zanderxyz

zanderxyz

Veil - Simple Passwordless Authentication for your Phoenix Apps

Veil - Simple Passwordless Authentication for your Phoenix Apps

I have just released the first version of Veil, a very simple library to add passwordless authentication to your Phoenix apps. Starting from a new project, you can have authentication working in five minutes (and most of that time is getting an API key from your email api of choice).

I have noticed a lot of people asking about the best solution for adding authentication to new projects and I think this provides that. It has far less functionality than Guardian or Coherence, but in turn is faster to set up if you don’t need all the bells and whistles that they offer.

I don’t think most websites need to use the username/password paradigm, and authenticating by email automatically verifies all of your emails on signup. You have full control over the expiry of session tokens and can easily revoke them on the server if you want.

All the schemas/controllers/plugs/templates are added directly to your Phoenix project so you can easily customise/extend them as much as you wish.

Would really appreciate any feedback!

Most Liked

ElixirCasts

ElixirCasts

Forum Sponsor

If you’re curious how Veil works, I made an screencast where I use it with an existing Phoenix application: https://elixircasts.io/passwordless-authentication-with-veil

zanderxyz

zanderxyz

Sure! Veil adds a new mix task that you run with mix veil.add. This then does the following:

  • Adds schemas for Veil.User, Veil.Request, Veil.Session
  • Adds User & Session controllers & views
  • Adds a mailer
  • Adds three Plugs
  • Adds HTML templates (if your phoenix app has a templates directory)
  • Amends your config file to add the Veil-specific settings
  • Amends the default layout.html.eex to add a sign in link
  • Amends your router to add one of the Plugs to the default pipeline, and adds two new blocks: one for Veil’s sign in/session routes, and one that only signed in users can access.

It also includes code to generate unguessable unique secure ids for requests and sessions, and this code isn’t copied to your app (since it doesn’t need modifying).

In practical terms, this gives you:

  • A sign in/signup form (email address only) that sends an email to the address given
  • Clicking the link in that email will sign the user into the application and set a session id in a cookie
  • You can then add protected routes in the new router block that will only be accessible to logged in users

Regarding email providers, it uses Swoosh by default, which includes the following adaptors for different services: Sendgrid, Mandrill, Mailgun, Postmark, SparkPost, and SMTP.

Please let me know if you have any further questions.

zanderxyz

zanderxyz

Good question. Honestly, if you have already set up your own authentication by email, then it probably makes sense to continue using that. This isn’t a terribly hard problem, so if you’ve already done the work it’s unlikely that you want to switch.

That said, it may have a few advantages over your solution (guessing of course):

  • Secure request/session ids that can easily be invalidated server-side.
  • Login requests are also stored in the database, so it is easy to see failed login attempts (although these are deleted by a task daily, it would be easy to add another task to email a list of users with multiple failed attempts to the website admin daily).

I think the main advantage comes if you are starting a new project - you can be set up in 5 minutes without needing to roll your own method.

If you have a few minutes free, maybe try creating a new project with Veil included and see if it works significantly differently. If your method is better in any way I’d love improvement suggestions!

Where Next?

Popular in Announcing Top

danschultzer
In short Plug n’ play OAuth 2.0 provider library. Just set up a resource owner schema with Ecto (your user schema), install the dependen...
New
josevalim
Hi everyone, We would like to announce that Plataformatec is working on a new MySQL driver called MyXQL. Our goal is to eventually integ...
New
pkrawat1
Presenting Aviacommerce, open source e-commerce platform in Elixir Aviacommerce is an open source e-commerce platform in Elixir. We at...
New
bryanjos
Hi, I wanted share a small library we at Revelry Labs made for rendering react components from the server side. There are instructions fo...
New
Eiji
ExApi is a library that I’m developing now and hope release soon This library will allow to: list all apis list all api implementation...
New
mbuhot
Leverage Open Api 3.0 (Swagger) to document, test, validate and explore your Plug and Phoenix APIs. Generate and serve a JSON Open API ...
New
kip
Image is an image processing library for Elixir. It is based upon the fabulous vix library that provides a libvips wrapper for Elixir. I...
622 18474 194
New
type1fool
WebAuthnLiveComponent WebAuthnComponents See this post about renaming the package. Passwordless authentication for Phoenix LiveView app...
New
zachdaniel
Ash Framework What is Ash? Ash Framework is a declarative, resource-oriented application development framework for Elixir. A resource can...
New
handnot2
Samly can be used to enable SAML 2.0 Single Sign On in a Plug/Phoenix application. This library uses Erlang esaml to provide plug enabl...
New

Other popular topics Top

Harrisonl
We have an ECS cluster with 4 services, where each task joins a single cluster, via discovery ECS discovery service. Currently when I de...
New
AstonJ
Posting this to see if we can make things easier for people to get into Neovim. If you use Neovim and have a favourite distro please let ...
New
TunkShif
This post is an instruction guide to help you setup your Neovim for Elixir development from scratch. It includes general information on h...
274 41539 114
New
albydarned
Hello all! I am typing this post from my new MacBook Pro with the M1 chip. I’m loving it so far, and will probably use it as my daily dr...
New
shahryarjb
Hello, I have map which I want to convert it to string like this: the map: %{last_name: "tavakkoli", name: "shahryar"} the string I ne...
New
stefanchrobot
What’s the safe way to decode a JSON string into a struct? I want to avoid calling String.to_atom. Jason.decode can give me a map with st...
New
dokuzbir
I want to highlight html closing tags when i click a html tag. That works in .html files but doesnt work for html.eex templates. How can...
New
Emily
I have VueJS GUIs with the project generated using Webpack. I have Elixir modules that will need to be used by the VueJS GUIs. I forese...
New
ashish173
I am using Ecto timestamps with postgres, I can see the timestamps() use the :naive_dateime but for my use case I wanted to store the ti...
New
boundedvariable
I am going through the kafka architecture. All the features what the kafka is providing are already in Erlang. I would like hear your opi...
New

We're in Beta

About us Mission Statement