Article Content:What is the best authentication library for CodeIgniter

What is the best authentication library for CodeIgniter

What is the best authentication library for CodeIgniter.

One of the most interesting benefits of choosing Codeigniter it is a small footprint framework, which means the freedom, the Customization, and the performance.

Freedom: means you can do your task as you want with little restrictions, and to choose the right library or helper what's fit to your project.

Customization means the ability to build very custom application whatever large or small without putting many efforts to clean up unnecessary libraries.

Performance : which is the certain result of the previous points, you Skipped unnecessary libraries from autoloading and kept your code clean as possible, and for this reasons CodeIgniter still without authorization system even CodeIgniter 3 or code igniter 4.

On the other side CodeIgniter, community put more effort to make this task very easy by providing many of awesome authentication and authorization libraries, This what we will discuss in details through this tutorial if you still interested keep reading the next lines.


The best authentication and authorization libraries for CodeIgniter

As we said above, there are many authentication and authorization libraries to support CodeIgniter user management system, but some of these not very well as you may suppose, and this for many reasons, some of these reasons the lack of support which leads to outdated the library eventually, the lack of basic features or the bad documentation.

Therefore I made a surveying to save your time and handled this information in a simple table to make your choice easy.

But first, you should know why my list is just for 8 libraries, this because as I said, many of these libraries doesn't deserve to waste your time with.

1- Ion_auth

Ion Auth is a simple and lightweight authentication library for the CodeIgniter framework.



- Registration

 - Login and Logout

- Forgotten Password

-User groups

-“Remember Me” functionality

 -Extremely Customizable

For more details read full features


2- Flexi auth

Flexi auth are designed to be a modular system, so you can use any code snippet s from different features without needing to install other features that are not required.

If you want a login system that requires activating user’s account via an email, but with limited time access period immediately upon registration - just define the functions and settings you need.

If the default session/table names not suitable for your existing project, or maybe simply don't match your coding conventions, then simply change only one setting via the config file.

Flexi auth philosophy is to let you build your site, the way you want it built, rather than being restricted to do it in one way.



- Groups and privileges management.

- Activation via email

- User registration with code igniter, login, log out, activations can be customized.

- This method prevents misspelled email addresses that would otherwise prevent future login.

- Users can identify via their unique email address or a unique username.

- User search functionality.

- Remember me functionality

- Users can be stopped from logging into their account for a specific period or forever without deleting.

- Account creations, and login attempts are saved in database, also if user fails to log in a number of attempts,an option is available to set a short  time limit ban until he tries to login again

- Users can change their password without log out.

- Password requirements can specify its rules via the config file.

- Google reCAPTCHA and a basic math based

- Forgotten Passwords functionality

- Passwords hashed via hashing library PHPASS


For more details read full features


3- DXAuth

DX Auth is an authentication library for Code Igniter. It’s goal to enable you to easily include secure and easy to use authentication library to your project while giving you the flexibility to choose from simple authentication system to full-fledged authentication system.

DX Auth is also building with internationalization in mind, so every string is available in the language file. (Except the examples because that is your code, not the library).



-Basic auth functionality (Login, logout, register, change password).

-Remember me functionality.

-Login by username or email address or both (depending on config settings).

-Forgot password functionality.

-Ban user functionality.

-Last login IP address and time (optional).

-Email activation (optional).

- Authorization based (admin, user, moderator, etc.). Inheritance also supported (optional)

-Restrict page based on URI and role (optional).

-Custom permission for each role (optional).

-Login attempt (optional). You can use this to display captcha after specified attempts to login to prevent spam  robots.

-Event feature (For example You can put your own code like PM welcome message after user activated, etc.).

-Captcha (optional, reCAPTCHA).

-Simple admin panel (So you can customize it, include it into your own admin panel, or delete if you don’t need it).

-Most of the feature is optional, means you can turn it off in the config file, delete it, or just don’t use it.

For more details read full features.


4- Tank_auth

Tank Auth is an authentication library for PHP-framework CodeIgniter. It's based on DX Auth, although the code was seriously reworked.

The library uses MVC model, which means that all database-related methods are encapsulated in model files, and the library itself is used as an interface to these methods. A controller (auth) dispatches incoming requests, calls the library methods and renders corresponding views (to show in the browser or to send emails). The controller includes the following methods:



-Basic auth options (login, logout, register, unregister).

-Very compact (less than 20 files and 4 DB-tables).

