User authorization -- roll your own or use package

First of all, thanks to all for the very informative discussion of GUIDs. I learned a lot.

I’m working on a Phoenix 1.3 backend and ran into an incompatibility problem with Guardian, and wanted to know what the current opinion is for doing authorization. I’ve sometimes “rolled my own” system using Joken, but wanted to get better informed before I do that. Guardian does seem like a good package but for the moment I can’t use it.

(I know there is a related thread, but it is veeeery long …)

Since my app is a backend, much of what the authorization part does is just to provide the client with a token at login, then verify the token the client sends with requests to the backend. Thus whatever I use needs to be able to provide and verify JWT tokens.

I’ve used Joken in a limited way in other apps – it does have plug, so perhaps this would be enough???

I’ll probably make a library for this at some point like I’ve done for a few other languages. Probably an integration with Phoenix as well, it seems worthwhile to get into.

Openmaize wiki[1] has some fun examples on how to do authorization by defining small Plugs.



Wonderful! going there now.

Here it is a list with a few different Auth libs . It seems like openmaze is the most actively developed and almost the most popular.