What does HackerNews think of ueberauth?

An Elixir Authentication System for Plug-based Web Applications

Language: Elixir

#11 in Elixir
Go Auth Lib | Oct 2022
Expand Context ↕
Ueberauth for Elixir/Phoenix https://github.com/ueberauth/ueberauth
Build a real-time Twitter clone with LiveView and Phoenix 1.5 | Apr 2020
Expand Context ↕
The Phoenix Ecosystem has solutions for authentication and authorization.

ueberauth is one of the most fully featured with support for a ton of different authentication schemes (https://github.com/ueberauth/ueberauth)

But there are lots of other things that integrate with Phoenix / Plug (https://github.com/h4cc/awesome-elixir#authentication)
Building a chat app in 8 minutes with Phoenix | Mar 2018
Expand Context ↕
I've been coding Elixir professionally for a few years, and working in security for longer, and I recommend against using Coherence for anything but toy apps. It's a fairly full-featured Devise-substitute, but the code quality isn't great, and a lot of the less-used features haven't had any sort of real-world testing. There's been a few trivial, high-severity security vulnerabilities in it, and I wouldn't be surprised if more are hiding.

For example, when I last read through the codebase it was common to find features that simply wouldn't work, because the code referenced hardcoded parts of the sample application.

You'll also going to run into a lot of issues trying to migrate off of Coherence if you ever need to support anything other than form based username / password login.

I think it really is worth the effort to go with Ueberauth [0]. You'll need to do more work upfront, but the maintainability gains will quickly pay off. You can even use :ueberauth_identy [1] to provide username / password based auth without too much trouble.

[0] https://github.com/ueberauth/ueberauth

[1] https://github.com/ueberauth/ueberauth_identity
Phoenix Framework. Authentication and Authorization Using Plugs | Feb 2018
Expand Context ↕
I've always taken the roll-your-own approach too using https://github.com/bryanjos/joken, though I hear about https://github.com/ueberauth/ueberauth a lot.

If you're using Absinthe you can create a easy middleware for auth as well.
Learnings from One Year of Building an Open Source Elixir Application | Aug 2017
Expand Context ↕
It really depends what you are going for. There are libraries out there that are pluggable for lots of different auth mechanisms like https://github.com/ueberauth/ueberauth

If you want something like Devise from the Rails world, there is also Coherence. https://github.com/smpallen99/coherence