Creating authentication from scratch in Phoenix is way too hard. Looking for advice...

I would recommend strongly against rolling your own authentication, especially for production apps. It’s a great exercise, but it’s not something you usually should have to mess with when actually building an app.

I would use any good open source auth system, ideally one that has security audits. Guardian and ueberauth may work well for you, but you should read up on them. Guardian is based on JWT, and it didn’t work for the kind of apps I was building.

I ended up writing Pow that uses short lived sessions by default. I wanted to have an auth system where I didn’t have to think of the internals, and that I can spin up in seconds for a new project :grin:

You can use Pow with Guardian though if you need JWT. It’s not one or the other.