Luke Oliff

dad, technical writer, security advocate

Elixir & Phoenix Tutorial: Build an Authenticated App

2017-12-14 luke oliffportfolio

TL;DR: The Elixir language is dynamically typed with lots of helpful documentation. It builds on Erlang and the Erlang VM. You can be up and running almost immediately. If your app compiles, it’s already deployable. The Phoenix framework for Elixir apps is genuinely exciting to use. Let’s build an easy-to-use application that manages upcoming events, built with the Phoenix Framework and authenticated with Auth0. The final code can be found at the auth0-elixir-countdown GitHub repo.

This post is original content developed by me for the Auth0’s blog and has been re-posted here as part of an online portfolio with permission. Relevant attribution and canonical links exist. Click here to see the original.

Elixir language

Personally, I’ve been stuck under a rock as a developer. I’ve missed plenty of cool languages whilst playing with PHP—and the Elixir language is no exception. Fortunately for me, Elixir (like PHP) is a dynamically typed language with lots of helpful documentation. My brain didn’t have to work too hard to build something practical and fun. Elixir builds on Erlang and leverages the Erlang VM. Its got a super small footprint and is surprisingly robust. You can be up and running almost immediately.

It doesn’t stop there.

If your Elixir app compiles, it’s practically deployable already and the how-to guides come ready to talk you through getting it online with Heroku.

Note: This article was written assuming you have a good understanding of functional programming languages. Elixir is a functional, concurrent, general-purpose programming language. It runs on the Erlang virtual machine (BEAM). Elixir builds on top of Erlang and shares the same abstractions for building distributed, fault-tolerant applications. Check out Elixir School for lessons about the Elixir programming language.

Phoenix framework

You can’t escape the Phoenix framework if you’re looking for a good tool to build on in Elixir. They portray themselves as a fresh approach to tried and tested MVC development. Phoenix genuinely excites me. One aspect is just how well we can separate our concerns across an extremely well thought out, logical structure. Another is that it provides a fantastic command line interface.

Phoenix is an MVC framework written in Elixir and will be welcoming and comfortable to use for anyone familiar with Rails or Django.

The Phoenix framework provides the best of both worlds: high developer productivity and high application performance. It also has some interesting new twists like channels for implementing realtime features and pre-compiled templates for blazing speed.

What should we build?

With holiday season fast approaching and a growing family, we’re counting down the days when we can sit at home, in front of our (fake) fireplace and open some presents! :)

So, I thought, why not build an application where I can see countdowns to my favorite events?

Getting ready

Install Elixir

Follow the Elixir language install guide here:

Next, we run a mix command to install the Hex package manager. Mix is a build tool that provides tasks for creating, compiling, and testing Elixir projects, managing its dependencies, and more. If you know Ruby well, Mix is Rake, Bundler, and RubyGems combined.

Now use mix to install hex:

$ mix local.hex

Install Phoenix

Phoenix needs at least Elixir 1.4 and Erlang 18 or later, run:

$ elixir -v
Erlang/OTP 19 [erts-8.3] [source] [64-bit] [smp:8:8] [async-threads:10] [hipe] [kernel-poll:false] [dtrace]

Elixir 1.4.2

Now we can install Phoenix v1.3.0:

$ mix archive.install

Other requirements

To follow this guide fully, make sure you also have PostgreSQL and npm installed.

If you choose to use another database provider, make sure you edit the configuration appropriately.

Our Phoenix application skeleton

Now we can create a new application with the Phoenix framework. Let’s call our application “countdown”.

$ mix countdown

It will now generate a skeleton application with config, controllers, routing, etc… Everything you need, really!

* creating countdown/config/config.exs
* creating countdown/config/dev.exs
* creating countdown/config/prod.exs
* creating countdown/assets/static/favicon.ico

When prompted, fetch and install dependencies.

Phoenix uses for asset management.’s dependencies are installed via the node package manager, not mix. Phoenix will prompt us to install them at the end of the mix task. If we say “no” at that point, and if we don’t install those dependencies later with npm install, our application will raise errors when we try to start it, and our assets may not load properly. If we don’t want to use at all, we can simply pass —no-brunch to mix

Fetch and install dependencies? [Yn] Y

It will fetch and compile our dependencies.

