Which authentication plugin for Rails would you choose? I'm not interested in the permissions, roles and other authorization stuff.
I'm interested in the:
user model/controllers generation
predefined components to support various ways of authentication (HTML form, OpenID) with various back-end (database, LDAP, textfile).
I'm looking for something similar to the Java Spring Security (formerly Acegi) but for Rails platform.
Kind regards.
Check out Authlogic. It's incredibly flexible and simple to get started.
Other options:
Clearance
Devise (Rack-based)
Ruby Toolbox provides a nice list of Rails Authentication plugins.
I used restful_authentication in the past but I switched to authlogic 1 year ago.
Authlogic is an excellent and high customizable plugin, there are also additional third party plugins to support OpenID and Facebook logins.
I heard good words about Clearance but I never used it.
Related
Using Ruby on Rails, I've been trying to find best practices for building an authentication API in order to ensure security. Are there guidelines or aspects I should pay attention to?
You should use gems for authentication Devise or AuthLogic. They're quite good, have a lot of functionality and are extendable. Devise has RESTful API. Have a look inside the code.
We need to have basic authentication in our Rails 3 app but the requirements are to also integrate with providers such as facebook, linked in, google apps, twitter, etc.
We are looking at:
Clearance
Divise
AuthLogic
... and others.
Any advice on which one to use that provides most of what we need?
OmniAuth is great for plugging in to third party authentication:
Code: https://github.com/intridea/omniauth
http://railscasts.com/episodes/235-omniauth-part-1
and
http://railscasts.com/episodes/236-omniauth-part-2
The above railscasts are great resources for a simple overview of using OmniAuth.
Devise is the current top dog, as it sets up sensible defaults, and makes it remarkably easy to override parts of the authentication system without affecting the rest.
It also has a branch and instructions to easily support OmniAuth for OAuth/OpenID authentication: https://github.com/plataformatec/devise/wiki/OmniAuth:-Overview
I'm not experienced with either of these gems but I came across this blog post that had some high level points comparing Devise and Authlogic. http://www.quora.com/Ruby-on-Rails/How-should-I-choose-an-authentication-gem
This one persuaded me to start with Authlogic:
When a user logs in I like to set a cookie that has the username so I can access it from JavaScript. I know how to do this with Authlogic: add a line of code to UserSessionsController#create. How do I do it with Devise? I can't see how. (I don't want to do it on every page request. Just when they authenticate.)
You can give a shot to Sorcery gem which nicely handle third party authentification.
I found it easy to learn and to implement, and it's well documented too.
I don't try the other gems but this one is growing very fast right now, despite the fact that it's not an very old project
Good luck!!!
Im starting to learn RoR and i want to make my personal blog in this language. I usually code a couple of prototypes on top of whatever im doing in my blog. So i would like people to be able to log in, and register with their openID. So i was about to jump to the coding place when i realized the concept of gems and all that stuff is giving you tools for this kind of things.
So is there some kind of package to manage users, profiles and openId?
check out technoweeni's restful-authentication plugin
I'd advise you to look at bort as a complete RoR skeletton app with RESTful auth builtin, one of its fork here or at AuthLogic a less intrusive auth solution for Rails (and Merb and some others).
Take a look at the bort skeleton app. It has restful auth and openid authentication already setup among other things.
Railscasts also has a number of screencasts about setting up authentication, restful authentication and OpenID.
One thing you want to be aware of to avoid hours of headache: the Ruby OpenID library changed substantially with OpenID 2.0, so if you're using a plugin or example code from a blog, be sure you're using the version of OpenID to which it corresponds.
There are several plugins; one with lot of activity is open_id_authentication.
Dan Webb has a good guide to OpenID authentication in Rails that walks you through writing the actual code, but note that, at least last I checked, it hadn't been updated for OpenID 2.0.
What is current state of the art for enabling OpenID login in Ruby on Rails applications? This is a community wiki with up-to-date answers to this question.
Authlogic
The most advanced authentication solution seems to be Authlogic. It supports OpenID with Authlogic OpenID plugin. It supports Rails 4 and 3. Rails 2 is supported in the rails2 branch.
You may want to watch "OpenID with Authlogic" railscast (and the "Authlogic" railscast).
There is a sample application called Authlogic OpenID Selector Example.
Devise
Devise is flexible authentication framework for Rails. It supports OpenID with devise_openid_authenticatable.
restful_authentication
Another authentication library of choice is restful_authentication Rails plugin. Seems like you also need to install open_id_authentication plugin.
You may want to watch (old, circa 2007) "OpenID Authentication" railscast.
