SlideShare a Scribd company logo

Authentication in-rails

Download as PPTX, PDF
Mihir Vaidya
Mihir Vaidya

Slides from my talk at the Eastside Incubator's Rails Chat series. With so many authentication solutions out there (Devise, OmniAuth, AuthLogic, just to name a few), this slide deck goes through various options, and guides with choosing the best authentication solution for your app. The deck covers following areas... Your Own Auth (Authentication from Scratch) Your Own Auth With Facebook Connect OmniAuth (Facebook + Twitter) OmniAuth (Facebook + Twitter + Identity) Devise (+ Omniauthable, example includes Facebook and Twitter) All source code for this talk is available on GitHub at https://github.com/mvaidya/Authentication-In-Rails

Technology
1 of 42
Experience Technologies V.P. Engineering Dec 2011 - now Software Engineer August 2010 – Dec 2011 Software Engineer Mihir A. Vaidya Feb 2006 – August 2010 Co-Founder and V.P. Engineering ReadyPulse Software Engineer https://www.linkedin.com/in/vaidyamihir May 2004 – Feb 2006 https://twitter.com/mihirvaidya Researcher May 2003 – May 2004
• • •
• – –
• – – • – – – – – – – •
• • – • • •
• – • • http_basic_authenticate_with :name => "ror", :password => "rocks", :except=>[:index]
• – – – • • • • – • • current_user, authenticate_user! – • – – – –
• –
• – – • • – • – • – • – • – – • • • • •
• • • • •
• • • – – – • – • – –
• – • – – • –  – » • Perform all authentication in a HTML POPUP with your own handler pages before and after Facebook OAuth calls – • • – – • – –
•
• • – Sessions#fb_auth •
• – • •
• • – • – – • • – – (session[:user_id]) – (current_user, authenticate_user!) • •
• • • – • – gem „omniauth-twitter‟ – gem „omniauth-facebook‟ – bundle install • – • Rails.application.config.middleware.use OmniAuth::Builder do provider :twitter, APP_CONFIG[:twitter]['consumer_key'], APP_CONFIG[:twitter]['consumer_secret'] provider :facebook, APP_CONFIG[:facebook]['app_id'], APP_CONFIG[:facebook]['app_secret'], :client_options => { :ssl => { :ca_file => "#{Rails.root}/config/ca-bundle.crt" } } End • • (/auth/:provider/callback) – request.env[“omniauth.auth”]
• – • • • – OmniAuth.config.on_failure = -> env do env[ActionDispatch::Flash::KEY] ||= ActionDispatch::Flash::FlashHash.new env[ActionDispatch::Flash::KEY][:error] = "Authentication failed, please try again." SessionsController.action(:new).call(env) #call whatever controller/action that displays your signup form end
• – – – – • – –
• – • •
• – '/auth/:provider/callback' => 'sessions#create' • – • – – •
• – provider :identity, on_failed_registration: lambda { |env| # lambda is used so that the class IdentitiesController is not cached (important for dev environment). # That way, changes to the controller will be picked up automatically since # lamda is the rack application to handle failures and not IndentitiesController#new directly IdentitiesController.action(:new).call(env) }
• – • – –
• • – • • – • • – • – • • • –
• – – • – • • – – • – • • – –
• – • • • • • –
 • • – • –
• – • – – – • – –
• • • – – • • • – –
• • –
• – – • – • • – • – – • • •
• • • • – – – – • –
• • –  • – – • – – –  • – •
• • •
• •
• – • • • – • • – • – – – – • – – – • • – current_user – authenticate_user!
• – – – – • password_salt = BCrypt::Engine.generate_salt • password_hash = BCrypt::Engine.hash_secret(password, password_salt) • –
• – • – • –

Recommended

Pre auditoria trabajos_alturas
Pre auditoria trabajos_alturasPre auditoria trabajos_alturas
Pre auditoria trabajos_alturasAngelica Lopera
 
