I have been searching a lot on the net to get facebook-connect integrated with authlogic in rails3. There are a number of solutions based on facebooker, oauth etc. but none of them seem to say anything on whether they work with rails 3 or not. Can anyone guide to me on how to get facebook-connect working with authlogic in "rails3". I see that there are a lot of questions related to this on the site but none seems to have actually answered the question.
I strongly recommend you to use http://www.janrain.com/products/engage with this gem https://github.com/tardate/authlogic_rpx. This combo works amazing with two of my projects and it is free if you only want to use authentication (like in my case).
PS. look at railscast: http://railscasts.com/episodes/233-engage-with-devise. I know that, this podcast show how to use Janrain with Devise, but it helped me with Authlogic so it also can help you.
Related
I'm looking for a nice, customisable way to authenticate users via OpenID. I'm using sorcery and so far it works like a charm: it has support for email-based login and OAuth-based login. However, it has no support for OpenID, and I wouldn't like to use existing authentication gems like Omniauth and the likes. I also find Ryan Bates' tutorial a bit outdated. Note that I also did some search on this topic on SO. All rants date to 2009, and I fear that implementation may not work (I also want to avoid another trial-and-error spike testing).
Any suggestions?
I've been working on GlitterGallery. I remember struggling with old docs and had blogged about the route I took to make OpenID login work. You might be interested to look it up here. I'm not sure if there's anything better available now, but I'll be coming back and I'll update the post accordingly; cheers!
Are there any updated tutorials for using OpenID with Authlogic? I'd heard good things about Authlogic, and the documentation makes it seem much better than Restful Authentication... but in trying to implement OpenID, 100% of the tutorials and information I've come across have been outdated (including Railscast #170). They depend on gems that either no longer work or no longer exist. And to add to the frustration, Github has been down for hours today.
Does anyone know of a simple updated guide to get OpenID working with Authlogic? Thanks!
The solution (if you're on Rails 2.3.8 like I am) is to use older versions of pretty much everything. I fond this app and simply copied the versions of the gems they were using: https://github.com/holden/authlogic_openid_selector_example. That meant using the authlogic_openid plugin rather than the gem form.
Things worked well after that.
I poked around StackOverflow and Google, but couldn't find anyone who has put together a comparison of authentication gems or plugins for Rails (I'm looking for something for Rails 3). What authentication solutions are available for Rails 3, which are most popular, and what are the differences between them?
Ruby toolbox has a list of the most popular ones: http://ruby-toolbox.com/categories/rails_authentication.html
You can see that Devise and Authlogic are definitely the most popular.
Personally I use Devise. It works well with Rails 3, is easily customizable, and makes it very easy to integrate Twitter and Facebook based auth.
For a Rails3 App definitely Devise ;).
Devise is the only authentication system which provides security on all the 3 stack layers of rails: - In 'M', 'v', and 'C' and hence the best to go with. But you got to learn more on how to customize devise to custom fit your application's need. You can find help on customizing in this page https://github.com/plataformatec/devise/wiki/_pages
In Rails authentication from scratch is dead simple to do.
Ryan Bates covers this here http://railscasts.com/episodes/270-authentication-in-rails-3-1
devise, devise, devise
I am surprised OminAuth did not get a mention in any of the answers. (Agreed OmniAuth is more recent than this question is, but there are answers that came after)
Undoubtedly, this is the most exhaustive authentication solution available currently for rails applications.
Under the hood, OmniAuth uses OAuth2, which is evolving as the de-facto standard for authentication in web applications across platforms and frameworks. Almost all major internet players support OAuth2 - Github, Google, Facebook, Twitter, LinkedIn are just a few to name.
Of course, Devise works very well with OmniAuth so It should not be a major headache for those already using Devise
I'm a big proponent of rolling your own. Depending on your requirements its fairly straight-forward and reduced dependency on a key component. Rails 3.1 makes it even easier.
Kinda late to the party, but I wrote something up for it here:
http://zergsoft.blogspot.jp/2012/08/rails-3-authentication-compared-warden.html
I cover Warden, Devise and home grown.
The tutorial by Michael Hartl is great for learning how to set up your own.
http://ruby.railstutorial.org/ruby-on-rails-tutorial-book
I have used that on multiple apps and love the flexibility of setting up my own Authentication Method.
Though for the most part I use Devise and LOVE it. It is very quick/easy to implement, very secure, and does exactly what I need it do.
https://github.com/plataformatec/devise
I will typically use it in conjunction with CanCan and Rolify
I would like to add authentication to my Rails app. I came across few plugins that do this: acts_as_authenticated, restful_authentication, Authlogic...etc
I haven't seen an article that describes differences, advantages and disadvantages of using each.
Can you help with that? which one do you use and why?
Thanks,
Tam
I recently switched from restful_authentication to AuthLogic. The main reason was because I found restful_authentication a bit too bloated for what I was trying to achieve. Check out Ryan Bates' brilliant screencast:
http://railscasts.com/episodes/160-authlogic
I've switched from restful_authentication to Authlogic, because Authlogic is a plugin/gem as opposed to a generator. This makes it infinitely easier to upgrade.
Authlogic is also geared around being extensible, so you can fairly easily use it with OAuth or Facebook Connect (there are Authlogic modules that implement this, but I'm not using them; it's super easy to create an Authlogic user session manually).
Stay away from acts_as_authenticated. It's ancient and unmaintained. As noted, restful_authentication is its successor.
