Contact Us

CakePHP Authsome - Debuggable's Xmas Gift

Posted on 25/12/09 by Felix Geisendörfer

Merry Xmas everybody. We hope you are having a lovely time and get to renew the batteries for an awesome 2010 over the holidays.

To ease the withdrawal symptoms, Tim and I decided to do some light development over the holidays in order to create a little Xmas gift for the CakePHP community:

The Authsome plugin: Authentication for people who hate the AuthComponent.

We have been using a system very similar to Authsome for all our CakePHP projects over the years, but it wasn't until now that we had a chance to properly decouple it from the individual projects we used it in. A big thanks for that goes to ThreeLeaf Creative, the makers of a fantastic CakePHP CMS system who paid for the refactoring.

Next on the radar is Righteful: Acl for people who hate the Acl component. We hope to have it ready at some point early next year.

Alright, so go ahead and read the authsome docs over at Github and let us know what you think.

Merry Xmas,

-- Tim & Felix


You can skip to the end and add a comment.

Francis said on Dec 25, 2009:

Thank you! And also thank ThreeLeaf. This just helps everybody, you guys write some elegant code and I would love for this to be picked up by the core. I look forward to Righteful.

Happy holidays and take some time off for the new year!

leo  said on Dec 25, 2009:

Good stuff, thanks for the efforts - also looking forward to Rightful :)
Merry Xmas to you, too!

-- Leo

10drill  said on Dec 26, 2009:

Thanks for this, I'm not a huge fan of the AuthComponent and look forward to trying Authsome. One question: how well does it play with 1.3-dev?

Ramiro Araujo  said on Dec 26, 2009:

Thanks a lot! already implemented and fully working :)

I did have a little problem or lack of direction checking for a logged in user. If I don't supply a guest solution, it throws an exception (as it's clearly marked). I replaced the Auth component for this one for the admin area of a site, so basically the "solution" was to manually supply a guest user with id 0, and check for that in the beforeFilter, if the params['admin'] was set. Im sure it's a bit messy. I would love to see an admin area implementation example for this component in the future.

Thanks a lot!

Felix Geisendörfer said on Dec 26, 2009:

10drill: It should be 100% 1.3-dev compatible, if not let me know and I'll fix it.

Ramiro Araujo: I just made a small update that allows you to return an empty array for the 'guest' type. Now you can check for a guest account as simple as this:

if (!Authsome::get()) {
  // only do if logged in


Let me know if that helps!

(Commit is here: b096bc )

Bastian Albers said on Dec 28, 2009:

Thanks a lot! Seems to work very much like the stuff i did for projects, but in a way that is actually reusable, elegant and clever.

10drill  said on Dec 29, 2009:

Confirming Authsome works fine with 1.3-alpha and 1.3-dev, I've (quickly!) added it to four 1.3 projects and not run into any problems. Thanks again!

Hendler  said on Dec 30, 2009:

Awesome stuff, as usual from debuggable.

Any good examples of how to integrate with Facebook Connect, Twitter/Google Oauth, etc? eg. would you pass a type to



Felix Geisendörfer said on Jan 02, 2010:

@Hendler I don't have an example for you, but yes - you would hook this into authsomeLogin in your model.

BillyBob  said on Jan 06, 2010:

Great work!! Thanks!!
But..... I can't help but notice that you said in 2008 that you would post every day!!!

Don't worry, I won't hold you to it lol.

Thankyou again for this...

Felix Geisendörfer said on Jan 08, 2010:

BillyBob: I think that was a 30 day challenge IIRC : ).

rich97  said on Jan 30, 2010:

Thank you so much for Authsome, I have been recommending it to anyone I can. I think it's as close as you can get to perfect Auth Control in Cake.

I know your busy and it's not that I don't appreciate what you have given us already but please, please, please hurry up Righteful. I'm writing my own component to extend Authsome to support ACL but as hard as I try I highly doubt it will be even close to this quality.

Keep up the good work, and please don't keep us hanging. :)

Rob said on Feb 01, 2010:

I have to second rich97's comments.