* running mix deps.get
* running mix deps.compile
* running cd assets && npm install && node node_modules/brunch/bin/brunch build

Once it’s finished it will give you some helpful info to check that it’s all working, running your application, and even how to interact with your app inside IEx (Interactive Elixir).

Check out the following to learn more about debugging techniques in Elixir using IEx.

So let’s change directory and check we can run the application.

$ cd countdown && mix phx.server

It shows us the compilation including any warnings or errors including deprecations or unused variables. Very cool.

[info] Running CountdownWeb.Endpoint with Cowboy using http://localhost:4000
Compiling 13 files (.ex)
==> mime
Compiling 1 file (.ex)
warning: String.strip/1 is deprecated, use String.trim/1
[info] Sent 200 in 18ms

Now we can take a look our app by visiting http://localhost:4000. It should look something like…

Phoenix app starter

Countdown Application

CRUD pattern

We need to be able to store the events we are going to count down to.

Before we can start adding our data, we need to set up the database. Open up config/dev.exs, and edit the username and password near the bottom of the file. (They will both be set to “postgres” by default.)

config :countdown, Countdown.Repo,
  adapter: Ecto.Adapters.Postgres,
  username: "auth0",
  password: "phoenixelixir",
  database: "countdown",

If you didn’t run it yet, let’s create the database now.

$ mix ecto.create
The database for Countdown.Repo has been created

Now comes the backbone of our application, the CRUD actions for the events. In order to achieve this, Phoenix supports us with four different generators:

mix phoenix.gen.html Gen HTML creates: model, view, controllers, repository, templates, tests

mix Gen Channel creates: channel and tests

mix phoenix.gen.json Gen JSON, for APIs really, creates: model, view, controllers, repository, tests

mix phoenix.gen.model Gen Model creates: model and repository

We use the first generator which creates all resources and actions for us, the same as rails generators. We need to declare the name as a collection, singular and plural, and next the field names with types.

$ mix phx.gen.html Events Event events title due:datetime

We’re pretty close to having a CRUD application ready to go!

* creating lib/countdown_web/controllers/event_controller.ex
* creating lib/countdown_web/templates/event/edit.html.eex
* injecting test/countdown/events/events_test.exs

Go and edit lib/countdown_web/router.ex and place resources "/events", EventController inside the CountdownWeb scope.

   scope "/", CountdownWeb do
     pipe_through :browser # Use the default browser stack

     get "/", PageController, :index
+    resources "/events", EventController

Now we can migrate our new model into the database.

$ mix ecto.migrate
Compiling 10 files (.ex)
Generated countdown app
[info] == Running Countdown.Repo.Migrations.CreateEvents.change/0 forward
[info] create table events
[info] == Migrated in 0.0s

Let’s run our server to make sure it’s still working.

$ mix phx.server

If it is still working, this time we can head to http://localhost:4000/events and see our new CRUD interfaces.

Phoenix CRUD List

Showing off our events

We could list all events on our homepage, but as we are going to have countdown clocks, it’s important we only list future events. For this, we’re going to need a way to fetch events in the future. Let’s give it a go…

Edit lib/countdown/events/events.ex which is the repository module for our events.

You’ll find the query structure familiar, especially if you’ve used any well-known database abstraction layers, like Doctrine or Django ORM, or even if you are experienced with SQL itself. We’re going to be selecting from Countdown.Events.Event where due is greater than or equal to the current UTC timestamp.

query = from e in Countdown.Events.Event,
        where: e.due >= ^DateTime.utc_now

The docblock shows you how to run the method in IEx (interactive Elixir) and the format of the response, usually an example [%Map{}, ...].


   def list_events do
+   @doc """
+   Returns the list of future events.
+   ## Examples
+       iex> list_future_events()
+       [%Event{}, ...]
+   """
+   def list_future_events do
+     query = from e in Countdown.Events.Event,
+       where: e.due >= ^DateTime.utc_now
+     Repo.all(query)
+   end


Next, we add this to the controller and display some items on the homepage. Let’s edit our homepage controller at lib/countdown_web/controllers/page_controller.ex

   use CountdownWeb, :controller
+  alias Countdown.Events
   def index(conn, _params) do
+    events = Events.list_future_events()
-    render conn, "index.html"
+    render conn, "index.html", events: events

Nowe we’ll edit our homepage template at lib/countdown_web/templates/page/index.html.eex and add a very simple list of items, we’ll come back and make turn this into our countdown clocks later.

