Rack for User Authentication

Rack For User Authentication http://rirug.com RIRUG

Common Web App Needs http://rirug.com RIRUG

Common Web App Needs • A User http://rirug.com RIRUG

Common Web App Needs • A User • A way to associate requests with that user http://rirug.com RIRUG

Many Current Auth Solutions • RESTful Authentication • HTTP Auth • AuthLogic • LDAP • Clearance • CAS • OpenID • Roll Your Own http://rirug.com RIRUG

Why Another One? http://rirug.com RIRUG

Rack Rails 2.3 introduced Rack compatibility. Rails 3 is Rack dependent. Rack allows for modular application design. http://rirug.com RIRUG

Default Rails Rack Stack http://rirug.com RIRUG

How Does This Affect Authentication? • Rack allows for “mountable apps” • Rails middleware • Rails metal http://rirug.com RIRUG

How will your authentication cope? http://rirug.com RIRUG

Apps Usually Need a “User” http://rirug.com RIRUG

Current Authentication Systems Will Conﬂict Between Apps http://rirug.com RIRUG

http://rirug.com RIRUG

Warden • Injects a lazy proxy into the request • Proxy follows around the request • Does nothing until asked • Authenticates requests for any kind of “user” • Provides a mechanism for authentication • Available to all downstream Rack parts http://rirug.com RIRUG

Authenticating (Loggin In) http://rirug.com RIRUG

Accessing the user http://rirug.com RIRUG

Logging Out http://rirug.com RIRUG

Authentication Logic • Strategy Based • Packagable • Sharable between discrete apps • Simple http://rirug.com RIRUG

Warden Strategy http://rirug.com RIRUG

Strategies • Multiple Strategies • Strategies Cascade http://rirug.com RIRUG

Rack Setup http://rirug.com RIRUG

Rails Integration http://rirug.com RIRUG

Warden + Devise http://rirug.com RIRUG

Devise • Flexible Rails authentication based on Warden • Rack based • Complete MVC solution using Rails engines • Allows for multiple roles (models/scopes) • Based on modularity http://rirug.com RIRUG

Devise Modules • Database Authenticatable • Token Authenticatable • Conﬁrmable • Recoverable • Rememberable • Registerable • Trackable • Timeoutable • Validatable • Lockable http://rirug.com RIRUG

Demo http://rirug.com RIRUG

Rack Resources • http://rack.rubyforge.org/ • http://rack.rubyforge.org/doc/SPEC.html • http://railslab.newrelic.com/2009/06/05/episode-14-rack-metal http://rirug.com RIRUG

Warden Resources • http://www.slideshare.net/hassox/warden-introduction • http://wiki.github.com/hassox/warden/overview • http://github.com/hassox/rails_warden http://rirug.com RIRUG

Devise Resources • http://blog.plataformatec.com.br/2010/02/happy-birthday-devise/ • http://github.com/plataformatec/devise • http://rdoc.info/projects/plataformatec/devise • http://railscasts.com/episodes/209-introducing-devise • http://railscasts.com/episodes/210-customizing-devise http://rirug.com RIRUG

http://rirug.com	157
http://coderwall.com	29

Rack for User Authentication

by Craig Jolicoeur on Jul 21, 2010

Accessibility

Categories

Tags

Upload Details

Usage Rights

2 Embeds 186

Statistics

Rack for User Authentication — Presentation Transcript