-Username is optional, the only email is obligatory.

-Using Phpass library for password hashing

-Counting and preventing wrong login attempt which determined by IP and by username.

-Logging the last login IP-address and time (optional).

-CAPTCHA for registration and repetitive login attempt (optional).

-Inactivated accounts and forgotten password requests auto-expire.

-Language file support.

-Most of the features are optional and can be tuned or switched-off in well-documented --config file.

-Login using a username, email address or both (depending on config settings).

-Registration is instant or after activation by email (optional).

-"Remember me".

-Forgot password.

-Ban user (optional).

-CAPTCHA support (CI-native and reCAPTCHA are available).

-HTML or plain-text emails.

For more details read full features.



5- Community Auth


-User Authentication (User Login)

-Access Granted by Level / Role

-Access Granted by Role Group

-ACL for Finer Controlled Permissions

-Limits Failed Login Attempts

-Limits Login to a Single Device (Default)

-Deny Access by IP (Requires Local Apache Configuration File)

-Persistent Login (Remember Me) (Turned Off by Default)

-Forgotten Password and Username Recovery

For more details read full features.


6- CodeIgniter-Aauth


Aauth is a User Authorization Library for CodeIgniter 2.x and 3.x, which aims to make easy some essential jobs such as login, permissions, and access operations. Despite its ease of use, it has also very advanced features like private messages, grouping, access management, and public access.


-User Management and Operations (login, logout, register, verification via e-mail, forgotten password, user ban, login DDoS protection)

-Group Operations (creating/deleting groups, membership management)

-Admin and Public Group support (Public permissions)

-Permission Management (creating/deleting permissions, allow/deny groups, public permissions, permission checking)

-Group Permissions

-User Permissions

-User and System Variables

-Login DDoS Protection

-Private Messages (between users)

-Error Messages and Validations

-Language and config file support

-Flexible implementation

For more details read full features.


7- BitAuth

Bitwise Permissions System for Codeigniter


-Phpass Integration: BitAuth uses phpass to handle password hashing

-Password complexity rules: Along with minimum and maximum length, specify the required number of:

-Uppercase Characters


-Special Characters


- Or, add your own

-Password aging: Require your users to change their passwords at a set interval

-Completely custom user data: Easily customize BitAuth to include any custom you want. Full name, Nickname,  Phone number, Favorite color... You name it!

-Groups and Roles: Create groups, and assign users to your groups. Your roles are set on a group, not a user, so  changing roles, whether the scale is large or small, is fast and painless.

-Text-based roles: Simply list your roles in the configuration file, then check against them in your code. BitAuth handles everything in between.

For more details read full features.


8- A3M

A3M (Account Authentication & Authorization) is a CodeIgniter 2.x package that leverages bleeding edge web technologies like OpenID and OAuth to create a user-friendly user experience. It gives you the CRUD to get working right away without too much fuss and tinkering! Designed for building web apps from scratch without all that tiresome login / logout / admin stuff that’s always required.



-Native Sign Up, Sign In with 'Remember me' and Sign Out

-Native account Forgot Password and Reset Password

-Facebook/Twitter/Google/Yahoo/OpenID Sign Up, Sign in and Sign Out

-Manage Account Details, Profile Details and Linked Accounts

-reCAPTCHA Support, SSL Support, Language Files Support

-Gravatar support for picture selection (via account profile)

-Create a painless user experience for sign up and sign in

-Create code that is easily understood and re-purposed

-Utilize Twitter Bootstrap (a fantastic CSS / JS library)

-Graceful degradation of JavaScript and CSS

-Proper usage of CodeIgniter's libraries, helpers, and plugins

-Easily Configurable via config file

For more details read full features.


How should I choose an authentication library for CodeIgniter?


to choose between all these libraries you should know first What are their pros and cons?

which I Summarized in the following table below,you can zoom to see full details


  • Robert
    This is a post on yourself blog http://webeasystep.com/blog/view_article/Social_Logins_in_codeigniter_with_HybridAuth_easy_steps isn't this post related with the current one?
    June 13, 2017
    • admin
      No, it is not related, the first about social auth, and this tutorial about normal system-auth
      June 13, 2017
  • ambey
    haaaa much cool
    January 31, 2018
  • ricardo
    someone knows how to integrate captcha and social login in community auth?
    October 2, 2018

Leave a Reply

Your email address will not be published.

Notify me of followup comments via e-mail.
You can also Subscribe without commenting.