I have decided that authentication plugins for Ruby on Rails suck

My first thought when it came to implementing the authentication for my current application was to check out plugins and generators others are using to make adding this a simple five minute process. I had read about some issues with one of the first such plugins like this from when Rails was first made available, but I figured by this time they had matured a bit. I checked out a few, the primary contenders being the acts_as_authenticated plugin and the LoginEngine. LoginEngine had a nice video demonstration showing how easy it was to integrate with your site. I was going to need role-based security and part of what won me over was that LoginEngine had a sister engine for dealing with just that.

After an entire day of playing around with LoginEngine and not getting anywhere close to the results I wanted, I decided to scrap using it and any other ready-made authentication system and just write my own. I ended up wasting more time failing to adjust LoginEngine to my needs than just writing it from scratch based on information in the Agile Development with Rails book and the upcoming Rails Recipies.

But hold on, these things are great. Lots of people are using them.

Lots of people may be using them, but they are not great in all situations. I can only see them saving time in applcations where they would work out-of-the-box without modification. I do have some custom requirements which are not built into any of these plug-and-play systems.

Here’s what’s wrong

  • If you’re learning Rails, using an authentication system will not teach you anything.
  • In a lot of cases, you’re not saving much time.
  • If you need to change much with what’s there, it will take you longer than if you had written it yourself in the first place. I’m sure if you had a lot of knowledge about them, this would not be as big an issue, though.
  • David Heinemeir Hanson is vocal about his cautious view on Engines and other high-level components.
  • Just the other day, the release of Rails v1.1.1 broke LoginEngine. Look through the comments. The Engine people fixed it quickly, but it broke.

This sums it up

David Heinemeir Hanson summed up how I feel about these things from my short-lived experience with them.

The short summary is that high-level components are a mirage: By the time they become interesting, their fitting will require more work than creating something from scratch.

Commenting has expired for this post.