Using Ruby on Rails, I've been trying to find best practices for building an authentication API in order to ensure security. Are there guidelines or aspects I should pay attention to?
You should use gems for authentication Devise or AuthLogic. They're quite good, have a lot of functionality and are extendable. Devise has RESTful API. Have a look inside the code.
Related
There is RubyOnRails application with Devise authentication. Is there any smart way to add ruby Cramp framework to that application with devise support?
One devise session for both rails and cramp
I am assuming that you want to run Cramp for something like chat within your application. If you provided more info about what you are trying to accomplish, it would help get you a more appropriate answer. If you're building a chat tool, or some kind of stat logging service, it would probably make more sense to build it outside of Rails and integrate the two through an API. Just a thought.
I am wondering how I can build the registration process like we have in Stack Overflow, where a user can login using one of several already existing accounts? I would prefer using Rails as a technology platform.
Are you looking for this?
http://testingauth.heroku.com/
I'm not sure this is exactly what you need, but the devise module, available on github, makes it very easy to build a authentication system in a rails application.
For authorization, another great module is called "cancan". You might need that too.
Check out OmniAuth. There are a few railscasts describing it.
You can use omniauth gem to implement openId auth. Also, it possible to extend your existing user auth systems. See great screencast about this at railscast: OmniAuth Part 1
hope you all doing well.
my question is on ruby technology, we are developing an web based application using rails framework and ruby. I need to know how the routing works (routes.rb), can some one send me a link of sample CRUD application which I can use in my project.
I need also User authentication and authorization framework using ruby which is readily available.
very urgent,
many many thanks :)
Basically, you are asking how Ruby on Rails works and how to getting started.
I encourage you to start from the official documentation, including the Wiki site and Guides.
You can find information about Rails routing here. More answers about Rails Authentication and Authorization here and here.
For a quick way of creating a Rails CRUD application with user authentication and authorization, please see the Bullet on Rails project. Bullet on Rails is a project I created a while ago to help me quick start creating CRUD apps with authorization included and AJAX crud.
Since you seem to be new to Rails, I also recommend that you read the documentation suggested by weppos.
Which authentication plugin for Rails would you choose? I'm not interested in the permissions, roles and other authorization stuff.
I'm interested in the:
user model/controllers generation
predefined components to support various ways of authentication (HTML form, OpenID) with various back-end (database, LDAP, textfile).
I'm looking for something similar to the Java Spring Security (formerly Acegi) but for Rails platform.
Kind regards.
Check out Authlogic. It's incredibly flexible and simple to get started.
Other options:
Clearance
Devise (Rack-based)
Ruby Toolbox provides a nice list of Rails Authentication plugins.
I used restful_authentication in the past but I switched to authlogic 1 year ago.
Authlogic is an excellent and high customizable plugin, there are also additional third party plugins to support OpenID and Facebook logins.
I heard good words about Clearance but I never used it.
Im starting to learn RoR and i want to make my personal blog in this language. I usually code a couple of prototypes on top of whatever im doing in my blog. So i would like people to be able to log in, and register with their openID. So i was about to jump to the coding place when i realized the concept of gems and all that stuff is giving you tools for this kind of things.
So is there some kind of package to manage users, profiles and openId?
check out technoweeni's restful-authentication plugin
I'd advise you to look at bort as a complete RoR skeletton app with RESTful auth builtin, one of its fork here or at AuthLogic a less intrusive auth solution for Rails (and Merb and some others).
Take a look at the bort skeleton app. It has restful auth and openid authentication already setup among other things.
Railscasts also has a number of screencasts about setting up authentication, restful authentication and OpenID.
One thing you want to be aware of to avoid hours of headache: the Ruby OpenID library changed substantially with OpenID 2.0, so if you're using a plugin or example code from a blog, be sure you're using the version of OpenID to which it corresponds.
There are several plugins; one with lot of activity is open_id_authentication.
Dan Webb has a good guide to OpenID authentication in Rails that walks you through writing the actual code, but note that, at least last I checked, it hadn't been updated for OpenID 2.0.