You can certainly roll your own authentication solution but I think there are several reasons the vast majority of people use addons (ember-simple-auth being the most popular):
- It’s non-trivial, there are edge cases and a number of things to consider even in a very simple OAuth implementation.
- You’d be reinventing the wheel in the vast majority of cases. Unless you have a purely custom backend authentication mechanism you’re probably going to be using pretty standard conventions. Why spend time reinventing something which has a time-tested and community supported solution already?
- You can contribute to the community. Instead of trying to roll your own solution you could always try to contribute to ESA or Torii
So… I personally would strongly recommend just using an addon, probably ESA. Depending on what your backend authentication service looks like it will be a lot easier. ESA for example provides a session management service, an auth store (e.g. cookie/localstorage/etc), an easy and flexible mixin for defining “secure” routes, and plugins/authenticators for a variety of different authentication methods/types like password grant, implicit grant, 3rd party systems like facebook/google/twitter, etc. If you want to roll your own you’re going to have to come up with a lot of that by yourself and unless you’d really like to do this as an exercise for yourself that seems like a lot more effort than it’s worth.
Of course if you have any more questions about specific authentication concerns or methods or addons or whatever definitely don’t hesitate to ask.