What do you use, which tools have you found to be the most reliable? Thank you.
Which contrib dependencies are needed to achieve, user registration, authentication, authorization and role based permission management
Well, here we go:
- User registration: if you want to save them to a relational database, go with Ecto, which is the default database wrapper that comes with phoenix.
- User authentication: for most of the times, I’ve implemented it myself, using only comeonin to hash the password. The last time, I’ve followed this tutorial to build a passwordless authentication mechanism, and I liked! About libs, the most used is guard I guess.
- User registration: again, I’ve implemented it myself most times, I like to keep things simple. But if you want a lib for it, the most famous are bodyguard and canary.
You can give a look at the elixir awesome list here: https://github.com/h4cc/awesome-elixir
Thank @kelvinst I have already in the meantime tested bodyguard / guardian and with little help of an online tutorial set up the user model (using comeonin to hash the password). Implementing password-less logins is something interesting. I have done that once in PHP with some url keys (over SSL of course).
As for implementing roles, I am still looking for the best way to store/check against them.
Compared to Rails/Access Granted I feel that the Elixir’s way of doing things can be more verbose, but that grants more control over things and increased flexibility. But of course, writing things by oneself would provide the exact results with fuller control and no excess code lines. Since it is login’ etc, I thought it will be safer to use established libraries. First steps of a developer
I like Ueberauth for authentification. It does have a basic user/password strategy, but also a bunch of oauth ones. The nice thing is, that it’s keeping a clean interface for you to use with all those different types of logins.
This is a link to a github branch (not master) because the master doesn’t support some useful things yet (internationalization and the phoenix 1.3 layout)
What is this library, I’ve not heard of it?
And remember everyone, Guardian is a JWT library, if you don’t know what JWT is then you probably do not need it.
Ooops, sorry, my bad. Guardian… Sorry, I’m not the guy to speak about it because, as I said, I’ve never used them.