I might be in the minority here, but I would build the authorization component myself. Authorization tends to involve complicated business rules and, in my experience, is specific to each application. If you use a library you have to include those business rules within the patterns of the library. Personally I’ve had better results creating the patterns that make sense for the specific application I’m working on.
That said, there’s nothing wrong with using an auth library. Canary is popular and https://github.com/boydm/policy_wonk seems like another good option. Try a few out and see what you think.
Something in the past appeared lacking in it to me, or I was lacking at elixir/phoenix framework to have time to get it, the latter more likely, haha.
Hopefully this time it fills the gap I’m finding, but perhaps that’s because I don’t yet trust myself to write completely error free code that may also be more insecure than if it were a commonly used core package for authentication and authorisation. I think I’m just being a whinging noob for complaining, haha. Perhaps I’ll give it a try if I can’t get policy wonk or another package (or combination of) working first or I fail to modify/extend them if necessary.