We need to have basic authentication in our Rails 3 app but the requirements are to also integrate with providers such as facebook, linked in, google apps, twitter, etc.
We are looking at:
Clearance
Divise
AuthLogic
... and others.
Any advice on which one to use that provides most of what we need?
OmniAuth is great for plugging in to third party authentication:
Code: https://github.com/intridea/omniauth
http://railscasts.com/episodes/235-omniauth-part-1
and
http://railscasts.com/episodes/236-omniauth-part-2
The above railscasts are great resources for a simple overview of using OmniAuth.
Devise is the current top dog, as it sets up sensible defaults, and makes it remarkably easy to override parts of the authentication system without affecting the rest.
It also has a branch and instructions to easily support OmniAuth for OAuth/OpenID authentication: https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview
I'm not experienced with either of these gems but I came across this blog post that had some high level points comparing Devise and Authlogic. http://www.quora.com/Ruby-on-Rails/How-should-I-choose-an-authentication-gem
This one persuaded me to start with Authlogic:
When a user logs in I like to set a cookie that has the username so I can access it from JavaScript. I know how to do this with Authlogic: add a line of code to UserSessionsController#create. How do I do it with Devise? I can't see how. (I don't want to do it on every page request. Just when they authenticate.)
You can give a shot to Sorcery gem which nicely handle third party authentification.
I found it easy to learn and to implement, and it's well documented too.
I don't try the other gems but this one is growing very fast right now, despite the fact that it's not an very old project
Good luck!!!
Related
I am creating a social networking site for my university and I'm wondering which gem I should use for the login process, or if there is any other more secure way to implement a login process. Is there document or sample code which can guide me?
I've heard about the Devise gem but I am not sure that it will be work for us, or how to use it.
Definitely recommend devise. It's written by one of the top contributors to rails Jose Valim. It's pretty easy to use, especially if you just stick with the defaults which are very reasonable. And it's kept up to date - currently only has 7 outstanding issues. For a project with 6.4k watchers that's pretty amazing.
There's a getting started guide with everything you need to get started.
There's also a devise wiki with a lot of examples. Here's just a few:
How To: Disallow previously used passwords
How To: Display a custom sign_in form anywhere in your app
How To: Do not redirect to login page after session timeout
It largely depends on what features you're looking for. If you require a full-featured authentication solution (Registration, Forgot Password, Remember Me, Login) then either devise or Authlogic is recommended.
If you're just looking for a simple way to authenticate users (via login and password for example), you can just use the Rails built-in authentication via has_secure_password. Ryan Bates did a RailsCast on it not too long ago.
Whatever method you decide to go with just remember that without SSL its not secure.
Devise is very nice. However, I'm partial to using NoamB's Sorcery gem. Its like a balance between rolling your own and Authlogic.
Check it out here:
https://github.com/NoamB/sorcery
Also nice railscast on it:
http://railscasts.com/episodes/283-authentication-with-sorcery
Someone got a tip for a minimal rails auth script or gem? It should include just the following points:
authentication by email-address
registration with email-address and password
Look into devise gem: https://github.com/plataformatec/devise
It can do a lot more than that, but it is a very easy to use gem for such a purpose.
It handles the views and passwords resets too.
Yeah, devise is great! If those are truly your requirements then I would suggest that too. If, on the other hand, you are looking for the most minimal authentication system possible, I would encourage you to consider the omniauth gem: https://github.com/intridea/omniauth
It will allow you to totally offload authentication to a third party (facebook, google, twitter, etc). This is a great way to avoid writing any of that logic at all.
I am wondering how I can build the registration process like we have in Stack Overflow, where a user can login using one of several already existing accounts? I would prefer using Rails as a technology platform.
Are you looking for this?
http://testingauth.heroku.com/
I'm not sure this is exactly what you need, but the devise module, available on github, makes it very easy to build a authentication system in a rails application.
For authorization, another great module is called "cancan". You might need that too.
Check out OmniAuth. There are a few railscasts describing it.
You can use omniauth gem to implement openId auth. Also, it possible to extend your existing user auth systems. See great screencast about this at railscast: OmniAuth Part 1
I'm currently running on a Ruby on Rails app with Authlogic handling my authentication and user management.
I'm struggling to find up to date information on the best way to add 3rd party login methods to my site, supplementing the standard sign up and login. There are a number of tutorials out there, but all seem to be outdated or incomplete. Could I get some recommendations on the best way to add multiple 3rd party login methods to Authlogic?
Authlogic appears to be built from the ground up for this type of thing, but it's very poorly documented, and it's own page seems very outdated on this.
They seem to recommend for Facebook using authlogic_facebook_connect plugin, which in turn relies upon the outdated Facebooker gem, which has been replaced by Facebooker2. Is there a way to use Facebooker2 with Authlogic?
I have also found on Google authlogic_oauth2, which is a more modern plugin that can login using Facebook credentials using OAuth2. Unfortunately, the author states that this plugin cannot be used alongside Authlogic plugins for OAuth (Twitter) and OpenID due to conflicts.
What are the recommended gems or plugins I can use together to allow login to my site via Facebook, Twitter, and OpenID?
This looks interesting. Planning to give it a shot.
https://github.com/plataformatec/devise/wiki/Extensions
Edit:
I tried it and I am using devise and omniauth together to handle this:
Check out these links:
http://railscasts.com/episodes/209-introducing-devise
http://railscasts.com/episodes/210-customizing-devise
http://railscasts.com/episodes/235-omniauth-part-1
http://railscasts.com/episodes/236-omniauth-part-2
It is a very good solution
Devise now has built-in OAuth that you can use with Facebook, Github, Twitter, etc. The documentation is quite helpful.
I haven't used it yet, but this one looks promising:
http://github.com/viatropos/authlogic-connect
It seems you can handle multiple oauth logins in a single db table, and the example includes keys for facebook, twitter, google etc etc so looks promising on the multiple-applications front
Click on the below link to get the steps for social login.
This is my blog only..
https://rubysolutions.wordpress.com/2014/07/25/facebook-and-google-sign-in-integration-using-devise-and-omniauth-in-rails-4-app-ruby-2/
Im starting to learn RoR and i want to make my personal blog in this language. I usually code a couple of prototypes on top of whatever im doing in my blog. So i would like people to be able to log in, and register with their openID. So i was about to jump to the coding place when i realized the concept of gems and all that stuff is giving you tools for this kind of things.
So is there some kind of package to manage users, profiles and openId?
check out technoweeni's restful-authentication plugin
I'd advise you to look at bort as a complete RoR skeletton app with RESTful auth builtin, one of its fork here or at AuthLogic a less intrusive auth solution for Rails (and Merb and some others).
Take a look at the bort skeleton app. It has restful auth and openid authentication already setup among other things.
Railscasts also has a number of screencasts about setting up authentication, restful authentication and OpenID.
One thing you want to be aware of to avoid hours of headache: the Ruby OpenID library changed substantially with OpenID 2.0, so if you're using a plugin or example code from a blog, be sure you're using the version of OpenID to which it corresponds.
There are several plugins; one with lot of activity is open_id_authentication.
Dan Webb has a good guide to OpenID authentication in Rails that walks you through writing the actual code, but note that, at least last I checked, it hadn't been updated for OpenID 2.0.