I am currently creating a rails application that requires authentication. Currently, I'm doing custom authentication like that shown in in the following railscast episode:
http://railscasts.com/episodes/250-authentication-from-scratch-revised
I would, however, like to add the option to also Log-in through facebook. After doing some research, I found that the easiest way to add Facebook login involves using Devise/Omniauth for authentication. Would it be worth it to try and switch my authentication system to Devise/Omniauth, or is there an easier way to add facebook authentication? I have also looked at the Facebooker plugin, but it seems very outdated. Any suggestions? I am relatively new to Rails, so I appreciate any help I can get!
I've used Authlogic and Devise in conjunction with Omniauth (+ facebook/google/twitter/etc). I found that Devise is the better solution for me with all it's built in functionality. Getting it to work with Omniauth was a breeze. There's a great Railscast here: http://railscasts.com/episodes/235-devise-and-omniauth-revised
I would definitely recommend going that route. Every piece of the pie is updated often and has great documentation so it should be easy to use for people still learning Rails.
Facebook authentication with Devise/Omniauth is mature, widely used, and well-documented. It would make sense to go with that.
Related
I want to make a app that logs in only using google, is it required to use devise? how would i go about it, documents only show example with devise.
Thank you
Devise is not required, but assuming you want some reasonable level of security you're going to want to use Devise rather than hand-rolling an authentication framework using just Google OAuth2 and some custom table setup.
Devise + omniauth-google-oauth2 = simple, clean Google authentication.
In my opinion you're much better off using Devise to handle this stuff. The amount of work already done by others that you'll end up duplicating by hand-rolling a solution is absurd.
And if you decide later that you want to add Facebook, Twitter or simple username/password authentication, the work is already done for you.
Devise is not required. The easiest way to do this would be with the omniauth-google-oauth2 gem.
Directions are available on the project's github page.
I've read multiple blogposts and watched the railscasts episodes to APIs. But I still got one problem, I'd like to use the API in a way Facebook or twitter does. It should be possible to register an API client. The client should become an id and an secret (should be the same like username or password, right?).
Somehow I think devise could do everything for me but I'm not sure cause I'm kinda new to rails.
Is there a best practice or is the devise solution a good and common one?
Thank you guys! <3
You should use the Doorkeeper gem. Here is a demo app using rails, devise and mongoid.
Booth that services use OAuth so if you want to implement similar functionality you can use this technology also.
I poked around StackOverflow and Google, but couldn't find anyone who has put together a comparison of authentication gems or plugins for Rails (I'm looking for something for Rails 3). What authentication solutions are available for Rails 3, which are most popular, and what are the differences between them?
Ruby toolbox has a list of the most popular ones: http://ruby-toolbox.com/categories/rails_authentication.html
You can see that Devise and Authlogic are definitely the most popular.
Personally I use Devise. It works well with Rails 3, is easily customizable, and makes it very easy to integrate Twitter and Facebook based auth.
For a Rails3 App definitely Devise ;).
Devise is the only authentication system which provides security on all the 3 stack layers of rails: - In 'M', 'v', and 'C' and hence the best to go with. But you got to learn more on how to customize devise to custom fit your application's need. You can find help on customizing in this page https://github.com/plataformatec/devise/wiki/_pages
In Rails authentication from scratch is dead simple to do.
Ryan Bates covers this here http://railscasts.com/episodes/270-authentication-in-rails-3-1
devise, devise, devise
I am surprised OminAuth did not get a mention in any of the answers. (Agreed OmniAuth is more recent than this question is, but there are answers that came after)
Undoubtedly, this is the most exhaustive authentication solution available currently for rails applications.
Under the hood, OmniAuth uses OAuth2, which is evolving as the de-facto standard for authentication in web applications across platforms and frameworks. Almost all major internet players support OAuth2 - Github, Google, Facebook, Twitter, LinkedIn are just a few to name.
Of course, Devise works very well with OmniAuth so It should not be a major headache for those already using Devise
I'm a big proponent of rolling your own. Depending on your requirements its fairly straight-forward and reduced dependency on a key component. Rails 3.1 makes it even easier.
