Authentication should not be built in

[GeekOnCoffee]

Summary from Spree's recent move to this:

Spree no longer ships with authentication included. Previous version of Spree have relied on a third pary library known as Devise. By removing the dependency on Devise this allows Spree to be more easily integrated with larger Rails applications that may have their own authentication system. For those that are using Devise (or have no strong preference for which system they use), we still have Devise support for Spree. You’ll just need to add the spree_auth_devise extension to your application.

http://guides.spreecommerce.com/authentication.html has information on how it's pulled off

[knewter]

+1, imo the biggest remaining hurdle to an uptick in a "Rails Engine Ecosystem" that is only just now maturing (a bit late)

[radar]

I like the idea of setting a class variable. It's worked well within Spree and Forem. With that value, then you constantize it and then assume that class follows a certain API. How we ensure that API is present, I don't know yet.

[knewter]

So we can define the API solidly, and then if your default user/auth doesn't implement it you can be responsible for implementing a wrapper that does.

[parndt]

So we can define the API solidly, and then if your default user/auth doesn't implement it you can be responsible for implementing a wrapper that does.

That's a bingo!

[johanb]

👍