Question 1

How do I add basic auth to specific controller actions in Phoenix?

Accepted Answer

Use Plug's guard clauses with BasicAuth, as shown in the README for applying authentication only to actions like :edit or :delete, using 'when action in' syntax.

Question 2

Is BasicAuth secure for production use?

Accepted Answer

With HTTPS and timing attack protection in static mode, it can be secure for simple cases. However, for high-security apps, consider more robust methods like OAuth due to basic auth's limitations.

Question 3

How to implement custom authentication with database lookup using BasicAuth?

Accepted Answer

Define a three-arity function that takes conn, username, and password, then pass it as a callback to the plug. Ensure to use secure comparison methods like Plug.Crypto.secure_compare/2 to prevent timing attacks.

Question 4

What's the difference between BasicAuth and Plug.BasicAuth?

Accepted Answer

BasicAuth is the deprecated standalone library, while Plug.BasicAuth is the same functionality now included in the main Plug library. For new projects, use Plug.BasicAuth for better maintenance and integration.

Question 5

Can I use environment variables for credentials with BasicAuth?

Accepted Answer

Yes, the plug supports reading credentials from environment variables at runtime using the {:system, "VAR_NAME"} syntax in configuration, as detailed in the REPLACE_OS_VARS section.

Question 6

How to test controllers that use BasicAuth in Elixir tests?

Accepted Answer

Inject basic auth headers in tests with a helper function that encodes credentials, as demonstrated in the README's testing section, using Application.get_env to reuse config values.

basic_auth

What is basic_auth?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions