Phoenix - authentication

Hi,

I am pretty new to Phoenix Authentication and would just like to ask what packages/combination you guys are usually using for…

1.) Basic auth - username/email, password authentication. I saw here some examples, but I would like to have more than 1 user in config. Like a system with email/pass entries in DB?

2.) More sophisticated auth - like OAuth2 (providers like github, fb,…)

3.) API authentication

I would really appreciate some suggestions here. Currently mostly need no. 1, but suggestions for 2 and 3 are more than welcome.

Thanks in advance!

Best,
Tomaz

For 2, there is Ueberauth.
For 3, there is Phoenix token

I am not using basic auth, but if I should, I would probably use a homemade solution, storing auth info into session. As I would do for a Rails application.

Please note also Guardian that might be useful in some scenario.

There’s also quite a big thread on auth that you might want to look at:

I recommend using Phauxth

I would say guardian and ueberauth covers all three points. Currently using this auth system in multiple projects and no issues occurred till now.

I have been using phauxth in a new project and it is the best I have used IMHO, integrates easy, very simple to understand/extend. I also have used guardian which is good, and coherence which is also good, but more “full featured” and a bit more rigid than I like. I am planning to write a blog series on the very topic, however been caught up with work lately - first post is here though if you want to check it out (shameless plug) phoenix auth part one

Cheers!

So far I’ve only used HTTP Basic auth via simple webserver (Hiawatha) configuration in a file for an API, which allows for differing usernames and passwords to be set.

As a beginner needing to add authentication in-app soonish I’m looking forward to your posts, especially on using Phauxth. I’ve subscribed to your blog. Congratulations on your new arrival.

Thanks!

I’ll try and get on it as soon as I can , let me know if there is anything I missed when I get them up!

Cheers

Hi guys… I’ve tried this “phauxth” package/project and it looks really good. I tried and run it… and first impressions are that this is exactly what I needed for “basic” username/password authentication.

Thank you all for your shared knowledge.

Best,
Tomaz

Hi,

I got some time today so I wrote that post for you. Hope it helps. Let me know if you need anything else clarified. Here is the post: Part Two - Phauxth

Cheers!

Oh wow - thanks! This looks like just the sort of thing that will help me. I’ll read and follow along with your instructions soon.

Over the past 2 months I’ve switched entirely over to https://github.com/maxneuvians/idq_auth because you don’t have to worry about storing passwords and password resets and because it’s pretty much copy and paste to get authentication going.

Disclaimer: I work for the company building the idQ TaaS service.

Yeah, I haven’t done any review about Oauth yet.

I (finally) got part three out, sorry for the absurd delay. I’ll try and get the rest finished in a more timely fashion and not post updates here.

I recommend this library https://github.com/scrogson/oauth2 for OAuth2 integration.

Hi @kokolegorille,

would you mind me asking if these would still be your go-to approaches today?

Thank you.

There are projects I did not mention when the topic was made.

• phauxth, https://github.com/riverrun/phauxth
• pow, Pow: Robust, modular, extendable user authentication and management system

As I don’t need Oauth, I don’t use Ueberauth. I have rolled my own, one for session based auth, and one for token based auth. It has been working for web client, spa client, and mobile client as well.

If You don’t feel confident in rolling your own, I would advise to look at those 2 librairies

Great, thank you very much