Authentication |
I'm using DX AUTH since 2011 etc, ci 3.x 2.x 4.x.
A very successful example.
IMHO CodeIgniter really needs a native authentication library, this is not an add-in, it's a very essential part of any modern framework. Even if you don't want to create any implementation, you should provide us a better way to write our own authentication libraries, a class for create and handle tokens would be a nice entry point...
(01-20-2017, 08:46 AM)andersonsalas Wrote: IMHO CodeIgniter really needs a native authentication library, this is not an add-in, it's a very essential part of any modern framework. Even if you don't want to create any implementation, you should provide us a better way to write our own authentication libraries, a class for create and handle tokens would be a nice entry point... YHO is based on lack of knowledge.
(01-20-2017, 08:52 AM)Narf Wrote:(01-20-2017, 08:46 AM)andersonsalas Wrote: IMHO CodeIgniter really needs a native authentication library, this is not an add-in, it's a very essential part of any modern framework. Even if you don't want to create any implementation, you should provide us a better way to write our own authentication libraries, a class for create and handle tokens would be a nice entry point... Well, I don't think it's "lack of knowledge". This is a very rude and hostile response for anyone trying to bring ideas to the community. Peace.
If suggesting about authentication is considered a lack of knowledge, better suggest it to Laravel contributors. It would be interesting to know their reactions.
Long live CodeIgniter!
(01-24-2017, 04:52 AM)prezire Wrote: If suggesting about authentication is considered a lack of knowledge, better suggest it to Laravel contributors. It would be interesting to know their reactions. 1. I don't care about Laravel. 2. You said this: (01-17-2017, 06:37 AM)prezire Wrote: Like I mentioned --many third party projects are prone for abandonment. Authentication isn't difficult to implement, but tedious. Most developers use different libraries. Because of this, collaboration is a pain, which causes a lot of missed deadlines. It's very obvious that it's badly needed. The demand is there. Ignoring this would be very bad. I am 100% certain that you don't have half the knowledge necessary to build a secure authentication/authorization library. Yet you claim it isn't difficult. The fact that you can easily build something that works doesn't meant that it is secure. You and @andersonsalas are talking about demand, ignoring every other argument presented so far, like that's the end of it all. It's not, and as long as you claim otherwise - you're actively demonstrating that you do lack knowledge.
The whole authentication problems to be solved:
* Database with tables for users, user roles (optionally), permissions (based on roles or hard-coded). The first difficulty is the structure that fits to all needs. * The second difficulty: Some people prefer to use models based on CI_Model to access the database. Other like me use another base model. Other people even might like to use Doctrine for example. So, seemingly here abstract models with "drivers" or "adapters" are needed. This is difficult. The other way is a second database connection for the authentication solution only, but this is ... ugly (a debatable opinion). * The third difficulty: You need whole pages with login form, password recovery form, etc., that means visual design. Some guys prefer PHP for the views, other like me use template engines. Which would it be? And the visual design should be based on Bootstrap, Semantic or what? Email-communication? - visual templates again, language lines, work. * 4. External authentication through Facebook, Google, etc. you might want? Again, abstractions, adapters, support during the time, who would do this. * 5. And some exotic features? I want a CLI script to log in using its system account too. CLI means there is no PHP session. Would there be consensus about such things? Unlikely. --------- What can be done. Yesterday I saw yet another naive implementation of password generation. I lead me to the thought, maybe, it would be good the framework to provide only some low-level features done right instead of a whole implementation. And things like this one https://codeigniter.com/user_guide/helpe...dom_string could be re-factored in order preventing wrong usage.
@Narf You assume too much. Don't be so certain about your 100%. I didn't graduate with honors and formally became a senior developer/engineer two years after working, just so you can arrogantly say I don't have half the knowledge to implement Authentication and Authorization flows. And as I said implement (to use), and not create (from scratch). Get the difference? You consistently assume too much.
Going back to the request, it's about creating bare bones Auth structures that CI4 can call its own. As I mentioned, not all of a project's members are using the same Auth libraries. That alone could lead to more wasted time in creating and reading different library documentations and all else shouting while discussing when using the CI framework.
Long live CodeIgniter!
(01-24-2017, 06:44 PM)prezire Wrote: @Narf You assume too much. Don't be so certain about your 100%. I didn't graduate with honors and formally became a senior developer/engineer two years after working, just so you can arrogantly say I don't have half the knowledge to implement Authentication and Authorization flows. And as I said implement (to use), and not create (from scratch). Get the difference? You consistently assume too much. I didn't go to college for anything computer related, but am self taught, and have 11 years of PHP experience. About ten years ago I attempted to make my first authentication related code; at the time just procedural code. It was in 2009 that I started using CodeIgniter, and almost immediately created the Community Auth project. The whole reason it was named "Community" was because I thought people here would be interested in helping, and that together we could create an authentication that CI lacked. Turns out that nobody wanted to help, and with the exception of like 1 pull request ever, I had to work on the whole project by myself. You could say that it sucks, and that's why nobody ever wanted to help, and you might be right. I don't know, because I don't get a lot of feedback. What I do know is that everyone wants to do it their way, and the same can be said for all kinds of stuff that's already built into CodeIgniter. Seriously, how may redundant crappy libraries have been introduced for stuff that can already be done. Right now there are a handful of auth libraries for CI3, and if any one was picked, or if CI came out with something official for CI4, lots of people are going to hate it, and bitch about it. Not only that, but because auth seems to always use sessions, there would be countless new posts in the forum on "auth doesn't work", "auth won't stay logged in", "auth issue X". Ask me how I know. So, the Laravel experience has been noted, and I've used it, and I made it work, but I still wanted my own auth. Honestly, it's way too friggin complicated to extend, and if I was going to do all that work, then why not just make my own? I guess an absolute beginner could benefit from built in auth, but a lot of people that use CI have no business even using a framework. They don't even know PHP. Do we really make auth just for these people? Don't seem like a good idea. |
Welcome Guest, Not a member yet? Register Sign In |