Openmaize

Authentication and authorization library for Elixir

Openmaize is an authentication and authorization library for Elixir. It is still under heavy development and has had limited testing in production.

Goals

Openmaize aims to provide developers the following:

• a secure, but lightweight, framework-agnostic authentication and authorization mechanism that is easy to use.
• excellent documentation.

Installation

1. Add openmaize to your mix.exs dependencies

defp deps do
  [ {:openmaize, "~> 0.4"} ]
end

1. Run mix do deps.get, compile

Use

Before you use Openmaize, you need to make sure that your user model contains an id and role. You also need to have a unique key (name, email, etc.) by which you identify the user. This is configurable, and the default is name.

You then need to configure Openmaize. For more information, see the documentation for the Openmaize.Config module.

Next, add the following to the list of plugs you are using (in Phoenix, this will be in web/router.ex):

plug Openmaize

This will check the connection for a Json Web Token (JWT), and if there is one and it is valid and the user's role is allowed to go to the url, then the connection is allowed to go through. If there is no token, or if there is an error, then the user will be redirected to the login page. If the login is successful then the user will be given a token, which he / she can use in subsequent requests.

There are also options to disable redirects and to use an external function in the last part of the token authentication. See the documentation for the Openmaize module for more details.

There is an example of Openmaize being used with Phoenix at Openmaize-phoenix.

License

BSD