Jugando al Memory-Cuaresma
Jugando al Memory-CuaresmaJugando al Memory-Cuaresma
Jugando al Memory-CuaresmaFranciscanos Valladolid
 
Aar fourmile fire_dct-vct_jan2011_pdf
Aar fourmile fire_dct-vct_jan2011_pdfAar fourmile fire_dct-vct_jan2011_pdf
Aar fourmile fire_dct-vct_jan2011_pdfBrandon Williams
 
Ekaw2010 tutorial3
Ekaw2010 tutorial3Ekaw2010 tutorial3
Ekaw2010 tutorial3Amparo Elizabeth Cano Basave
 
CCM IDL, CORBA Component Model IDL
CCM IDL, CORBA Component Model IDLCCM IDL, CORBA Component Model IDL
CCM IDL, CORBA Component Model IDLEmmanuel Fuchs
 
On off-4
On off-4On off-4
On off-4Anjaritoi Urnieta
 
IASP World Conference, 2004 Bergamo, Italy
IASP World Conference, 2004 Bergamo, ItalyIASP World Conference, 2004 Bergamo, Italy
IASP World Conference, 2004 Bergamo, ItalyIlkka Kakko
 
Oto Brglez - Tips for better tests
Oto Brglez - Tips for better testsOto Brglez - Tips for better tests
Oto Brglez - Tips for better testsOto Brglez
 

Recommended

Pre auditoria trabajos_alturas
Pre auditoria trabajos_alturasPre auditoria trabajos_alturas
Pre auditoria trabajos_alturasAngelica Lopera
 
Jugando al Memory-Cuaresma
Jugando al Memory-CuaresmaJugando al Memory-Cuaresma
Jugando al Memory-CuaresmaFranciscanos Valladolid
 
Aar fourmile fire_dct-vct_jan2011_pdf
Aar fourmile fire_dct-vct_jan2011_pdfAar fourmile fire_dct-vct_jan2011_pdf
Aar fourmile fire_dct-vct_jan2011_pdfBrandon Williams
 
Ekaw2010 tutorial3
Ekaw2010 tutorial3Ekaw2010 tutorial3
Ekaw2010 tutorial3Amparo Elizabeth Cano Basave
 
CCM IDL, CORBA Component Model IDL
CCM IDL, CORBA Component Model IDLCCM IDL, CORBA Component Model IDL
CCM IDL, CORBA Component Model IDLEmmanuel Fuchs
 
On off-4
On off-4On off-4
On off-4Anjaritoi Urnieta
 
IASP World Conference, 2004 Bergamo, Italy
IASP World Conference, 2004 Bergamo, ItalyIASP World Conference, 2004 Bergamo, Italy
IASP World Conference, 2004 Bergamo, ItalyIlkka Kakko
 
Oto Brglez - Tips for better tests
Oto Brglez - Tips for better testsOto Brglez - Tips for better tests
Oto Brglez - Tips for better testsOto Brglez
 
Brute Force - Lior Rotkovitch - f5 SIRT v5.pdf
Brute Force - Lior Rotkovitch - f5 SIRT v5.pdfBrute Force - Lior Rotkovitch - f5 SIRT v5.pdf
Brute Force - Lior Rotkovitch - f5 SIRT v5.pdfLior Rotkovitch
 
Testing mit Codeception: Full-stack testing PHP framework
Testing mit Codeception: Full-stack testing PHP frameworkTesting mit Codeception: Full-stack testing PHP framework
Testing mit Codeception: Full-stack testing PHP frameworkSusannSgorzaly
 
Poisoning Google images
Poisoning Google imagesPoisoning Google images
Poisoning Google imageslukash4
 
DevOpsDaysRiga 2017: Mandi Walls - Building security into your workflow with ...
DevOpsDaysRiga 2017: Mandi Walls - Building security into your workflow with ...DevOpsDaysRiga 2017: Mandi Walls - Building security into your workflow with ...
DevOpsDaysRiga 2017: Mandi Walls - Building security into your workflow with ...DevOpsDays Riga
 
