Open Source Elixir Authentication Software

Guardian is a token based authentication library for use with Elixir applications. Guardian remains a functional system. It integrates with Plug but can be used outside of it. If you're implementing a TCP/UDP protocol directly or want to utilize your authentication via channels in Phoenix, Guardian can work for you. The core currency of authentication in Guardian is the token. By default JSON Web Tokens are supported out of the box but you can use any token that Has the concept of a key-value payload, is tamper-proof, can serialize to a String, or that has a supporting module that implements the Guardian.Token behavior. You can use Guardian tokens to authenticate web endpoints (Plug/Phoenix/X), channels/Sockets (Phoenix - optional), and any other system you can imagine. If you can attach an authentication token you can authenticate it.

Pow is a robust, modular, and extendable authentication and user management solution for Phoenix and Plug-based apps. Pow is built to be modular, and easy to configure. The configuration is passed to function calls as well as plug options, and they will take priority over any environment configuration. It's ideal in case you got an umbrella app with multiple separate user domains. The easiest way to use Pow with Phoenix is to use a :otp_app in function calls and set the app environment configuration. It will keep a persistent fallback configuration that you configure in one place. Pow ships with a session plug module. You can easily switch it out with a different one. Pow is extremely modular and fully customizable. As your platform scales, each moving part can be modified or replaced ad-hoc. Several extensions are included in Pow so you with no effort can add secure features to your app.

Ueberauth is a two-phase authentication framework that provides a clear API, allowing for many strategies to be created and shared within the community. It is heavily inspired by Omniauth. You could call it a port but it is significantly different in operation, but almost the same concept. Huge hat tip to Intridea. Ueberauth provides only the initial authentication challenge, (initial OAuth flow, collecting the information from a login form, etc). It does not authenticate each request, that's up to your application. You could issue a token or put the result into a session for the needs of your application. Libraries like Guardian can help you with that aspect of authentication. Strategies implement the two phases and then may allow the request to flow through to your downstream plugs. Implementing the request and callback phases is optional depending on the strategies requirements. If a strategy does not redirect, the request will be decorated with Ueberauth information.