   <div class="jumbotron">
     <h2><%= gettext "Welcome to %{name}!", name: "Phoenix" %></h2>
     <p class="lead">A productive web framework that<br />does not compromise speed and maintainability.</p>

+  <ul>
+  <%= for event <- @events do %>
+    <li><%= event.title %>, <%= event.due %></li>
+  <% end %>
+  </ul>

Note: I’ve added last Christmas so we can see our query works, only showing future events.

Phoenix adding Christmas

Now we can see our list is limited to only events in the future. Perfect!

Phoenix future events list

Adding our countdown clocks

We’re going to use FlipClock.js to create our countdown clocks. Edit the base app template lib/countdown_web/templates/layout/app.html.eex

    <link rel="stylesheet" href="<%= static_path(@conn, "/css/app.css") %>">
+   <link rel="stylesheet" href="" />
+   <script src=""></script>
+   <script src=""></script>

Now edit the homepage template lib/countdown_web/templates/page/index.html.eex and replace it with the contents below. It uses a very basic jQuery loop to apply FlipClock to each .countdownClock element. The Bootstrap jumbotron is perfect for the quick and easy layout we want here because of its clear heading and very basic markup.

<%= for event <- @events do %>
    <div class="jumbotron">
      <span class="h1">Days until <%= event.title %></span>
      <p class="text-center"><span class="countdownClock" data-due="<%= event.due %>"></span></p>
<% end %>
$(document).ready(function() {
    $('.countdownClock').each(function(i, el) {
      var today = new Date();
      var due = new Date($(el).data('due'));

      $(el).FlipClock((due/1000) - (today/1000), {
          clockFace: 'DailyCounter',
            countdown: true,
            showSeconds: false

Our last little styling tweaks are just to center the countdown clocks and replace the logo with something more appropriate :)

Edit assets/css/app.css and add the following. You’re going to need your own logo!

/* This file is for your main application css. */

.auth0-logo {
  width: 200px;
  height: 80px;
  display: inline-block;
  background-image: url(;
  background-repeat: no-repeat;
  background-size: 200px;

.jumbotron .flip-clock-wrapper {
  text-align: center;
  position: relative;
  width: auto;
  margin-top: 8em;
  display: inline-block;

Now edit lib/countdown_web/templates/layout/app.html.eex to use the new logo styling.

-       <span class="logo"></span>
+       <span class="auth0-logo"></span>

We should see something like this, our own app in which we can control what events we display!

Phoenix Countdown

Authentication with Auth0

Last of all, we’ll secure administration of events with Auth0’s Centralized Login Page. Providing us with Auth0’s JSON Web Token, we will be able to securely verify users inside the application.

Auth0 hosted login screen

Sign Up for Auth0

You’ll need an Auth0 account to manage authentication. You can sign up for a free account here. Next, set up an Auth0 Client and API so Auth0 can interface with your app and API.

Set Up a Client App

  1. Go to your Auth0 Dashboard and click the ”create a new client” button.
  2. Name your new app and select “Regular Web Applications”.
  3. In the Settings for your new Auth0 client app, add to the Allowed Callback URLs.
  4. Click the “Save Changes” button.
  5. If you’d like, you can set up some social connections. You can then enable them for your app in the Client options under the Connections tab. The example shown in the screenshot above utilizes username/password database, Facebook, Google, and Twitter.

Note: On the OAuth tab of Advanced Settings (at the bottom of the Settings section) you can see the JsonWebToken Signature Algorithm is set to RS256. This is now the default, read more about RS256 vs HS256 here.

