Devise w/ OmniAuth or straight up Omniauth? - ruby-on-rails

I currently have a simple, hand-coded login system in my rails app. Now, I'm looking to integrate Facebook login via OmniAuth (seems to be the best way to do so)
However, I keep seeing Devise come up as a popular way to handle logins, with OmniAuth implemented in conjunction with it.
If I'm pretty happy with my login system now, is there any reason to use Devise? Does it give OmniAuth any extra functionality/extensibility or make it easier to use?

If you are a railscasts subscriber check out http://railscasts.com/episodes/235-devise-and-omniauth-revised
Devise does have some convenient hooks for omniauth, so that is a plus to using devise. That being said if you are happy with your authentication then you can simply build omniauth as a separate authentication method, and handle any overlap yourself. Also check out http://railscasts.com/episodes/241-simple-omniauth.
Good luck!

Related

Which gem should I use to provide a login process for my social network app?

I am creating a social networking site for my university and I'm wondering which gem I should use for the login process, or if there is any other more secure way to implement a login process. Is there document or sample code which can guide me?
I've heard about the Devise gem but I am not sure that it will be work for us, or how to use it.
Definitely recommend devise. It's written by one of the top contributors to rails Jose Valim. It's pretty easy to use, especially if you just stick with the defaults which are very reasonable. And it's kept up to date - currently only has 7 outstanding issues. For a project with 6.4k watchers that's pretty amazing.
There's a getting started guide with everything you need to get started.
There's also a devise wiki with a lot of examples. Here's just a few:
How To: Disallow previously used passwords
How To: Display a custom sign_in form anywhere in your app
How To: Do not redirect to login page after session timeout
It largely depends on what features you're looking for. If you require a full-featured authentication solution (Registration, Forgot Password, Remember Me, Login) then either devise or Authlogic is recommended.
If you're just looking for a simple way to authenticate users (via login and password for example), you can just use the Rails built-in authentication via has_secure_password. Ryan Bates did a RailsCast on it not too long ago.
Whatever method you decide to go with just remember that without SSL its not secure.
Devise is very nice. However, I'm partial to using NoamB's Sorcery gem. Its like a balance between rolling your own and Authlogic.
Check it out here:
https://github.com/NoamB/sorcery
Also nice railscast on it:
http://railscasts.com/episodes/283-authentication-with-sorcery

Need to create a secure sign up page in ruby on rails, where do I start?

I need to create a secure sign up/login page for my website. I am coding in Ruby on Rails.
I don't know the first thing about doing this. I can create a simple sign up page, but how do I make sure that it is a secure page? I.e. I want the login/signup page to have a https://... URL (properly signed and whatnot).
What all do I need to do to go about this? Is there some way to make this process as easy as possible in ruby (i.e. is there some gem that allows for HTTPS logins/signups)?
Thanks!
You don't need to implement this yourself. There are a couple of gems to help you do that.
I use Devise, here's a simple howto http://blazingcloud.net/2011/01/08/devise-authentication-in-rails-3/
If you'd like to handle Facebook, twitter, openId and more, I recommend using Omniauth, it works well with devise.
Here is a tutorial to help you get started
https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview
HTTPS is not an issue for your signup page, you'll have to purchase the certificate and run your server appropriately.
Devise is one of many great gems to use for authentication in rails but you should absolutely learn what's going on in the background before you start using one them. You should start with a tutorial on how an authentication system works. Michael Hartl's tutorial is the best IMHO. Good luck!
Sorcery is the easier and more modular option. I totally recommend it over Devise.
https://github.com/NoamB/sorcery
There is a recent Railscast.

Which authentication gem would you use in Rails 3 to integrate with as many third party authentication providers

We need to have basic authentication in our Rails 3 app but the requirements are to also integrate with providers such as facebook, linked in, google apps, twitter, etc.
We are looking at:
Clearance
Divise
AuthLogic
... and others.
Any advice on which one to use that provides most of what we need?
OmniAuth is great for plugging in to third party authentication:
Code: https://github.com/intridea/omniauth
http://railscasts.com/episodes/235-omniauth-part-1
and
http://railscasts.com/episodes/236-omniauth-part-2
The above railscasts are great resources for a simple overview of using OmniAuth.
Devise is the current top dog, as it sets up sensible defaults, and makes it remarkably easy to override parts of the authentication system without affecting the rest.
It also has a branch and instructions to easily support OmniAuth for OAuth/OpenID authentication: https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview
I'm not experienced with either of these gems but I came across this blog post that had some high level points comparing Devise and Authlogic. http://www.quora.com/Ruby-on-Rails/How-should-I-choose-an-authentication-gem
This one persuaded me to start with Authlogic:
When a user logs in I like to set a cookie that has the username so I can access it from JavaScript. I know how to do this with Authlogic: add a line of code to UserSessionsController#create. How do I do it with Devise? I can't see how. (I don't want to do it on every page request. Just when they authenticate.)
You can give a shot to Sorcery gem which nicely handle third party authentification.
I found it easy to learn and to implement, and it's well documented too.
I don't try the other gems but this one is growing very fast right now, despite the fact that it's not an very old project
Good luck!!!

Mixing omniauth with another authentication system

I haven't been able to find a way to mix the OmniAuth authentication system (which rocks by the way) and a normal authentication system (like restful authentication).
Any info on this? Thanks in advance!
Railscasts.com has some great screencasts showing how to integrate with Devise http://railscasts.com/episodes?utf8=%E2%9C%93&search=omniauth
Also, Devise itself has a branch integrated with omniauth if you only need one authentication strategy: https://github.com/plataformatec/devise/tree/v1.2.oauth

How do I create a Stack Overflow-like registration process?

I am wondering how I can build the registration process like we have in Stack Overflow, where a user can login using one of several already existing accounts? I would prefer using Rails as a technology platform.
Are you looking for this?
http://testingauth.heroku.com/
I'm not sure this is exactly what you need, but the devise module, available on github, makes it very easy to build a authentication system in a rails application.
For authorization, another great module is called "cancan". You might need that too.
Check out OmniAuth. There are a few railscasts describing it.
You can use omniauth gem to implement openId auth. Also, it possible to extend your existing user auth systems. See great screencast about this at railscast: OmniAuth Part 1

Resources