First of all, thanks to all for the very informative discussion of GUIDs. I learned a lot.
I’m working on a Phoenix 1.3 backend and ran into an incompatibility problem with
Guardian, and wanted to know what the current opinion is for doing authorization. I’ve sometimes “rolled my own” system using
Joken, but wanted to get better informed before I do that.
Guardian does seem like a good package but for the moment I can’t use it.
(I know there is a related thread, but it is veeeery long …)
Since my app is a backend, much of what the authorization part does is just to provide the client with a token at login, then verify the token the client sends with requests to the backend. Thus whatever I use needs to be able to provide and verify JWT tokens.
I’ve used Joken in a limited way in other apps – it does have plug, so perhaps this would be enough???