IBM Connection - customize it, #dd13
IBM Connection - customize it, #dd13IBM Connection - customize it, #dd13
IBM Connection - customize it, #dd13Dominopoint - Italian Lotus User Group
 
下吧开发总结
下吧开发总结下吧开发总结
下吧开发总结Night Sailer
 
Leadership Guide, 초보팀장을 위한 리더십 가이드
Leadership Guide, 초보팀장을 위한 리더십 가이드Leadership Guide, 초보팀장을 위한 리더십 가이드
Leadership Guide, 초보팀장을 위한 리더십 가이드Jinho Jung
 
SharePoint Saturday Philly - SharePoint 2010 Administrative Blunders
SharePoint Saturday Philly - SharePoint 2010 Administrative BlundersSharePoint Saturday Philly - SharePoint 2010 Administrative Blunders
SharePoint Saturday Philly - SharePoint 2010 Administrative BlundersDan Usher
 
SPSPhilly - SharePoint 2010 Tips & Tricks of the Trade - Avoiding Administrat...
SPSPhilly - SharePoint 2010 Tips & Tricks of the Trade - Avoiding Administrat...SPSPhilly - SharePoint 2010 Tips & Tricks of the Trade - Avoiding Administrat...
SPSPhilly - SharePoint 2010 Tips & Tricks of the Trade - Avoiding Administrat...Scott Hoag
 
Getting Started With SharePoint REST API in Nintex Workflows for Office 365 I...
Getting Started With SharePoint REST API in Nintex Workflows for Office 365 I...Getting Started With SharePoint REST API in Nintex Workflows for Office 365 I...
Getting Started With SharePoint REST API in Nintex Workflows for Office 365 I...Prashant G Bhoyar (Microsoft MVP)
 
Sucuri Webinar: Website Security for Web Agencies
Sucuri Webinar: Website Security for Web AgenciesSucuri Webinar: Website Security for Web Agencies
Sucuri Webinar: Website Security for Web AgenciesSucuri
 
Google-image poisoning: How hackers use images to spread malware
Google-image poisoning: How hackers use images to spread malwareGoogle-image poisoning: How hackers use images to spread malware
Google-image poisoning: How hackers use images to spread malwareAvast
 
(BDT402) Performance Profiling in Production: Analyzing Web Requests at Scale...
(BDT402) Performance Profiling in Production: Analyzing Web Requests at Scale...(BDT402) Performance Profiling in Production: Analyzing Web Requests at Scale...
(BDT402) Performance Profiling in Production: Analyzing Web Requests at Scale...Amazon Web Services
 
memories of tumblr gear & Tumblrowl
memories of tumblr gear & Tumblrowlmemories of tumblr gear & Tumblrowl
memories of tumblr gear & Tumblrowlhonishi
 
Chaione Ember.js Training
Chaione Ember.js TrainingChaione Ember.js Training
Chaione Ember.js Trainingaortbals
 
SharePoint 2010 - Tips and Tricks of the Trade - Avoiding Administrative Blun...
SharePoint 2010 - Tips and Tricks of the Trade - Avoiding Administrative Blun...SharePoint 2010 - Tips and Tricks of the Trade - Avoiding Administrative Blun...
SharePoint 2010 - Tips and Tricks of the Trade - Avoiding Administrative Blun...Dan Usher
 
BSides São Paulo - Trabalho no exterior e segurança de aplicações
BSides São Paulo - Trabalho no exterior e segurança de aplicaçõesBSides São Paulo - Trabalho no exterior e segurança de aplicações
BSides São Paulo - Trabalho no exterior e segurança de aplicaçõesIsmael Goncalves
 
HTML5 History & Features
HTML5 History & FeaturesHTML5 History & Features
HTML5 History & FeaturesDave Ross
 
Premature optimisation: The Root of All Evil
Premature optimisation: The Root of All EvilPremature optimisation: The Root of All Evil
Premature optimisation: The Root of All EvilFabio Akita
 