Thanks again for all your hard does not go unappreciated!


Synoptase  said on Feb 02, 2010:

Thanks for the component ! I'm trying to implement it on a fresh cakephp 1.3 app, but i'm having a bit of a hard time, especially with the cookie part.

I get an 'Undefined Property User::LoginToken' in my User::authSomeLogin function in the user.php model. Is this... normal ?


jacmoe said on Apr 09, 2010:

Authsome component! :)

Very easy to use and integrate into your projects. Kudos to Debuggable for making it available.

I've found a bug in the component.

Well, it's not strictly a bug, but it has bug-like consequences.

In function login, there's this piece of innocent code:

Configure::write($this->settings['configureKey'], $user);
        $this->Session->write($this->settings['sessionKey'], $user);

        return $user;

In my application, this meant that almost my entire database was stored in the session! :D

I changed it to this:

        Configure::write($this->settings['configureKey'], $user);

        $this->Session->write($this->settings['sessionKey'], $user);

        return $user;

I know that I am relying on my user model being containable, but now my session is not carrying the entire database anymore.

Felix Geisendörfer said on Apr 09, 2010:

Synoptase: Yes, the LoginToken code is not included with Authsome directly, it's only part of the tutorial which you need to follow step by step.

jacmoe: You can use the contain() call in your model's authsomeLogin function, I don't think authsome needs to be changed here.

AxlF  said on Apr 15, 2010:

Hey Felix,

i tried to figure out why you don't like the Auth Component?
Where do you ran in problems using auth component?


Felix Geisendörfer said on Apr 15, 2010:

AxIF: It does more than it should, and makes the subset I'm interested in (authentication) much harder.

Ryan Oldham said on Apr 28, 2010:

First, I love the Authsome component. I'm already using it in multiple projects. Second, I could really use the Righteful component. I've been thinking of writing my own in the same fashion of Authsome, but I'd rather help with Righteful. I like the way you guys think. Please let me know how I can help.

rich97  said on Apr 28, 2010:


I don't know what the current status of Righteful is, and if it is an already active project I would like to help with that. But I asked Felix about it briefly on IRC a while ago and he said something along the lines of; "no one has sponsored the development and we have no need for it yet so it has been put on hold". And I believe he is focusing on node.js right now judging from his github activity.

So I decided to start my own repository called "AclPlus". The name isn't as cool as "Righteful" but I'm trying to achieve a similar goal, cause I do love Authsome so very much.

It's still very young in development and has been neglected over the last few weeks but if you would like to have a look at the very basic functionality it does have, and possibly contribute, you can see/fork it here:

Anders  said on May 05, 2010:

I have a question about Authsome.

It works great, and was easy to implement (even for a first time user of CakePHP such as myself).

Anyways, I'm currently doing some testing with the cookie login (I've made all the loginTokens stuff), and this is what I do.

I login to my application with user/pass and check off the 'remeber me' tickoff. I see that there is an loginToken created in my DB, and I get an CakeCookie[User] cookie.

Then I quit my browser, and delete the session from the server (if not, I'll have to wait for the session to time out).

I then open my browser again, and go straight to an action that has $this->log(Authsome::get('email'), 'debug'); to see if I can login with cookies and see my email.

The result I get in my logs are:
Notice: Notice (8): Undefined offset: 1 in [/home/turritt/public_html/test.turritt/app/models/user.php, line 25]

This line is the following in my authsomeLogin function:
list($token, $userId) = split(':', $credentials['token']);

So, after some checking, I print the $credentials['token'] in my authsomeLogin function, but this is empty.
I also try to print $token in authsome.php:__useCookieToken(), and here it returns:


So, something is wrong somewhere, but I really don't know what...

Anders  said on May 05, 2010:

Ofcourse, right after I posted the last post, I found the problem.

If I in authsome.php:persist set
return $this->Cookie->write(






return $this->Cookie->write(






it works.

So, there's something wrong with decrypting of the cookies somewhere...

This post is too old. We do not allow comments here anymore in order to fight spam. If you have real feedback or questions for the post, please contact us.