Hello,
(frenglish incoming)
I have a long time expercient doing (mostly PHP) websites professionnaly, and a long experience with Erlang as a hobby.
I use Elixir from quite some time now and try to make a place for it in my professional work.
But I see the same pattern for authentication systems as in the PHP world : each new library adds some features, is easier to work with, (currently I have settled with Pow which is great) but requires to modify your code in many places, and is tightly coupled to your application code (to my taste, but maybe I do not do things correctly).
I would like to find/create/help-to-create a library where the authentication system is 99% automated and separated from the application code. I do not know if it is a good idea so I would like to have your opinion.
This system would not be a good fit for any application of course but sufficient for prototypes and most CRUD applications.
The idea would be to have a standalone Pow application along the Phoenix app with its extensions opt-in from config. Forms/view/templates would be automated : if you enable github login for instance, the sign-up/log-in templates would have a button for github auth.
Then we would simply plug the auth system in MyApp.Endpoint (just like a socket) with a base path.
Then, we would have hooks to implemplent:
- When a user is created, we should implement a hook receiving the Pow User id so we could create our data for a user.
- When a user is deleted, a hook with its id to delete our own user data type.
- Hooks on log-in / log-out, called with the id and the
conn
to set assings/session stuff.
Pow manages its users and we have another data type for our users, usually with a foreign key to the pow user.id.
As an example, I implement small games (quizs, card games) and I like to have a Player data type. To me it’s simpler to have a Player decoupled from the auth system so I can implement AI Players with the same interface as a human one.
For a shop, you could have a customer for yourself and another for your company with the same authenticated entity.
Or you can just rely on the Pow User if you do not need anything else.
Also we should provide a way to override the templates from Pow, and/or maybe just pass the url for a custom CSS file.
So, I don’t know if this is currently possible with Pow (I may have missed a hooks section from the docs), but I would be great if we could package that in a small library.