Question 1

Guardian vs Pow: which is better for Elixir authentication?

Accepted Answer

Guardian is token-focused and highly flexible, ideal for APIs, custom protocols, and fine-grained control, while Pow is more opinionated with built-in user management and better for traditional web apps with less configuration.

Question 2

How to implement refresh tokens in Guardian?

Accepted Answer

Use encode_and_sign with token_type: 'refresh' to create a refresh token, then use the exchange function to swap it for an access token, as detailed in the basics section of the README.

Question 3

Does Guardian support OAuth integration?

Accepted Answer

Guardian itself doesn't provide OAuth out of the box, but it can be integrated with OAuth providers through custom implementations or by using libraries like Ueberauth alongside it for broader authentication schemes.

Question 4

How to handle token expiration and sliding sessions?

Accepted Answer

Configure ttl in settings for default expiration and use plugs like SlidingCookie to automatically refresh tokens when a minimum TTL remains, based on the examples provided in the documentation.

Question 5

Can Guardian be used without Phoenix?

Accepted Answer

Yes, Guardian is decoupled from Phoenix and works with any Plug-based application or even non-web protocols like TCP/UDP, as emphasized in its functional design and integration options.

Question 6

What's the best way to manage secret keys in production?

Accepted Answer

Use advanced secret fetchers for key rotation, such as implementing a custom GenServer for dynamic key management, as shown in the key rotation example, rather than hardcoding keys.

guardian

What is guardian?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions