Phoenix authorisation decision process

Phoenix has always been a difficult system to manage when it comes to manage authorisation. There is a number of different libraries out there to enable such a thing. They are however limited depending on the scope or source of which the authentication data originates.

The idea is to generally store member groups in PostgreSQL and then use the information associated with user structs to perform decisions on what the user can or can not do. It is difficult to find or create the mappings for these ACL’s and also provide user interaction to them.

There is a application called open policy agent. It allows the creation of advanced ACL’s including attribute based authorisation workflows. It uses scripts written in a lightweight language called Rigo to define authorisations. These scripts can be delivered via http which make them easily interoperable.

I think it would be a good tool to use along side phoenix. Through the use of elixir’s pattern matching capabilities with phoenix authorisation can be simplified and also enhanced.

I think a library would be a good thing. That makes the interaction possible. I have not thought to write a library yet as I am not sure how the design would be. Open Policy agent is also not designed for this purpose but it has web compatible api’s. This means we able to integrate it within phoenix and elixir applications.

What do you think of the idea and whether or not it would useful.

1 Like