Is it worth rolling your own authentication?

I prefer to create my own authentication, but it adds an extra day or two to my work load (tests take the most time). Although this time keeps shrinking with every new app I start.

I don’t like the feeling of installing a gem and then suddenly things work, give or take some tweaks. That said, I can appreciate the convenience using something like Devise brings.

Just wondering what seasoned Rails developers prefer. Do you still roll your own or do you use gems like Devise? What’s your criteria?

If you have your own favourite technique then why not turn it into a
gem and then you would have the best of both worlds. Authentication
just the way you want it but with the advantage of just installing the
gem and using it.


Unless you have some very specific issues that are not addressed by
the likes of devise then to be honest I would say you are wasting your
time writing your own. As an exercise I can understand, I've done it
myself. But the problem is that you start with just a simple sign on
system, then you need to add twitter or facebook sign on but your ego
will be too big to allow you to throw away all this hard work you have
put into the masterpiece of your loins so you add that feature, and
the next and the next and the next... Finally you will have an

Also having experience of things like devise will look good on your
CV, having written your own will only receive the response of "why did
you do that when there are several perfectly good tried and tested
gems that will do it for you?"

Just out of curiosity have you also written your own

*) xml parser?
*) json parser?
*) database drivers?
*) orm?
*) templating system?
*) web framework?
*) date and time class?

I mean how can you trust those gems that suddenly work just by
installing them :slight_smile:

Good point Peter!

@Colin, not a bad idea, although I don’t think I’m at the “write your own gem” level yet. Probably in a month or two.

@Peter, good point, although I don’t think it’s so bad to write your own basic authentication then add something like OmniAuth if you require other authentication methods.

Writing your own is a good thing to do, you get to learn about the
sort of issues that have to be tackled and it is a real world problem
that will be more satisfying than solving "towers of hanoi" and the
like. The problem is recognising when to stop, each additional feature
will probably be quite small and not look like a lot of work but over
time they all pile up and the rest of the site starts to become
entangled with the code which make replacing it very hard.

It's something I've seen quite a lot so I try to avoid reinventing any
wheel if I can help it. The pain I have had at work because of some
code that has too much ego invested in it is virtually endless. I try
to write the least code possible to do a job so that I can throw it
away easily.

Besides unless you are specifically writing an authentication and
authorisation system then the time you spend on it is time not spent
developing something that does not exist as a gem.

For the record I have written my own tagging system because the gems
that were available when I developed my site four years ago did not
have the features that I wanted. So there are times when you have to.