Authentication in-rails
Upcoming SlideShare
Loading in...5
×
 

Authentication in-rails

on

  • 861 views

Slides from my talk at the Eastside Incubator's Rails Chat series....

Slides from my talk at the Eastside Incubator's Rails Chat series.

With so many authentication solutions out there (Devise, OmniAuth, AuthLogic, just to name a few), this slide deck goes through various options, and guides with choosing the best authentication solution for your app.

The deck covers following areas...

Your Own Auth (Authentication from Scratch)
Your Own Auth With Facebook Connect
OmniAuth (Facebook + Twitter)
OmniAuth (Facebook + Twitter + Identity)
Devise (+ Omniauthable, example includes Facebook and Twitter)

All source code for this talk is available on GitHub at https://github.com/mvaidya/Authentication-In-Rails

Statistics

Views

Total Views
861
Views on SlideShare
697
Embed Views
164

Actions

Likes
1
Downloads
7
Comments
0

3 Embeds 164

http://dev.readypulse.com 162
https://si0.twimg.com 1
http://www.readypulse.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Authentication in-rails Authentication in-rails Presentation Transcript

  • Experience Technologies V.P. Engineering Dec 2011 - now Software Engineer August 2010 – Dec 2011 Software EngineerMihir A. Vaidya Feb 2006 – August 2010Co-Founder andV.P. EngineeringReadyPulse Software Engineerhttps://www.linkedin.com/in/vaidyamihir May 2004 – Feb 2006https://twitter.com/mihirvaidya Researcher May 2003 – May 2004
  • •••
  • • – –
  • • – – • – – – – – – – •
  • •• –•••
  • • –•• http_basic_authenticate_with :name => "ror", :password => "rocks", :except=>[:index]
  • • – – – • • • • – • • current_user, authenticate_user! –• – – – –
  • • –
  • • – – •• –• –• –• –• – –•••••
  • •••••
  • ••• – – –• – • – –
  • • – • – – • –  – » • Perform all authentication in a HTML POPUP with your own handler pages before and after Facebook OAuth calls – • • – – • – –
  • •• – Sessions#fb_auth•
  • • – • •
  • •• –• – – •• – – (session[:user_id]) – (current_user, authenticate_user!)••
  • ••• –• – gem „omniauth-twitter‟ – gem „omniauth-facebook‟ – bundle install• – • Rails.application.config.middleware.use OmniAuth::Builder do provider :twitter, APP_CONFIG[:twitter][consumer_key], APP_CONFIG[:twitter][consumer_secret] provider :facebook, APP_CONFIG[:facebook][app_id], APP_CONFIG[:facebook][app_secret], :client_options => { :ssl => { :ca_file => "#{Rails.root}/config/ca-bundle.crt" } } End•• (/auth/:provider/callback) – request.env[“omniauth.auth”]
  • • – • •• – OmniAuth.config.on_failure = -> env do env[ActionDispatch::Flash::KEY] ||= ActionDispatch::Flash::FlashHash.new env[ActionDispatch::Flash::KEY][:error] = "Authentication failed, please try again." SessionsController.action(:new).call(env) #call whatever controller/action that displays your signup form end
  • • – – – –• – –
  • • –••
  • • – /auth/:provider/callback => sessions#create• –• – –•
  • • – provider :identity, on_failed_registration: lambda { |env| # lambda is used so that the class IdentitiesController is not cached (important for dev environment). # That way, changes to the controller will be picked up automatically since # lamda is the rack application to handle failures and not IndentitiesController#new directly IdentitiesController.action(:new).call(env) }
  • • –• – –
  • •• –•• –•• – • – • •• –
  • • – –• – • • – –• – •• – –
  • • – • • • • • –
  • •• – • –
  • • –• – – – • – –
  • ••• – – • •• – –
  • •• –
  • • – – • – •• –• – – • • •
  • •••• – – – – • –
  • •• – • – –• – – – • –•
  • •••
  • ••
  • • – • • • – •• – • – – – – • – – –•• – current_user – authenticate_user!
  • • – – – – • password_salt = BCrypt::Engine.generate_salt • password_hash = BCrypt::Engine.hash_secret(password, password_salt)• –
  • • –• – • –