Install the Ueberauth module

Edit mix.exs and add the Ueberauth module to your dependencies and application compilation order.


   def application do
       mod: {Countdown.Application, []},
-      extra_applications: [:logger, :runtime_tools]
+      extra_applications: [:ueberauth, :ueberauth_auth0, :logger, :runtime_tools]


   defp deps do
-      {:cowboy, "~> 1.0"}
+      {:cowboy, "~> 1.0"},
+      {:ueberauth, "~> 0.4"},
+      {:ueberauth_auth0, "~> 0.3"}


You can also use a GitHub repository as your package source to use the latest changes. Beware—it might have breaking and unstable code. For example:


   defp deps do
-      {:cowboy, "~> 1.0"}
+      {:cowboy, "~> 1.0"},
+      {:ueberauth_auth0, github: "sntran/ueberauth_auth0"}


Now that it’s configured we need to install our dependencies.

$ mix deps.get

Edit config/config.exs to configure Ueberauth.

import_config "#{Mix.env}.exs"

+# Configures Ueberauth
+config :ueberauth, Ueberauth,
+  providers: [
+    auth0: { Ueberauth.Strategy.Auth0, [] },
+  ]
+# Configures Ueberauth's Auth0 auth provider
+config :ueberauth, Ueberauth.Strategy.Auth0.OAuth,
+  domain: System.get_env("AUTH0_DOMAIN"),
+  client_id: System.get_env("AUTH0_CLIENT_ID"),
+  client_secret: System.get_env("AUTH0_CLIENT_SECRET")

Configured like this, we can now control our config through environment variables. For more information on how to define these check out this guide on bash environment variables.

Later, we’ll be looking at starting our application with environment variables included. You can choose to set them up however you wish, but they’re required at compile time to make our authentication work.

An example of how to launch the application with environment variables:

$ AUTH0_DOMAIN=<Your domain> \
  AUTH0_CLIENT_ID=<Your client ID> \
  AUTH0_CLIENT_SECRET=<Your client secret> \
  mix phx.server

Setup authentication

First, we’ll create a new model for reading user info. Open a new file at lib/countdown_web/models/user_from_auth.ex. This model, courtesy of Thomas Peitz, will give us easy access to details obtained back from authentication payload. It also supports multiple formats of profile information. For example, providers like GitHub and Facebook give a profile image url, slightly different.

defmodule UserFromAuth do
  @moduledoc """
  Retrieve the user information from an auth request
  require Logger
  require Poison

  alias Ueberauth.Auth

  def find_or_create(%Auth{provider: :identity} = auth) do
    case validate_pass(auth.credentials) do
      :ok ->
        {:ok, basic_info(auth)}
      {:error, reason} -> {:error, reason}

  def find_or_create(%Auth{} = auth) do
    {:ok, basic_info(auth)}

  # github does it this way
  defp avatar_from_auth( %{info: %{urls: %{avatar_url: image}} }), do: image

  # facebook does it this way
  defp avatar_from_auth( %{info: %{image: image} }), do: image

  # default case if nothing matches
  defp avatar_from_auth( auth ) do
    Logger.warn auth.provider <> " needs to find an avatar URL!"

  defp basic_info(auth) do
    %{id: auth.uid, name: name_from_auth(auth), avatar: avatar_from_auth(auth)}

  defp name_from_auth(auth) do
    if do
      name = [,]
      |> Enum.filter(&(&1 != nil and &1 != ""))

      cond do
        length(name) == 0 ->
        true -> Enum.join(name, " ")

  defp validate_pass(%{other: %{password: ""}}) do
    {:error, "Password required"}
  defp validate_pass(%{other: %{password: pw, password_confirmation: pw}}) do
  defp validate_pass(%{other: %{password: _}}) do
    {:error, "Passwords do not match"}
  defp validate_pass(_), do: {:error, "Password Required"}

Next, create a new controller. Call it AuthController and create it at lib/countdown_web/controllers/auth_controller.ex. This controller has a few responsibilities:

