danschultzer
Pow - Robust, modular, extendable user authentication and management system
None of the current solutions worked well for me, so I went ahead and built a user management system from scratch.
This project took far longer than I initially thought, and I would love to get some help to iron out everything. So please try it out and let me know what you think!
https://github.com/danschultzer/pow
https://hexdocs.pm/pow/
The latest release is a pre release version, but it is running in a production environment (we went away from a Coherence setup).
So what does Pow do (differently)?
Functional configuration
A huge issue with most libraries is the dependency on a global environment configuration. It becomes especially messy when dealing with umbrella apps. Pow handles configuration by passing it as an argument to all method calls (and with plug it’s passed in a private key). There’s also fallback to app-specific environment configuration by using :otp_app like Ecto/Phoenix.
Plug n’ play
Pow exposes only necessary files. It means that even views and templates for Phoenix aren’t generated unless required for customization.
Modular
Pow has been build with clear separation between Ecto, Plug, and Phoenix modules, so if/when deep customization is necessary, you can pull out any part and work with it.
Extendable
Out of the box, Pow does basic user and session management. But Pow has been made to be easy to extend. A reset password, email confirmation and remember me extension ships with it! Extensions are built as a separate system to keep the core of Pow lean and easy to understand.
Security
When working with user authentication, there can be many pitfalls. That’s why your user authentication library should do as much of the work as possible, so you don’t have to think about it. Pow is built with care for recommended best practice, and detailed in the readme.
Transparent
Pow attempts to give the developer full control and understanding of the API for Pow. For example, when you install pow, you’ll have to enable extension support yourself, so you understand the working parts. This it to remove as much “magic” as possible.
And a whole lot more
- Mnesia cache for distributed systems (and in general for production run)
- Near zero dependencies (
:ecto,:phoenixand:phoenix_htmlare currently required to compile, but I plan to make them optional) - Simple migration from Coherence
- Multi provider support with GitHub - pow-auth/pow_assent: Multi-provider authentication for your Pow enabled app · GitHub
- Alright! Go read the documentation already: Pow v1.0.39 — Documentation
Most Liked
danschultzer
Pow 1.0.3 released
Changelog: Github
Hex: https://hex.pm/packages/pow/1.0.3
PowInvitation
Now it is super easy to add an invitation system to your platform with Pow! Check out the documentation to see how easy it is to configure it for your exact needs: https://github.com/danschultzer/pow/blob/v1.0.3/lib/extensions/invitation/README.md
This has been a highly requested feature, and I’m happy that we finally got a flexible solution in Pow.
What’s next?
WebAuthn
WebAuthn standard has been finalized! I believe Pow should have built-in 2FA/password-less authentication support, and this is something I hope to look at soon. I would be grateful for any input.
There’s an issue for it here: WebAuthn and multi factor support · Issue #6 · pow-auth/pow · GitHub
Maintainers
So far this has been a self-funded project, and I’ve been fortunate enough to have enough time to work full time on this. However I’ll probably get back to my startup life soon, so I’ve worked hard to streamline the codebase, and made it easy for others to join in.
The best way to help out is to open PR’s or helping with issues. When you become familiar with how Pow works you will be invited to join as maintainer. Thanks!
Security audit
Pow definitely needs some eyes on security practices. @griffinbyatt is one of the few people I’ve seen doing this. If there’s any person or company that’s willing to put some time into this, I would be deeply grateful.
Happy coding ![]()
knowthen
brightball
@danschultzer just wanted to say thank you for your time spent developing and helping people with this project. It’s a real asset to the community.
Popular in Announcing
Other popular topics
Categories:
Sub Categories:
Forums
Popular Tags
- #ecto
- #liveview
- #troubleshooting
- #learning-elixir
- #deployment
- #library
- #erlang
- #testing
- #genserver
- #mix
- #absinthe
- #remote-other
- #otp
- #plug
- #how-to-question
- #macros
- #postgres
- #channels
- #elixirconf
- #exunit
- #discussion
- #code-sync
- #javascript
- #podcasts
- #onsite
- #dialyzer
- #docker
- #authentication
- #umbrella
- #full-time-contract
- #podcasts-by-brainlid
- #ecto-query
- #elixir-ls
- #phoenix_html
- #iex
- #blog-post
- #graphql
- #genstage
- #ai
- #websockets
- #supervisor
- #advent-of-code
- #elixirconf-us
- #distillery
- #processes
- #forms
- #api
- #metaprogramming
- #security
- #performance









