User authorization -- roll your own or use package

jxxcarlson · May 27, 2017, 4:22pm

First of all, thanks to all for the very informative discussion of GUIDs. I learned a lot.

I’m working on a Phoenix 1.3 backend and ran into an incompatibility problem with Guardian, and wanted to know what the current opinion is for doing authorization. I’ve sometimes “rolled my own” system using Joken, but wanted to get better informed before I do that. Guardian does seem like a good package but for the moment I can’t use it.

(I know there is a related thread, but it is veeeery long …)

Since my app is a backend, much of what the authorization part does is just to provide the client with a token at login, then verify the token the client sends with requests to the backend. Thus whatever I use needs to be able to provide and verify JWT tokens.

I’ve used Joken in a limited way in other apps – it does have plug, so perhaps this would be enough???

Ordermind · May 27, 2017, 4:35pm

I’ll probably make a library for this at some point like I’ve done for a few other languages. Probably an integration with Phoenix as well, it seems worthwhile to get into.

whodidthis · May 27, 2017, 4:53pm

Openmaize wiki[1] has some fun examples on how to do authorization by defining small Plugs.

[1] https://github.com/riverrun/openmaize/wiki/Authorization

jxxcarlson · May 27, 2017, 7:52pm

Wonderful! going there now.

StanBright · May 28, 2017, 7:11am

Here it is a list with a few different Auth libs https://elixir.libhunt.com/categories/651-authorization . It seems like openmaze is the most actively developed and almost the most popular.

jxxcarlson · May 28, 2017, 1:30pm

Thanks!