Shoud I use Guardian with Ueberauth?

Hi there, I’ve been off from Elixir for quite a while, recently I started picking it up.

I’m making a phoenix application which will use Discord Oauth via Ueberauth as the only way of authentication, so no email/password mixes.

I’m trying to make it as good as possible and that’s why I tried to look up into Guardian. But, I didn’t find any reason of why to use it; or generally why to ever use it.

I understand that you can easily make session-based authentication without Guardian. Are there any specific reasons why I would use Guardian over session based? Should Guardian maybe be used in some specific niches? I honestly don’t have a feeling about Guardian.

Both Ueberauth and Guardian are authentication libs so that’s confusing for me as well. The only videocasts I’ve found with Ueberauth and Guardian focused on Ueberauth but with a email/password combo rather than oauth.

Ueberauth and Guardian are written by the same author @hanspagh and they are meant to go hand in hand. You use ueberauth to do the initial auth, ie to prove who the user is at login, and use guardian to keep the user auth’ed (because http is stateless, you know)

I’m going to close the topic with this response.

I’ve decided to use Guardian. Generally it’s safer to use JWT. Plus, once I’ve set it up it’s way easier to use than to create my custom plugs for auth and all that good stuff. Additionally it will definitely be more secure than a quick-rough session based auth.

1 Like