• 2 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Auth

#1
Currently the biggest hurdle I find with CI is having to install and configure a auth library every time.

I usually use ion_auth - what are the pro's and con's of having an auth tool 'baked in' to CI?

Thanks.

#2
The cons of a built in Auth are that many will not like it, and still use something else. For instance, I really don't like ion Auth, and if that became the default I would be disappointed to say the least. At most CI should provide an interface and very generic functionality, which kind of defeats the purpose of having built in Auth.

#3
The biggest con skunkbad already mentioned, but there is also maintainability to consider.

When it comes to Auth, I think that sites vary a lot in how they need to handle Authorization. However, I think if it took the route of only dealing with Authentication a very simple and secure solution could be bundled. For many sites, though, it would only be 1/2 way there, but getting security right is always the hard part and this could be a big part of keeping your site secure.

I recently spent over a week putting together a library like that (including a couple of long days). The hard part isn't the coding, it's reading up on all of the security and best practices related to it. It's kind of a pain to create one that's secure. Smile Mine still needs a bit more testing but should be about done. I'm hoping so, anyway, because I'm tired of working on it. Smile
Support Development  • Practical CodeIgniter 3  • Vulcan - CLI Tools for CI4

#4
Maybe I just need to accept the fact that configuring auth takes a lot of time per project.

#5
I use an old Auth that was written by Adam Griffins not sure spelling last name, but I have modified it to work with the newer CI, once you find one you like you can just drop it in and go!

Auth to me should not be a part of the CI Core, There are just to many different types to consider like social media Auth etc;
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )

#6
I agree with InsiteFX.

And auth system to me is like a modularity system. It should be left up to the developer using the framework to decide on.

And remember this is a framework, it is not meant to do everything for you. If you want that, pick yourself up and start using a full fledged CMS.

#7
(10-30-2014, 07:51 AM)Hobbes Wrote: And remember this is a framework, it is not meant to do everything for you. If you want that, pick yourself up and start using a full fledged CMS.

Exactly, it's a framework, not a CMS. Please don't make CI bloated and unmaintainable like Joomla ! Tongue

#8
(10-30-2014, 07:34 AM)InsiteFX Wrote: Auth to me should not be a part of the CI Core, There are just to many different types to consider like social media Auth etc;

Totally agree.

#9
I agree with auth not being baked into CI. What you may consider to be an acceptable solution, I may not. I actually rolled my own solution which has more features than ion auth and tank auth combined.

#10
I use Ion Auth, but only parts of it. Eventually I may do my own, but for now, Ion Auth works pretty well.

I don't believe Codeigniter needs an authentication module. There are plenty around, and it's quite easy to do your own (The advantage of doing your own is that you get something that fits perfectly with what you are trying to achieve, plus you get to learn more about Codeigniter and how to extend it yourself).


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Users browsing this thread:
1 Guest(s)


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2018 MyBB Group.