Why did CakePHP change the authentication component to an authentication plugin?

Why did CakePHP change the authentication component to an authentication plugin?
What are the major changes between the authentication components and the authentication plugins?
What does that mean?

The component was replaced with the plugin so that we could do a few different things:

  1. Separate the authentication and authorization concerns. Over time AuthComponent became an all powerful all knowing class that had many mixed concerns.
  2. A plugin enabled us to build a replacement alongside the existing component without breaking it.
  3. Leverage middleware better. Using a plugin enabled us to push authentication configuration into the application class. This unlocks future potential as we add a DI container. It also enables us to handle some forms of missing authentication before the controller layer is ever reached.

The major differences and how to upgrade from the component to the plugin can be found here https://book.cakephp.org/authentication/2/en/migration-from-the-authcomponent.html

2 Likes