Ruby OpenID
Raw support for OpenID protocol is handled by Ruby OpenID library.
Check out this Railscast on OpenId for more info. I'm not sure if/how it might work alongside restful_authentication, but might be a good resource. (I haven't watched it yet)
What I've done is use restful-authentication and then blend the open_id_authentication plugin into your application. It might help to setup the open_id_authentication plugin on a test app as well, so you can determine the changes you'll need to make to the users table.
The definitive resource should be the rails wiki, although I use should advisedly because things have been changing quite fast when it comes to OpenID support.
Ryan Bates' Railscast on Openid is the best thing I've found to follow. Even though it was recorded with Rails 1.2.3, I've been able to successfully follow the tutorial with Rails 2.1.0. The only point to note is that for:
gem install ruby-openid
I installed 2.1.2, rather than the 1.1.4 used in railscast.
The OpenID plugin used is open_id_authentication, and I tested it in combination with restful_authentication from git://github.com/technoweenie/restful-authentication.git
NB: I subsequently wrote this up in a blog post.
The only gem I know of that supports OpenID Connect (the latest version) is:
https://github.com/nov/openid_connect
However, it has absolutely no documentation. :(
Oddly, this subject doesn't appear to have received much attention from the Rails community since 2007.
The latest trunk of Bort didn't seem to work with Rails 2.3.x, so I forked it and got it working.
I also added some things that I personally use - like yui reset/base, jquery, etc.
The fork is very much still a work in progress, but I hope to provide broad, tested authentication support for restful auth, google auth, facebook connect, twitter, etc.
http://github.com/lukebayes/bort
I have found that using BinaryLogic's Authlogic gems are quite easy and straightforward to use. See Authlogic and its OpenID plugin.
You can download an example application or try it!
Bort now has OpenID included, in addition to restful_authentication.
Keep an eye on Bort. It is a base rails application which already has restful_authentication setup among other things. The guy doing it is planning on adding OpenID.
What is current state of the art for enabling OpenID login in Ruby on Rails applications? This is a community wiki with up-to-date answers to this question.
Authlogic
The most advanced authentication solution seems to be Authlogic. It supports OpenID with Authlogic OpenID plugin. It supports Rails 4 and 3. Rails 2 is supported in the rails2 branch.
You may want to watch "OpenID with Authlogic" railscast (and the "Authlogic" railscast).
There is a sample application called Authlogic OpenID Selector Example.
Devise
Devise is flexible authentication framework for Rails. It supports OpenID with devise_openid_authenticatable.
restful_authentication
Another authentication library of choice is restful_authentication Rails plugin. Seems like you also need to install open_id_authentication plugin.
You may want to watch (old, circa 2007) "OpenID Authentication" railscast.
Ruby OpenID
Raw support for OpenID protocol is handled by Ruby OpenID library.
Check out this Railscast on OpenId for more info. I'm not sure if/how it might work alongside restful_authentication, but might be a good resource. (I haven't watched it yet)
What I've done is use restful-authentication and then blend the open_id_authentication plugin into your application. It might help to setup the open_id_authentication plugin on a test app as well, so you can determine the changes you'll need to make to the users table.
The definitive resource should be the rails wiki, although I use should advisedly because things have been changing quite fast when it comes to OpenID support.
Ryan Bates' Railscast on Openid is the best thing I've found to follow. Even though it was recorded with Rails 1.2.3, I've been able to successfully follow the tutorial with Rails 2.1.0. The only point to note is that for:
gem install ruby-openid
I installed 2.1.2, rather than the 1.1.4 used in railscast.
The OpenID plugin used is open_id_authentication, and I tested it in combination with restful_authentication from git://github.com/technoweenie/restful-authentication.git
NB: I subsequently wrote this up in a blog post.
The only gem I know of that supports OpenID Connect (the latest version) is:
https://github.com/nov/openid_connect
However, it has absolutely no documentation. :(
Oddly, this subject doesn't appear to have received much attention from the Rails community since 2007.
The latest trunk of Bort didn't seem to work with Rails 2.3.x, so I forked it and got it working.
I also added some things that I personally use - like yui reset/base, jquery, etc.
The fork is very much still a work in progress, but I hope to provide broad, tested authentication support for restful auth, google auth, facebook connect, twitter, etc.
http://github.com/lukebayes/bort
I have found that using BinaryLogic's Authlogic gems are quite easy and straightforward to use. See Authlogic and its OpenID plugin.
You can download an example application or try it!
Bort now has OpenID included, in addition to restful_authentication.
Keep an eye on Bort. It is a base rails application which already has restful_authentication setup among other things. The guy doing it is planning on adding OpenID.