Password based authentication?

Hello, how does one implement traditional password user authentication with Hanami? After searching I’ve found older posts about hanami-authentication from 2017, and the Hanami Mastery blog post about jay_doubleu_tee that handles JWT+OAuth authorization, but nothing recent that walks through basic password-based user authentication.

I don’t have a tutorial, but I have pretty basic password-based authentication implemented here. Hopefully it can help. Ask away if you need some clarification.

We’re still using Tachiban. See also here for more detail.

@sebastjan_hribar does Tachiban work with Hanami 2 already?

@postmodern I do have a Tutorial in mind, but I hadn’t seen it as a priority :sweat:. We plan to cover Rodauth for sure, but waiting for ROM to be integrated.

Let me know about your approach, and we could collaborate on making Hanami Mastery episode about it if you’re interested!

@swilgosz unfortunately it doesn’t work with Hanami 2. I don’t know when I’ll be able to move to 2. As @postmodern advised I need to add support for argon2 as well. We have one major app depending on Tachiban, but it’s still Hanami 1.3.

If people could and would like to help moving Tachiban forward I’d really appreciate the help. I know there’s been some discussion around different options for Auth with Hanami, but I don’t know what the current situation is.

I’m adding the support for Argon2, but I can’t really decide how and under which version to release it. I’m leaning towards release it under 1.0 and have only Argon2 supported from 1.0 onwards. Would this make sense? I struggle with versioning as this is not something I do often. Any advice would be most welcome.

The alternative would be to keep BCrypt in Tachiban 1.0 as well, but default to Argon2 and have developers pass a param as a switch between BCrypt and Argon2. It still makes sense to completely separate and one can decide between Tachiban 0.8.0 currently with BCRypt and Tachiban 1.0 with Argon2 without having to pass any extra params.

With Tachiban 1.0 only supporting Argon2 I can then next focus on Hanami 2.0. @swilgosz I haven’t used Hanami 2.0 at all. What are the focus points I should keep in mind for adding the support to Tachiban. I’ll go through the getting started, but still, any insight you have?

1 Like

So I’ll go with the first option to support only Argon2 in Tachiban 1.0 and above. The use will remain unchanged.

1.0.0 is now released with support for Argon2.