zanderxyz

zanderxyz

Veil - Simple Passwordless Authentication for your Phoenix Apps

Veil - Simple Passwordless Authentication for your Phoenix Apps

I have just released the first version of Veil, a very simple library to add passwordless authentication to your Phoenix apps. Starting from a new project, you can have authentication working in five minutes (and most of that time is getting an API key from your email api of choice).

I have noticed a lot of people asking about the best solution for adding authentication to new projects and I think this provides that. It has far less functionality than Guardian or Coherence, but in turn is faster to set up if you don’t need all the bells and whistles that they offer.

I don’t think most websites need to use the username/password paradigm, and authenticating by email automatically verifies all of your emails on signup. You have full control over the expiry of session tokens and can easily revoke them on the server if you want.

All the schemas/controllers/plugs/templates are added directly to your Phoenix project so you can easily customise/extend them as much as you wish.

Would really appreciate any feedback!

Most Liked

ElixirCasts

ElixirCasts

Forum Sponsor

If you’re curious how Veil works, I made an screencast where I use it with an existing Phoenix application: https://elixircasts.io/passwordless-authentication-with-veil

zanderxyz

zanderxyz

Sure! Veil adds a new mix task that you run with mix veil.add. This then does the following:

  • Adds schemas for Veil.User, Veil.Request, Veil.Session
  • Adds User & Session controllers & views
  • Adds a mailer
  • Adds three Plugs
  • Adds HTML templates (if your phoenix app has a templates directory)
  • Amends your config file to add the Veil-specific settings
  • Amends the default layout.html.eex to add a sign in link
  • Amends your router to add one of the Plugs to the default pipeline, and adds two new blocks: one for Veil’s sign in/session routes, and one that only signed in users can access.

It also includes code to generate unguessable unique secure ids for requests and sessions, and this code isn’t copied to your app (since it doesn’t need modifying).

In practical terms, this gives you:

  • A sign in/signup form (email address only) that sends an email to the address given
  • Clicking the link in that email will sign the user into the application and set a session id in a cookie
  • You can then add protected routes in the new router block that will only be accessible to logged in users

Regarding email providers, it uses Swoosh by default, which includes the following adaptors for different services: Sendgrid, Mandrill, Mailgun, Postmark, SparkPost, and SMTP.

Please let me know if you have any further questions.

zanderxyz

zanderxyz

Good question. Honestly, if you have already set up your own authentication by email, then it probably makes sense to continue using that. This isn’t a terribly hard problem, so if you’ve already done the work it’s unlikely that you want to switch.

That said, it may have a few advantages over your solution (guessing of course):

  • Secure request/session ids that can easily be invalidated server-side.
  • Login requests are also stored in the database, so it is easy to see failed login attempts (although these are deleted by a task daily, it would be easy to add another task to email a list of users with multiple failed attempts to the website admin daily).

I think the main advantage comes if you are starting a new project - you can be set up in 5 minutes without needing to roll your own method.

If you have a few minutes free, maybe try creating a new project with Veil included and see if it works significantly differently. If your method is better in any way I’d love improvement suggestions!

makeitrein

makeitrein

Just watched the ElixirCast and was up and running with Veil in under 10 minutes! Really fantastic on-boarding experience, wish that other auth solutions shared Veil’s ease-of-use…

Has anyone “outgrown” Veil and incorporated other authentication solutions such as OAuth? Curious how much pain there will be down the line if I decide to build a more fully featured authentication suite for my app…

idi527

idi527

Thanks for the library!

But how is it better than using bamboo and a single controller? That’s how I do authentication over email right now. I guess what I’m asking is, if I already have passwordless authentication set up, should I switch to your library?

Where Next?

Popular in Libraries Top

Crowdhailer
The latest release of Ace (0.10.0) includes serving content over HTTP/2. I have started writing a webserver to teach my self more about...
New
pkrawat1
Presenting Aviacommerce, open source e-commerce platform in Elixir Aviacommerce is an open source e-commerce platform in Elixir. We at...
New
jakub-zawislak
Hi everyone, I’m coming from the Symfony (PHP) framework. I like Phoenix, but it has a one thing that was build much better in the Symfo...
New
Qqwy
Solution is a library to help you with working with ok/error-tuples in case and with-expressions by exposing special matching macros, as ...
New
aditya7iyengar
Rummage.Ecto and Rummage.Phoenix provide ways to perform Searching, Sorting and Pagination over Ecto queries and Phoenix collections. Fo...
New
martinthenth
Hello everybody :wave: Recently, some of my colleagues talked about database ids and uuids and their problems, and I remembered the pain...
New
Qqwy
Hello everyone, I wrote a small library today called MapDiff. It returns a map listing the (smallest amount of) changes to get from map...
New
tmbb
I’ve decided to create this topic to discuss optimization possibilities for something like Phoenix LiveView. I’ve created this topic unde...
New
mischov
import Meeseeks.CSS html = HTTPoison.get!("https://news.ycombinator.com/").body for story <- Meeseeks.all(html, css("tr.athing")) do...
New
maltoe
Hello! Came here to announce ChromicPDF, a pet project PDF generator I’ve been working on for the past few months. Why another PDF gener...
New

Other popular topics Top

shahryarjb
Hello, I get Persian date from my client and convert it to normal calendar like this: def jalali_string_to_miladi_english_number(persi...
New
peerreynders
Manning 2016 Halloween weekend sale via Deal of the Day Friday, October 28 - Half off all MEAPs - code WM102816LT Saturday, October 29 ...
326 29600 154
New
dotdotdotPaul
Okay, I'm having a heck of a time trying to figure out how to best handle the validation of belongs_to associations in Ecto. I'm sure I'...
New
yawaramin
In the Dialyzer docs ( http://erlang.org/doc/man/dialyzer.html#requesting-or-suppressing-warnings-in-source-files ), there is a way to tu...
New
albydarned
Hello all! I am typing this post from my new MacBook Pro with the M1 chip. I’m loving it so far, and will probably use it as my daily dr...
New
stefanluptak
Hello everybody, usually, I use a 29" ultra-wide monitor for VSCode which can easily accomodate explorer (files panel) + file with code ...
New
baxterw3b
Hi guys, i’m new in the Elixir world, and i have to say, that i love it! i’m having some problem to understand anonymous functions with ...
New
9mm
I am constructing a JSON object (map) and I need to conditionally set a field. I’m trying to write proper elixir-way code… and I’m at a l...
New
AstonJ
We’ve put together this wiki for Phoenix LiveView - please feel free to add any info you feel is worth including. What is Phoenix LiveV...
New
vrod
I am using the Starship cross-shell prompt – it seems pretty nice, but I get some errors: [WARN] - (starship::utils): Executing command ...
New

Sub Categories:

We're in Beta

About us Mission Statement