I run a nonprofit organization that is using Rails. We’re about to create a collection of new inter-related websites to improve human rights, free modern-day slaves, and help people in extreme poverty who lack food, clean water and basics. We’re considering using Elixir (possibly with Phoenix). Our main hesitation is that it doesn’t have key plugins or libraries we need that would be too expensive to build on our own. An important one is with the large number of inter-related websites, we need users to have SSO to be automatically logged in when they arrive at our other websites. We also want to let people choose between signing up with FB, Twitter, Google or by creating an account without using a social media account.
Someone suggested we do the majority of the development in Elixir, but use the Rails CAS plugin/server to meet our auth needs. I.e. when users log in, we ping the SSO server to verify them, then the rest of their activity interacts with Elixir, and when they go to another website, it recognizes them. How easy is that to set up, and what are common problems/weaknesses to that approach, and how roughly how time-consuming are they to overcome? I read 99% of the thread on Elixir/Phoenix auth, and didn’t see anything that answered these questions.
I’m not a developer, but I’ve run this nonprofit for 12 years and I’ve done a lot of the UX design and user specs for our past websites, so I understand many of the basics of web dev, though not a lot of highly technical details. I think this likely is a useful topic for potential users of Elixir to hear about because the only real weakness I consistently hear people mention about Elixir is the lack of libraries and plugins. So people having more knowledge about the feasibility of mixing Elixir with plugins from other frameworks, and information about how to mix them, would likely increase adoption of Elixir.
Using a central CAS server seems like good idea for your use case. The pros are thay you will be able not only integrate logins for multiple Rails apps, but you can mix and match different solutions this way (PHP, Elixir, Java…).
I would recommend you not making a big decision to jump onto Elixir with everything you do just yet. When you have stand alone, fairly simple use case - give it a shot. See how your programmers deal with the task, let them learn the new stack. Maybe some API or a service first, and only when they are flient and confident do bigger apps.
This is actuallu advice that I would apply to any new tech stack. Try it in limited fashion before making big decisions on switching whole stack.
It seems you need a central SSO solution anyway, so implementing it may be good wether you decide to stay on Rails stack or move on.
Thanks. For context, we haven’t needed much web development the last months, so we currently only have one part-time Rails dev doing a few hours a week on small features. We’re going to hire either 1-2 full-time developers or hire an agency to build the new collection of websites.
We don’t plan to switch our main existing website to Elixir. It has a sizable backend content management system we developed with Rails for publishing daily news related to making the world a better place. It isn’t going to be part of the new collection of websites so we don’t need to integrate with it.
Besides authentification, does the Ruby CAS do other things to make it easier to integrate plugins from other frameworks with elixir?
Also, given that two of the benefits of Elixir are 1) being able to do hot-swapping when deploying new code to production; 2) when one thing in Elixir goes down, it doesn’t cause multiple things to crash.
When things such as RubyCAS or PHP forums are added to a mostly elixir system, are either of those benefits either lost or reduced? For example in the future, when our new versions of our Elixir codebase are deployed, can hot swapping still easily occur when some parts of our system that interact with our Elixir codebase are PHP (forums plugin) or Rails (e.g. CAS)?
I think there is some confusion here, let me try clearing out for you a few misconceptions:
You can’t use say Rails plugins in Elixir. Or PHP plugins in Elixir. This will not work.
What you can do instead, is set up separate PHP or Ruby project next to your Elixir project. Then you can make the two talk to each other in some ways, and you can use something like CAS server to make user logged in the main app, automatically logged into all other apps.
The benefits of Elixir you present can or may not be true. This actually depends on how your software is going to be written and deployed.
You don’t have to do code hot swapping, in fact, a lot of non-mission-critical systems don’t do that. Depending on your external dependencies and overall architecture, the whole system may as well go down when something goes wrong too. This is not something you get for free, by default. But it is true that generally speaking the systems are more resilient to failure, and recover better than Rails systems.
The main difference between Ruby on Rails that you use nowdays, and Elixir - will be
a) the raw performance, which will be way better in Elixir. This means also your hosting requirements will be lowered.
b) ability to scale up faster/easier
c) ability to do more interactive features (live update sites with content pushed from server, chats, etc) on bigger scale than with Rails
The cool thing is that these things don’t come at extra expense of developer hours, since both languages are very much comparable in development time/cost.
Good point. So would maintaining different deployment setups include having to update the versions of Rails (or PHP etc) when new releases come out and sometimes update our own code to be compatible with the new release?
Do you think it would also mean that we need to have developers who know all the languages/frameworks so they can write code in each of them and/or fix bugs that arise in them?