Kinda late to the party, but I wrote something up for it here:
http://zergsoft.blogspot.jp/2012/08/rails-3-authentication-compared-warden.html
I cover Warden, Devise and home grown.
The tutorial by Michael Hartl is great for learning how to set up your own.
http://ruby.railstutorial.org/ruby-on-rails-tutorial-book
I have used that on multiple apps and love the flexibility of setting up my own Authentication Method.
Though for the most part I use Devise and LOVE it. It is very quick/easy to implement, very secure, and does exactly what I need it do.
https://github.com/plataformatec/devise
I will typically use it in conjunction with CanCan and Rolify
Hey, i need some help with rails, again! Last it was about Authlogic.. Well I'm gone a bit backward since.. I mean, Authlogic isn't a Authentcate system i like.. So now i wan't you guys to tell me what you think is the best!
I going to use it to a project of mine. Where there has to be a few roles like Admin, User and Guest.. So might you guys can tell me what is good and what is bad..?
You need to split authentication from authorization.
Authentication covers the login/logout process. Authorization is directly linked to permission to see/use resources.
Authlogic is a very good authentication gem.
For authorization you can check CanCan from Ryan Bates, which is very simple to integrate with authlogic (just a single file in the models folder called ability.rb in which you configure all the app authorizations).
EDIT: You can also go with a simpler solution but you will lose flexibility
I used Devise and it worked quite well, however it did not met my needs...
What you might need however looks like something super simple, something like this: http://railscasts.com/episodes/21-super-simple-authentication
I use Authlogic for authentication and DocSavage's Rails Authorisation plug-in for authorisation needs. Its a simple yet powerful plug-in.
Rails authorisation plug-in: http://github.com/DocSavage/rails-authorization-plugin
I would like to add authentication to my Rails app. I came across few plugins that do this: acts_as_authenticated, restful_authentication, Authlogic...etc
I haven't seen an article that describes differences, advantages and disadvantages of using each.
Can you help with that? which one do you use and why?
Thanks,
Tam
I recently switched from restful_authentication to AuthLogic. The main reason was because I found restful_authentication a bit too bloated for what I was trying to achieve. Check out Ryan Bates' brilliant screencast:
http://railscasts.com/episodes/160-authlogic
I've switched from restful_authentication to Authlogic, because Authlogic is a plugin/gem as opposed to a generator. This makes it infinitely easier to upgrade.
Authlogic is also geared around being extensible, so you can fairly easily use it with OAuth or Facebook Connect (there are Authlogic modules that implement this, but I'm not using them; it's super easy to create an Authlogic user session manually).
Stay away from acts_as_authenticated. It's ancient and unmaintained. As noted, restful_authentication is its successor.
I'm a bit late to this party, but Devise looks pretty good. I'm using it on a project after trying AuthLogic. There's a couple of railscasts on it as well. I like it so far...definitely worth a look.
http://github.com/plataformatec/devise
I personally tend to use restful_authentication out of habit, but I've made use of AuthLogic a few times. AuthLogic is a lot leaner and cleaner code and tends to be much easier to setup and integrate into a project. It is also is newer and more popular (or feels like it as of late), so it should be easier to find resources or help if you need it. I'd definitely go AuthLogic.
If you'd like to know more about restful_authentication and see how it varies from AuthLogic in practice, there is also a railscast for it.
http://railscasts.com/episodes/67-restful-authentication
If you are looking for alternatives to the standard username/password scheme and using only external identity providers, there is a new plugin called OmniAuth that works at the rack level (so it's independent from Ruby on rails) and supports multiple external identity providers like OAuth, Facebook Connect, Google and LDAP.
There are also two Railscast episodes on how to use it: Episode 1 and Episode 2
If I am correct, restful_authentication is the succesor of acts_as_authenticated. I would therefore strongly disrecommend using acts_as_authenticated.
I personally use restful_authentication. It just works the way I expect it to work...
There's also thoughtbot's clearance. Though I chose Authlogic because of the authlogic-oid open id "add-on" gem.