phx.gen.auth ?

[nelsonic]

I was not aware of the existence of this project: https://github.com/aaronrenner/phx_gen_auth
(until this evening when I was trying to catch up on Phoenix related YT videos ...)

From watching this intro by Bruce Tate: https://youtu.be/YlDO07P3oL0

The generator does inject a bunch of code into your project that you then have to maintain.
It does not give you a turnkey authentication scheme beyond email + password (i.e. no OAuth via Google/GitHub/etc.)
and does not hookup to any email sending provider.
It's very much "batteries not included" as you can see from this forum topic:
https://elixirforum.com/t/how-to-use-phx-gen-auth/31619

Obviously, if it has José's blessing https://github.com/dashbitco/mix_phx_gen_auth_demo
then it will become the defacto standard in the Elixir Community
and possibly even the inclusion into Phoenix 2.0. 💭 🤷

So I need to invest a couple of hours into trying to run this on localhost and see where the overlap is.
And determine what to do about it. 🤔

I really wish this had all existed last yearwhen we were deciding how to handle auth in our App(s) ... 🙄

As much as I would like to think that the code I've written in auth is "better" I must keep an open mind and if this generator is useful to us, I will determine how much work it is to use it.

[nelsonic]

After watching Bruce's video, I think the area it can help us is session renewal and avoiding session fixation attacks. 💭
Might need to assess the complexity of doing a "clean" re-write of auth based on the generator ... ⏳

[nelsonic]

dashbitco/mix_phx_gen_auth_demo#1

[nelsonic]

https://github.com/aaronrenner/phx_gen_auth
https://dashbit.co/blog/a-new-authentication-solution-for-phoenix

I still want to investigate this and see if we can use it as the basis for the auth app.
Yes, this would require a lot of rework, but it would mean that our auth would re-use/leverage some of the work done by the Phoenix community particularly around session management #30 💭

I would still prefer to keep auth code outside of our main application and thus a lot more re-usable.
Very open to suggestions. 👍

[SimonLab]

phx_gen_auth is now part of Phoenix since the 1.6 version.
see: https://hexdocs.pm/phoenix/mix_phx_gen_auth.html

Not a bad prediction 😄

and possibly even the inclusion into Phoenix 2.0.

[nelsonic]

Yeah, it was inevitable and necessary that Phoenix would have an Auth generator built-in. 👍
I'm delighted that it is because I want more people to use Phoenix and this simplifies things for basic projects.
But What I wrote above about it being "batteries not included" still stands.
Our auth application has several major advantages:

• All auth related code is separate from the main business logic of the App.
  • Simply protect a route in the main App using auth_plug
• Maintaining and reusing the auth related code is much easier as it's self-contained.
• We can keep code in small demo/tutorial apps like chat, todo, etc. minimal and still have Auth.

[nelsonic]

@SimonLab if you have time, please share your experience of using mix phx.gen.auth so we know what the pros/cons are. 🙏