘mostly’ just JWT, useful in remote API’s, not in a local authentication system.

Uberauth is purely an authentication library, fantastic for front-end and back-end both, less useful than coherence for purely local logins, but absolutely fantastic for remote logins (like oauth2, ldap, whatever), doesn’t come with templates (which I actually prefer libraries not to come with).

Good to know, so yeah both phxauth and coherence are purely authentication (and coherence is local only, I think phxauth has ‘some’ remote auth support?).

Where Next?

Popular in Discussions Top

scouten
I’m looking for a host for the server part of a small (personal) side project that I’m working on. It’s currently written in Node.js and ...
New
jesse
Hi everyone, I hesitated to post this here because I don’t want you to think I’m spamming, but I’ve been working on a Platform-as-a-Serv...
New
AlexMcConnell
The reason that Rails is as popular as it is is because it’s very easy for relatively inexperienced developers to get a lot of work done....
588 19568 166
New
pdgonzalez872
If this has been asked here before, please point me to where it was asked as I didn’t find it when I searched the forum. Maybe a mailing ...
New
tmbb
This is a post to discuss the new Phoenix LiveView functionality. From Chris’s talk, it appears that they generate all HTML on the serve...
342 18146 126
New
Markusxmr
Since Drab has been developed for a while in the open, introducing the Liveview functionality in a way it happend appears to undermine th...
New
PragTob
Hello everyone, I know we had quite some threads (read through lots of them) about background job processing but it remains a hotly deba...
New
AstonJ
Seen any cool LiveView demos, sample apps or examples? Please post them here! :003:
New
eteeselink
Hi all, In the last days, two things happened: A blog post titled “They might never tell you it’s broken” made the rounds. It’s about ...
New
nunobernardes99
Hi there Elixir friends :vulcan_salute: In a recent task I was on, I needed to check in two dates which of them is the maximum and which...
New

Other popular topics Top

nobody
Hi! In PHP: $_SERVER[‘SERVER_ADDR’] - in Elixir? Searched the docs for ip address and the web, no good results. Thanks!
New
jononomo
I am trying to figure out how Mix knows whether the environment is test, dev, or prod – where is this set? Thanks.
New
vonH
When I run the Plug and I recompile I wind up having to use Ctrl C to quit iex and start again. Witht the help of rlwrap I can use the cu...
New
Brian
What is the proper way to load a module from a file in to IEX? In the python world, doing something like this pretty standard: from ....
New
lanycrost
Hi everyone! I need implement if…else if…else condition from my elixir code, and anymore of this control flow structures not work proper...
New
boundedvariable
I am going through the kafka architecture. All the features what the kafka is providing are already in Erlang. I would like hear your opi...
New
alice
Hey, Just curious what are the main benefits of Elixir compared to Clojure? When is Elixir more useful than Clojure and vice versa? Th...
New
freewebwithme
Using vs code and installed ElixirLS: support and debugger. And I got an error popped up on start up says Failed to run ‘elixir’ comma...
New
AngeloChecked
What learn first? Rust or Elixir Hi Elixir community! I’m here because i want learn a new language. I’m a junior developer and mainly i ...
New
dblack
I’ve got an issue with an app and I’ve no idea of how to troubleshoot it. I’m hoping someone here might have seen something similar. I p...
New

We're in Beta

About us Mission Statement