When should I think about implementing my User authentication / session?

Question

After spending some time wireframing my ideas, I want to start building my rails app. However, I'm well aware that later down the line I'd like to consider multiple user accounts.

Should I be thinking about the implementation of this from this early stage, or is this something I can implement without too much fuss later?

It seems like something that would be stupid to attempt later, but part of me just wants to get the guts of the thing working - a couple of simply forms and writing/reading some stuff from the db.

Answer 1

As soon as you get into the "multiple user accounts" game, you are also going to stumble into "roles" such as "admin" and "regular_user". You are probably going to want to show admin people more information and options (such as the option to be able to delete regular users).

You are also going to realize that you probably will not one user to be able to see some of the data owned by another user. i.e. You are going to be thinking about scoping the data that gets sent to the views.

The question to ask yourself is if your application useful without user accounts? If so, then go and build it and put accounts in later. However, if a lot of the value of your application comes from users having their own accounts and some private data, you probably want to implement user accounts, authentication, sessions etc right up front.

Your question leads me to believe that you know how to build web apps in another language, but not in Rails, and that you want to build your confidence with Rails. If that is the case, you are probably better off just building the application without user authentication. Building your confidence will come a lot faster without the headaches of learning what you want out of an authentication/authorization system and how you'll build it.

Answer 2

Your instinct if right. I always do what your are proposing, following the philosophy of implementing the most valuable feature first/next. As you said, often authentication doesn't add much to the core idea.

Build the main idea and see if it holds water. If it doesn't, you'll be happy you didn't spend any time on authentication.

I've followed this approach a half dozen times, on both large and small projects. It's hard to know when this will be-- on some projects it's right away, and in some it will be much later. I've waited a month on a couple green field projects, and another that was akin to a facebook plugin needed it first thing. Anyway, waiting works fine.

If you do need it, you can add it later. I've never had it cause problems adding it later-- in fact, I'll often understand the roles/ACL requirements better.

Yeah, adding this in rails isn't that big a deal, but for a super-small prototype (<2 hours), it can eat up your whole budget!