Best Auth library?

[eluser]RS71[/eluser]
I've been looking through the forums and there seem to be many Auth solutions. Could somebody please give me their opinion on which one is the best?

Thanks in advance.
RS71

[eluser]JimmyPHP[/eluser]
I too am searching for a simple, flexible auth library. So far I have looked at FAL and Redux. Both seem dated or stalled in development and do not work with CI 1.7

[eluser]ray73864[/eluser]
it all depends on what your needs are, each auth library provides you with different things.

when you look in the 'IgnitedRecord' forum, there are auth libraries like: MeNeedz Auth, Fresh Auth, and the list goes on, those first 2 are new and were built for CI 1.7

[eluser]RS71[/eluser]
I've been looking through some of the options and most of the them look to be not so well coded and seem a bit lacking features wise. Hrmm.

[eluser]Jelmer[/eluser]

I’ve been looking through some of the options and most of the them look to be not so well coded and seem a bit lacking features wise. Hrmm.

That's actually a combination you're not very likely to find: for me most libraries which are very well coded and with a lot of features don't really do it the way I want them to. And also take approaches that would require me to rewrite lots of their code in order to work with my application(s).

I've used CL_Auth for a time and switched to FreakAuth_light because I preferred to set the required user level at the top of each controller as oposed to creating a database entry for every controller/usergroup combination. In the end though, I needed more flexibility and there was no way around having to write one myself.

So I took SimpleSecureLogin as a starting point yesterday, not much is left by now but for the most trivial stuff. By now I've added user groups, 2 additional levels of encryption and changed much of the way the logged-in check works and the login itself works.

This is the approach I'd recommend, because if you want your auth library to intergrate well with your application you'll either have to write it yourself or change about half the code of someone elses. The SimpleLogin library seems to be the only attempt at making something of general use without too much interpretation to make adapting it completely to your own application a lot of work.

And writing your own stuff has the additional upside of knowing every line of code very well, which makes changing something a lot easier. Which is an upside for something as important to most applications as an auth library.

[eluser]jwright[/eluser]
FreakAuth (FAL) seems to give you the basics and so far I don't have any complaints. It seems to work fine for me on CI 1.7

[eluser]RS71[/eluser]
why not just put everyone's efforts into making one single excellent solution?

[eluser]Jelmer[/eluser]
It might be worth a try, though I think most people will have wildly different views on what should & shouldn't be included in such a library. In my view such a library should only have what is really needed and nothing more, because that's the part the developer should do him/herself.

So what should be in such a general user library:
- simple user creation function
- secure password saving
- secure login check
- secure autologin
- very simple user groups

So no views, no lost password, no profile fields, etc. Because anything more than this becomes interpretation and makes it usable only to people with the same philosophy when it comes to user management. It should be a safe & secure foundation to built your own application on, not a fully featured system. A bit like all the CodeIgniter libraries: not plug-and-play but plug-and-develop-yourself :-)

[eluser]Bramme[/eluser]
The best one? The one you made yourself. I wrote a tutorial about it a while back (just google codeigniter auth tutorial, it'll pop up). I'm planning on writing a better, bigger one with user groups, password hashing etc in the near future.

[eluser]RS71[/eluser]
The Auth itself and its security features are much more of a priority to me than the User Management that might accompany it. I believe we should work on a good Auth and build an optional somewhat basic modular User Management.