I’m working on a self-hosted, multi-tenant Identity Provider (IdP) that supports both OAuth 2.0/OpenID Connect and SAML 2.0, all while being infrastructure-as-code friendly. Enter Authify: an open-source identity provider that’s been my most ambitious Elixir project to date.
Why Elixir?
I’ve been experimenting with Elixir for a few years now, mostly through Advent of Code challenges and small exercises on Exercism. While those were fun and educational, Authify represents something entirely different: a production-ready, complex system with real-world concerns like multi-tenancy, protocol implementations, and comprehensive test coverage.
This is my first serious foray into building a complete Phoenix application from scratch, and honestly, it’s been a blast. The pattern matching, the pipe operator, the way Phoenix handles requests—everything just feels right for this kind of system. Plus, the BEAM’s concurrency model is perfect for handling multiple organizations with isolated resources.
Building with Claude Code
Here’s where things get interesting. Much of Authify has been built through pair programming sessions with Claude Code, which mirrors my workflow at my day job. If you haven’t tried Claude Code yet, it’s a command-line tool that lets you delegate coding tasks to Claude directly from your terminal. Think of it as having an incredibly knowledgeable, but junior, pair programming partner who never gets tired (though it does occasionally try to mark tasks as finished when they aren’t yet done).
What I’ve found most valuable about this approach is that it fundamentally changes how I work. Instead of spending hours writing boilerplate or debugging obscure issues, I spend my time doing code reviews, architecting solutions, and making high-level decisions. Claude Code handles the implementation details while I focus on the “what” and “why” rather than always wrestling with the “how.”
The workflow looks something like this:
- I describe what I want to build or what problem I’m trying to solve
- I encourage Claude to write tests that capture the intended outcomes
- Claude writes the implementation, ensuring tests and style checks pass, there are no warnings, and the project compiles
- I review the code, suggest improvements, and ensure it matches my vision
- We iterate until it’s right
This TDD-focused approach has been incredible for maintaining quality while moving fast. Authify has comprehensive test coverage because writing tests is just part of the natural flow, not an afterthought. When you’re reviewing code rather than writing every line yourself, you catch more issues and have more mental energy for ensuring the tests are thorough.
What Makes Authify Different
Authify is designed to be the identity provider I’d want to use and develop for. I’m hoping that it’s what you’d want too. Every aspect of it can be managed through its comprehensive, well-documented REST API, complete with OpenAPI 3.1.1 specifications that are deployment-specific. This means you can generate client libraries in any language, experiment directly with the API in your browser, and manage your entire identity infrastructure through Terraform or similar tools, at least in principle.
The multi-tenant architecture is organization-scoped from the ground up. Each organization gets complete isolation: their own users, applications, domains, SMTP configuration, and rate limits. You can run a single Authify instance for multiple clients or projects without any data leakage concerns.
I’m really excited about the dual-protocol support. There’s no need to choose between OAuth 2.0/OIDC and SAML 2.0 since Authify supports both simultaneously. Need to authenticate your modern React app with OIDC while also providing SAML SSO for an enterprise customer’s legacy system? No problem.
I’m really happy to be building an open-source project that can be used for companies of any size. My goal is to make it easy to deploy, powerful, but still intuitive.
The Technical Journey
Building Authify has taught me more about Elixir than I could have learned from a dozen tutorials. Implementing OAuth 2.0 flows, SAML assertions, multi-tenant data isolation, and encrypted credentials storage forces you to really understand the language and the framework.
Phoenix has been fantastic for this. The context boundaries make it easy to organize complex functionality, and Ecto’s query composition feels natural once you get the hang of it. LiveView (which I’m using for the admin dashboard) continues to impress me with how much you can accomplish with basically zero JavaScript. Turbo and Rails still have a ways to go to catch up!
One of my favorite parts of the project is the per-organization configuration, including encrypted credentials for things like SMTP settings. Each organization can use their own email provider for invitations, password resets, and verification emails. This seems like a small detail, but it’s the kind of thing that makes a real difference when you’re trying to provide a professional, white-label experience.
What’s Next
Authify is very much a work in progress, but it’s already functional and deployable. The core protocols work, the management API is comprehensive, and the multi-tenant architecture is solid. I’ve also setup automation for things like GitHub releases and Docker image builds, making it easy to try out new features.
If you’re interested in self-hosted identity management, or if you’re curious about building complex Elixir applications, I’d encourage you to check out the GitHub repository. The README and wiki have detailed setup instructions, cover the full architecture, operations, and security considerations.
I’m particularly interested in feedback from folks who have experience with identity providers or multi-tenant systems. What features would make Authify more useful? What concerns do you have about the current architecture? The best way to reach me is through GitHub issues or discussions on the repo.
Building Authify has been an incredible learning experience, and I’m excited to see where it goes from here. If nothing else, it’s proof that you can build sophisticated systems in Elixir without years of Elixir experience; you just need good architecture, comprehensive tests, and maybe an AI pair programmer to help get things done faster!
Leave a Reply