Thanks for the feedback. I work on Reflex and in a recent release, the team added a template and CLI for creating third-party components and publishing them to PyPI.
Since then, I've built a few authentication libraries that might be of interest:
The problem with having auth built in is that it's been hard to find a solution that actually works for a majority of use cases. That said, as these auth libraries get more popular and refined, they might be moved into the reflex-dev organization as officially maintained components, or even integrated with the core framework.
However, I am concerned that the @reflex_local_auth.require_login decorator [1] merely redirects users to the login page.
> Although this seems to protect the content, it is still publicly accessible when viewing the source code for the page! This should be considered a mechanism to redirect users to the login page, NOT a way to protect data.
So, I have to put an if-else condition on the State data associated with each protected page, in addition to this decorator. The reasonable way to do it would be for the decorator to actually prevent any data load at all before redirecting. This will prevent a lot of mistakes, besides removing boiler plate.
Since then, I've built a few authentication libraries that might be of interest:
https://github.com/masenf/reflex-local-auth https://github.com/masenf/reflex-magic-link-auth https://github.com/martinxu9/reflex-google-auth (documentation WiP)
The problem with having auth built in is that it's been hard to find a solution that actually works for a majority of use cases. That said, as these auth libraries get more popular and refined, they might be moved into the reflex-dev organization as officially maintained components, or even integrated with the core framework.