• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
IDEA: Centralized userId

#1
Hi all- I’ve been working on a number of Addins, and I try to keep them “configuration lite”, but a frequent need is to know the current logged in user. See for example my Visits library, which doesn’t no Auth of its own but would like to record any logged in users with the traffic record. Currently I handle this by checking $_SESSION[‘user_id’], and supplying a config file so folks can provide their Kennedy location. But working on anew library with the same issue has me wondering:would it be useful to have CI store the userid after login, accessible as a core service or config?
Reply

#2
Store where?

CI has always been pretty adamant about not having an authentication lib because they don't want to be that opinionated. It's pretty simple to store the user_id in the session, redis, database, or wherever you want. If you're looking for an overall authentication library that handles the current user state, I'd take a look at https://community-auth.com/ (Note, i've never used it but i know a lot of people have)
Codeigniter is simply one of the tools you need to learn to be a successful developer. Always add more tools to your coding arsenal!
Reply

#3
I'm precisely *not* looking for an authentication library, as well as agreeing that CI shouldn't include one, but rather recommending CI have a standardized means for accessing a user ID or unique identifier that authentication libraries could set and other libraries and code could rely on. The problem as a library developer is that if I don't bundle some authentication within my library (which is a terrible solution) then I can't reliably know if a user is logged in or how to identify that user, because every authentication library out there may have their own way & place to store it. Typically it probably shouldn't be CI's job to 'curate' this kind of info, but "current user" is such a core concept I think it may have a spot.
Store where... Probably as a config value that is set on=the-fly and optionally accessed through a service? just a guess.
Reply

#4
(04-05-2019, 12:33 PM)MGatner Wrote: I'm precisely *not* looking for an authentication library, as well as agreeing that CI shouldn't include one, but rather recommending CI have a standardized means for accessing a user ID or unique identifier that authentication libraries could set and other libraries and code could rely on. The problem as a library developer is that if I don't bundle some authentication within my library (which is a terrible solution) then I can't reliably know if a user is logged in or how to identify that user, because every authentication library out there may have their own way & place to store it. Typically it probably shouldn't be CI's job to 'curate' this kind of info, but "current user" is such a core concept I think it may have a spot.
Store where... Probably as a config value that is set on=the-fly and optionally accessed through a service? just a guess.

It seems to me that your library would depend on access to an instance of whatever authentication class the developer is using. Instances would be passed to your constructors or defined by a setter method in your library. Then you need "callables" to the appropriate methods that would return the item you need - be it logged in status or a user id. I see these as config items - essentially strings that are the names of the appropriate method in the class you're depending on. e.g.
PHP Code:
public $isAuthenticated  'isLoggedIn';
public 
$UID 'getUserID'

This seems to satisfy your need and not require a framework-wide property of debatable value.

Obviously, the third-party authentication library must have - or be extendable enough to allow adding - methods that return values you can use.
Reply

#5
I believe you are making my point for me. While that solution definitely works, it still requires either a) every authentication library to implement the same method/property/export/etc, or b) my library to guess or be configurable to know how to get that info from the selected authentication solution. For CodeIgniter to have a central, standardized location to get/set this still puts none of the burden on the framework for determining the info, but provides a consistent and reliable way for developers to pass the info between each other in the absence of external standards.
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Users browsing this thread:
1 Guest(s)


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.