danschultzer
PowAssent: Instant multi-provider support for Pow
Multi-provider support for Pow with out-of-the-box support for many providers. I finally got a 0.1.0 release up today, and I hope some of you will find it useful ![]()
Please let me know if there’s anything that can be improved in the docs or with features. Thanks!
https://github.com/danschultzer/pow_assent
https://hexdocs.pm/pow_assent/
Pow thread: Pow - Robust, modular, extendable user authentication and management system
PowAssent details
Base strategies
- OAuth 1.0
- OAuth 2.0
Strategies
- Azure AD
- Basecamp
- Discord
- Github
- Slack
- VK
Few dependencies
PowAssent has nearly no dependencies. :httpc is used as the default HTTP client with built-in SSL validation!
Mint can be added for HTTP/2 support.
Can PowAssent be used without Pow?
Yes! You can use any strategy directly:
config = [
client_id: "REPLACE_WITH_CLIENT_ID",
client_secret: "REPLACE_WITH_CLIENT_SECRET",
]
{:ok, %{conn: conn, url: url}} = PowAssent.Strategy.Github.authorize_url(config, conn)
case PowAssent.Strategy.Github.callback(config, conn, params) do
{:ok, %{conn: conn, user: user}} -> # …
{:error, reason} -> # …
end
I’ve been using this technique for a lean super admin login.
What about Ueberauth?
You can use Ueberauth with Pow, or add a custom strategy that uses Ueberauth underneath!
However, most strategies uses the OAuth protocols, and it’s much easier to just add your custom strategy. It takes no time to set up. Pull requests are welcome!
A big difference from Ueberauth is that PowAssent is self contained. Strategies are built-in and consists of very little code. They rely on base strategies like OAuth or OAuth2 to do the heavy lifting. All strategies are consistent, and e.g. switching out underlying HTTP client or JSON library is no problem. Unfortunately with Ueberauth you’ll have several different dependencies that each handle things differently. This may also cause dependency conflicts.
Adding a custom strategy
Provider support is super easy. You just need to write one (tiny) module:
defmodule MyApp.CustomStrategy do
use PowAssent.Strategy.OAuth2
def default_config(_config) do
[
site: "https://api.example.com",
user_url: "/authorization.json"
]
end
def normalize(_config, user) do
%{
"uid" => user["id"],
"name" => user["name"],
"email" => user["email"]
}
end
end
And then add it to your providers:
config :my_app, :pow_assent,
providers: [
custom_strategy: [
client_id: "REPLACE_WITH_CLIENT_ID",
client_secret: "REPLACE_WITH_CLIENT_SECRET",
strategy: MyApp.CustomStrategy
]
]
Happy coding ![]()
Most Liked
danschultzer
Pow 0.2.0 released
Changelog: Github
Hex: pow_assent | Hex
This release contains several breaking changes. The plug methods and controllers have been streamlined so they are much easier to work with. However, you don’t need to change a thing unless you’ve a very customized 0.1.0 setup.
Removed Plug.Conn from strategies
Strategies no longer uses plug conn param. Now you only have to pass configuration and params. This means that PowAssent strategies can be used in any context with no expectation for any dependency!
PowInvitation
Support for the new PowInvitation extension in Pow 1.0.3!
It’s plug n’ play. Zero configuration.
danschultzer
Thanks! It’s in the readme, but it’s kind of hidden towards the end: GitHub - pow-auth/pow: Robust, modular, and extendable user authentication system · GitHub
Maybe it would be better with a reference to it in the Extensions section.
danschultzer
You’re right, the user identity is never updated, only created or deleted. When there’s a match for :provider and :uid, the user will just be authenticated. I’m not sure what the solution should be, so I’ve just opened an issue on github I’ll give this some thought.








