[eluser]kirkryyn[/eluser]
[quote author="n0xie" date="1250870816"]I too think it's a lost cause to try and make a generic standard Auth Library.[/quote]
While I think I would probably agree with this for the most part, I think the spirit of the discussion is here:
[quote author="8e8" date="1250964250"]I myself am looking for a generic auth system to build upon, and this looks like it will do the trick. The trouble is, I’m a complete noob with frameworks, I just started learning CI. I was wondering if someone could provide an example that shows how to use these functions (ie. create).[/quote]
I am very new to CI as well. However, the very first need I have is to account for some sort of auth... and there is nothing in the core to help me out here. Sure, there are some libraries that may or may not work, but which are any good? Which are well thought out? Which are actually
secure?
Will I end up rolling my own code to handle the actual intricacies of my own application domain? Most likely. However, the framework could have some things in place that would indicate where I should put the authentication logic. As it stands now, that doesn't exist and I'm left to trying to find out "how other people done it" by way of scouring forums and wiki docs.
I would not consider myself a novice at using or designing frameworks, but it still took me awhile to formulate exactly what I needed to do to bolt an auth system in place. I can only imagine what someone else with less experience would have to go through to try and get something solid up and running.
Having a core auth implementation (or at least a nice well documented standardized approach to implementing auth) would at least give us poor souls who are knew to CI a good place to start. Authentication and authorization can be pretty touchy topics, and a bear to mess with, but there should be some good canonical documentation for some best practices on how to handle them with CI out there somewhere. I couldn't find any and ended up here.
The thing I like about the work that Thody, Jedd and Dustin are doing is that it is pretty generic and abstract and allows for you to either use an existing adapter and get started quickly or you can build your special in-house secret sauce in your very own adapter. Either way, the interface and how the auth system will (or should be) used is already in place.
One big thing that is missing, though, is telling us how this library is supposed to be
used. Unfortunately I feel as though that might expose some additional areas that should probably be addressed by this library (or at least the docs).
I may end up posting more things elsewhere on this topic. In particular, I have been trying to play with the idea of writing some post_controller_constructor hooks to handle authentication generically without having to extend Controller. I think it could use something like Thody's User Auth library pretty easily.
