Is it worth rolling your own authentication?

I prefer to create my own authentication, but it adds an extra day or two to my work load (tests take the most time). Although this time keeps shrinking with every new app I start.

I don’t like the feeling of installing a gem and then suddenly things work, give or take some tweaks. That said, I can appreciate the convenience using something like Devise brings.

Just wondering what seasoned Rails developers prefer. Do you still roll your own or do you use gems like Devise? What’s your criteria?

If you have your own favourite technique then why not turn it into a gem and then you would have the best of both worlds. Authentication just the way you want it but with the advantage of just installing the gem and using it.


Unless you have some very specific issues that are not addressed by the likes of devise then to be honest I would say you are wasting your time writing your own. As an exercise I can understand, I've done it myself. But the problem is that you start with just a simple sign on system, then you need to add twitter or facebook sign on but your ego will be too big to allow you to throw away all this hard work you have put into the masterpiece of your loins so you add that feature, and the next and the next and the next... Finally you will have an abomination.

Also having experience of things like devise will look good on your CV, having written your own will only receive the response of "why did you do that when there are several perfectly good tried and tested gems that will do it for you?"

Just out of curiosity have you also written your own

*) xml parser? *) json parser? *) database drivers? *) orm? *) templating system? *) web framework? *) date and time class?

I mean how can you trust those gems that suddenly work just by installing them :slight_smile:

Good point Peter!

@Colin, not a bad idea, although I don’t think I’m at the “write your own gem” level yet. Probably in a month or two.

@Peter, good point, although I don’t think it’s so bad to write your own basic authentication then add something like OmniAuth if you require other authentication methods.

Writing your own is a good thing to do, you get to learn about the sort of issues that have to be tackled and it is a real world problem that will be more satisfying than solving "towers of hanoi" and the like. The problem is recognising when to stop, each additional feature will probably be quite small and not look like a lot of work but over time they all pile up and the rest of the site starts to become entangled with the code which make replacing it very hard.

It's something I've seen quite a lot so I try to avoid reinventing any wheel if I can help it. The pain I have had at work because of some code that has too much ego invested in it is virtually endless. I try to write the least code possible to do a job so that I can throw it away easily.

Besides unless you are specifically writing an authentication and authorisation system then the time you spend on it is time not spent developing something that does not exist as a gem.

For the record I have written my own tagging system because the gems that were available when I developed my site four years ago did not have the features that I wanted. So there are times when you have to.