  • Callback Handles the success or failure of our auth request. On success, stores the user in a session.
  • Logout Drops the session.
  • Helpers Providers a basepath for our Ueberauth strategy helpers, meaning /auth/auth0 will now allow us to authenticate with the Auth0 provider we setup.
defmodule CountdownWeb.AuthController do
  use CountdownWeb, :controller
  alias CountdownWeb.Router.Helpers

  plug Ueberauth

  alias Ueberauth.Strategy.Helpers

  def logout(conn, _params) do
    |> put_flash(:info, "You have been logged out!")
    |> configure_session(drop: true)
    |> redirect(to: "/")

  def callback(%{assigns: %{ueberauth_failure: _fails}} = conn, _params) do
    |> put_flash(:error, "Failed to authenticate.")
    |> redirect(to: "/")

  def callback(%{assigns: %{ueberauth_auth: auth}} = conn, _params) do
    case UserFromAuth.find_or_create(auth) do
      {:ok, user} ->
        |> put_flash(:info, "Successfully authenticated as " <> <> ".")
        |> put_session(:current_user, user)
        |> redirect(to: "/")
      {:error, reason} ->
        |> put_flash(:error, reason)
        |> redirect(to: "/")

Now we need to add endpoints for the controller to the router. Edit lib/countdown_web/router.ex to configure these routes.

 defmodule CountdownWeb.Router do
   use CountdownWeb, :router
+  require Ueberauth


+  scope "/auth", CountdownWeb do
+    pipe_through :browser
+    get "/:provider", AuthController, :request
+    get "/:provider/callback", AuthController, :callback
+    post "/:provider/callback", AuthController, :callback
+  end


   scope "/", CountdownWeb do
      pipe_through :browser # Use the default browser stack
      get "/", PageController, :index
+     get "/logout", AuthController, :logout


Secure our application

To secure our events controller, edit lib/countdown_web/controllers/event_controller.ex and add a Plug which will be called by the controller prior to every endpoint. This will now check our current session for a verified user.

   alias Countdown.Events.Event
+  plug :secure
+  defp secure(conn, _params) do
+    user = get_session(conn, :current_user)
+    case user do
+     nil ->
+         conn |> redirect(to: "/auth/auth0") |> halt
+     _ ->
+       conn
+       |> assign(:current_user, user)
+    end
+  end

   def index(conn, _params) do

Now our /events endpoints are secured, we just need a helpful menu to navigate the site.

Nearly there!

Lets edit our PageController found at lib/countdown_web/controllers/page_controller.ex to add our current_user property, allowing us to access it elsewhere.

   def index(conn, _params) do
     events = Events.list_future_events()
-    render conn, "index.html", events: events
+    render conn, "index.html", events: events, current_user: get_session(conn, :current_user)

The base app template needs to be edited lib/countdown_web/templates/layout/app.html.eex, it is going to check for our current user. If we don’t have one, we’ll show a link to login.

   <ul class="nav nav-pills pull-right">
-    <li><a href="">Get Started</a></li>
+    <%= if @current_user do %>
+    <li><a href="/">Home</a></li>
+    <li><a href="/events">Events</a></li>
+    <li class="active"><a href="/logout">Logout</a></li>
+    <% else %>
+    <li><a href="/">Home</a></li>
+    <li><a href="/auth/auth0">Login</a></li>
+    <% end %>

Start our application, remembering our environment variables.

$ AUTH0_DOMAIN=<Your domain> \
  AUTH0_CLIENT_ID=<Your client ID> \
  AUTH0_CLIENT_SECRET=<Your client secret> \
  mix phx.server

Log in, have a play and it should look something like this!

Phoenix Countdown End


A big thanks to Thomas Peitz for his help and suggestions.


We’ve learned how to build a basic CRUD application in Elixir. It utilizes the Phoenix framework, allowing us to create applications in a straightforward way using the simple command line interface. We’ve also learned how to write some basic security using Auth0 inside Elixir.

To learn more about the Phoenix Framework, check out

To learn more about Elixir, check out

I went into this project with no prior knowledge of Elixir or Phoenix. The result is, I believe I can probably deliver a robust application that is production ready and deployable faster using Phoenix than I could in some other languages. It has been an amazing and eye-opening experience and I’m looking forward to getting the opportunity to pick up more languages and doing something cool with them.

The final code can be found at the auth0-elixir-countdown GitHub repo.