padrino-admin has a pretty good start on this. I think it be good if we can extract that out into its own(like merb-auth) so users can swap the authentication in an out. Maybe we could have it be like Devise for Padrino/Sinatra ?
sounds great. I think this would be awesome. I'll see if I can extract something similar to devise thats based on warden.
Really excited about this idea. I would love a Devise type solution (but in the sinatra style). padrino-warden is a good start but I could see something warden based but being modular and potentially more full featured.
That would be cool!
Most excellent and definitely needed. Being new to Padrino that was one of the first items I was looking for.
Warden integration by default would be best.
I don't really need an authentication solution but imho the admin app would become more useful if you could create it without any auth stuff included.
Mmm this is pretty difficult because auth stuff is managed by:
1) account.rb # that fits each orm
2) sessions.rb # that handle Account.authenticate
So if you want to replace builtin auth the only thing to do in (99% of cases) is change only:
Shouldn't we take #384 into account, or has this gaping insecurity been addressed?
What's about using the padrino-warden and porting the devise for rails to padrino?
This should be similar or built on-top of padrino-warden. In my app I would like to specify the User model, login/logout paths, and authentication param names.
How about this?
👍 Similar: #132 #428. @lenzcom sinatra-authentication looks nice but it mixes authentication with authorisation and those should preferably be separated.
What about if next version will come with a simple http basic auth and a couple of api to unplug it and add devise or sinatra-auth ?
http basic auth
I would support sinatra-warden. sinatra-authentication does not use warden, so I don't trust it too much. Didn't Devise go Rails only?
@DAddYE what you're proposing makes sense since it would simplify the offering and allow for better reusability. Even more, with a clear interface adding new solutions or integrating existing ones would be way easier. If it gains too much relevance we could even add them as part of the generator or put them on the plugins.
@postmodern yes, Devise is tied with Rails. Why not choosing padrino-warden instead (it's already based on sinatra-warden) and help making it better if it needs to?
I think an authentication API like @DAddYE said would make sense. That way people can plug & play whatever authentication library they want. Essentially it would just be hooks that other auth libraries could use?
The API sounds great, but using padrino admin auth too. I', thinking a way where they both can live together. The new awesome API can use by default the padrino admin auth, I think that means moving the admin auth templates outside the admin app, what do you think?
@dariocravero Oops, turns out one of my padrino projects is already using padrino-warden with dm-is-authenticatable.
I've used padrino-warden without issue several times and it works really well as a basic solution. Seems like that + dm-is-authenticatable is a great combination.
padrino-warden is what I used and what inspired me to open this issue. The difference is that instead of using the gem I duplicated the code into my app so I can make more in-depth changes. This gives me control over the paths, parameters expected, and models that are associated with authentication.
What I end up doing too is breaking out the authentication into its own 'subapp' with my other apps referencing that when authentication is needed. This felt like a nice way to make it a more 'drop-in' authentication solution that padrino can generate for you.
@dariocravero: yes, you're right. that must be a flexible aspect of such a system..
@ujifgc I know you put some effort behind this here https://github.com/ujifgc/padrino-auth just wanted record for later review in this issue. I don't think we should release a 1.0 without completing a reasonable authentication solution and this looks like a good start.