I'm a bit late to this party, but Devise looks pretty good. I'm using it on a project after trying AuthLogic. There's a couple of railscasts on it as well. I like it so far...definitely worth a look.
http://github.com/plataformatec/devise
I personally tend to use restful_authentication out of habit, but I've made use of AuthLogic a few times. AuthLogic is a lot leaner and cleaner code and tends to be much easier to setup and integrate into a project. It is also is newer and more popular (or feels like it as of late), so it should be easier to find resources or help if you need it. I'd definitely go AuthLogic.
If you'd like to know more about restful_authentication and see how it varies from AuthLogic in practice, there is also a railscast for it.
http://railscasts.com/episodes/67-restful-authentication
If you are looking for alternatives to the standard username/password scheme and using only external identity providers, there is a new plugin called OmniAuth that works at the rack level (so it's independent from Ruby on rails) and supports multiple external identity providers like OAuth, Facebook Connect, Google and LDAP.
There are also two Railscast episodes on how to use it: Episode 1 and Episode 2
If I am correct, restful_authentication is the succesor of acts_as_authenticated. I would therefore strongly disrecommend using acts_as_authenticated.
I personally use restful_authentication. It just works the way I expect it to work...
There's also thoughtbot's clearance. Though I chose Authlogic because of the authlogic-oid open id "add-on" gem.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I'm looking for a pre-built solution I can use in my RoR application. I'm ideally looking for something similar to the ASP.NET Forms authentication that provides email validation, sign-up controls, and allows users to reset their passwords. Oh yeah, and easily allows me to pull the user that is currently logged into the application.
I've started to look into the already written pieces, but I've found it to be really confusing. I've looked at LoginGenerator, RestfulAuthentication, SaltedLoginGenerator, but there doesn't seem to be one place that has great tutorials or provide a comparison of them. If there's a site I just haven't discovered yet, or if there is a de-facto standard that most people use, I'd appreciate the helping hand.
AuthLogic appears to be the new kid on the block and seems to be the next evolution of restful_authentication, easier to use, etc
http://github.com/binarylogic/authlogic/tree/master
Edit: now that Rails 3 is out, Devise seems to be the new, new kid on the block
https://github.com/plataformatec/devise
or I have been rolling my own authentication now with the has_secure_password built in to Rails http://railscasts.com/episodes/250-authentication-from-scratch-revised
Side note: Ruby Toolbox is a great site for finding the current best solution in various categories (based on the number of GitHub watchers):
http://ruby-toolbox.com/categories/rails_authentication.html
I would really recommend Restful Authentication. I think it's pretty much the de-facto standard.
For a really simple solution go with Clearance.
If you are looking for more options Devise is a great solution. It uses Warden which is a rack based authentication system.
There's also RestfulOpenIDAuthentication if you want OpenID support in addition to password support.
Just a note, LoginGenerator and SaltedLoginGenerator have been superseded by Restful Authentication and are unsupported on newer Rails releases -- dont waste any time on them, though they were great at the time.
I'd also like to point out an excellent tutorial/discussion on extending the core functionality of Restful Authentication, in case you're looking for something a bit more robust.
I'm really liking thoughtbot's clearance. Very simple and has a few good hooks and is testable.
AuthLogic seems to be what you want for this. It's very configurable, and although it doesn't generate the code for you, it's quite easy to use. For email validation and password recovery you probably want to use the :perishable_token column. AuthLogic takes care of it, you only need to reset it when it's used. For information on how to set up a basic app, you can take a look at Ryan Bates' Railscast on AuthLogic, and the "official" example app. Ben Johnson, the creator of AuthLogic has also written a blog post on how to RESTfully reset passwords.
Unfortunately I can't post more than one link, but the links to the railscast, the password reset blog post and the example app are all in the README (see the AuthLogic repo for the README)
Update: Now I can post more links, so I linked some more. Thank you marinatime for adding the link in the meanwhile
restful_authentication is a powerful tool which is very flexible and provides most of what you are looking for out of the box. However, a couple of caveats:
Don't think in terms of 'controls'. In Rails the Model, View and Controller are much more independent than in 'Webforms-style' ASP.NET. Work out what you want from each layer independently, write tests/specs to match and make sure each layer is doing what you expect.
Even if you are using a plugin there is no substitute for reading (at least some) of the code generated. If you have a big-picture idea of what is going on under the hood, you will find debugging and customising much easier.
The plugin restful_authentication and other plugins that extend it, answer your needs perfectly. A quick search on github.com will reveal a lot of tutorials, examples, and extensitons. Just go here:
- http://github.com/search?q=restful_authentication
There are several projects that use restful_authentication just to provide examples of a bare-bones Rails app with just the authentication parts.
http://github.com/fudgestudios/bort -- A base rails app featuring: RESTful Authentication
http://github.com/mrflip/restful_authentication_example -- Another project with a great examlpe of how to use restful_authentication
http://github.com/activefx/restful_authentication_tutorial -- Same as above, with some other plugins bundled.
http://railscasts.com/episodes/67-restful-authentication -- a great screencast explaining restful_authentication
This information should be enough to get you started finding heads and tails ... good luck.
Just updating this: Ryan Bates' Railscast #250 shows building an authentication system from scratch....
Another vote for Clearance - perhaps not as customisable or as 'in' as authlogic, but in terms of just being able to drop it in place and go, it's definitely worth having a look at.