Rack for User Authentication

5,947 views
5,761 views

Published on

Using Rack for user authentication with Rack apps

Published in: Technology
0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
5,947
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
26
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Rack for User Authentication

  1. 1. Rack For User Authentication http://rirug.com RIRUG
  2. 2. Common Web App Needs http://rirug.com RIRUG
  3. 3. Common Web App Needs • A User http://rirug.com RIRUG
  4. 4. Common Web App Needs • A User • A way to associate requests with that user http://rirug.com RIRUG
  5. 5. Many Current Auth Solutions • RESTful Authentication • HTTP Auth • AuthLogic • LDAP • Clearance • CAS • OpenID • Roll Your Own http://rirug.com RIRUG
  6. 6. Why Another One? http://rirug.com RIRUG
  7. 7. Rack Rails 2.3 introduced Rack compatibility. Rails 3 is Rack dependent. Rack allows for modular application design. http://rirug.com RIRUG
  8. 8. Default Rails Rack Stack http://rirug.com RIRUG
  9. 9. How Does This Affect Authentication? • Rack allows for “mountable apps” • Rails middleware • Rails metal http://rirug.com RIRUG
  10. 10. How will your authentication cope? http://rirug.com RIRUG
  11. 11. Apps Usually Need a “User” http://rirug.com RIRUG
  12. 12. Current Authentication Systems Will Conflict Between Apps http://rirug.com RIRUG
  13. 13. http://rirug.com RIRUG
  14. 14. Warden • Injects a lazy proxy into the request • Proxy follows around the request • Does nothing until asked • Authenticates requests for any kind of “user” • Provides a mechanism for authentication • Available to all downstream Rack parts http://rirug.com RIRUG
  15. 15. Authenticating (Loggin In) http://rirug.com RIRUG
  16. 16. Accessing the user http://rirug.com RIRUG
  17. 17. Logging Out http://rirug.com RIRUG
  18. 18. Authentication Logic • Strategy Based • Packagable • Sharable between discrete apps • Simple http://rirug.com RIRUG
  19. 19. Warden Strategy http://rirug.com RIRUG
  20. 20. Strategies • Multiple Strategies • Strategies Cascade http://rirug.com RIRUG
  21. 21. Rack Setup http://rirug.com RIRUG
  22. 22. Rails Integration http://rirug.com RIRUG
  23. 23. Warden + Devise http://rirug.com RIRUG
  24. 24. Devise • Flexible Rails authentication based on Warden • Rack based • Complete MVC solution using Rails engines • Allows for multiple roles (models/scopes) • Based on modularity http://rirug.com RIRUG
  25. 25. Devise Modules • Database Authenticatable • Token Authenticatable • Confirmable • Recoverable • Rememberable • Registerable • Trackable • Timeoutable • Validatable • Lockable http://rirug.com RIRUG
  26. 26. Demo http://rirug.com RIRUG
  27. 27. Rack Resources • http://rack.rubyforge.org/ • http://rack.rubyforge.org/doc/SPEC.html • http://railslab.newrelic.com/2009/06/05/episode-14-rack-metal http://rirug.com RIRUG
  28. 28. Warden Resources • http://www.slideshare.net/hassox/warden-introduction • http://wiki.github.com/hassox/warden/overview • http://github.com/hassox/rails_warden http://rirug.com RIRUG
  29. 29. Devise Resources • http://blog.plataformatec.com.br/2010/02/happy-birthday-devise/ • http://github.com/plataformatec/devise • http://rdoc.info/projects/plataformatec/devise • http://railscasts.com/episodes/209-introducing-devise • http://railscasts.com/episodes/210-customizing-devise http://rirug.com RIRUG

×