DevCommerce Conference 2016: Performance, anti-patterns e stacks pra desenvol...
DevCommerce Conference 2016: Performance, anti-patterns e stacks pra desenvol...DevCommerce Conference 2016: Performance, anti-patterns e stacks pra desenvol...
DevCommerce Conference 2016: Performance, anti-patterns e stacks pra desenvol...iMasters
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 

More Related Content

Similar to Authentication in-rails

Brute Force - Lior Rotkovitch - f5 SIRT v5.pdf
Brute Force - Lior Rotkovitch - f5 SIRT v5.pdfBrute Force - Lior Rotkovitch - f5 SIRT v5.pdf
Brute Force - Lior Rotkovitch - f5 SIRT v5.pdfLior Rotkovitch
 
Testing mit Codeception: Full-stack testing PHP framework
Testing mit Codeception: Full-stack testing PHP frameworkTesting mit Codeception: Full-stack testing PHP framework
Testing mit Codeception: Full-stack testing PHP frameworkSusannSgorzaly
 
Poisoning Google images
Poisoning Google imagesPoisoning Google images
Poisoning Google imageslukash4
 
DevOpsDaysRiga 2017: Mandi Walls - Building security into your workflow with ...
DevOpsDaysRiga 2017: Mandi Walls - Building security into your workflow with ...DevOpsDaysRiga 2017: Mandi Walls - Building security into your workflow with ...
DevOpsDaysRiga 2017: Mandi Walls - Building security into your workflow with ...DevOpsDays Riga
 
下吧开发总结
下吧开发总结下吧开发总结
下吧开发总结Night Sailer
 
Leadership Guide, 초보팀장을 위한 리더십 가이드
Leadership Guide, 초보팀장을 위한 리더십 가이드Leadership Guide, 초보팀장을 위한 리더십 가이드
Leadership Guide, 초보팀장을 위한 리더십 가이드Jinho Jung
 
SharePoint Saturday Philly - SharePoint 2010 Administrative Blunders
SharePoint Saturday Philly - SharePoint 2010 Administrative BlundersSharePoint Saturday Philly - SharePoint 2010 Administrative Blunders
SharePoint Saturday Philly - SharePoint 2010 Administrative BlundersDan Usher
 
SPSPhilly - SharePoint 2010 Tips & Tricks of the Trade - Avoiding Administrat...
SPSPhilly - SharePoint 2010 Tips & Tricks of the Trade - Avoiding Administrat...SPSPhilly - SharePoint 2010 Tips & Tricks of the Trade - Avoiding Administrat...
SPSPhilly - SharePoint 2010 Tips & Tricks of the Trade - Avoiding Administrat...Scott Hoag
 
Getting Started With SharePoint REST API in Nintex Workflows for Office 365 I...
Getting Started With SharePoint REST API in Nintex Workflows for Office 365 I...Getting Started With SharePoint REST API in Nintex Workflows for Office 365 I...
Getting Started With SharePoint REST API in Nintex Workflows for Office 365 I...Prashant G Bhoyar (Microsoft MVP)
 
Sucuri Webinar: Website Security for Web Agencies
Sucuri Webinar: Website Security for Web AgenciesSucuri Webinar: Website Security for Web Agencies
Sucuri Webinar: Website Security for Web AgenciesSucuri
 
Google-image poisoning: How hackers use images to spread malware
Google-image poisoning: How hackers use images to spread malwareGoogle-image poisoning: How hackers use images to spread malware
Google-image poisoning: How hackers use images to spread malwareAvast
 
(BDT402) Performance Profiling in Production: Analyzing Web Requests at Scale...
(BDT402) Performance Profiling in Production: Analyzing Web Requests at Scale...(BDT402) Performance Profiling in Production: Analyzing Web Requests at Scale...
(BDT402) Performance Profiling in Production: Analyzing Web Requests at Scale...Amazon Web Services
 
memories of tumblr gear & Tumblrowl
memories of tumblr gear & Tumblrowlmemories of tumblr gear & Tumblrowl
memories of tumblr gear & Tumblrowlhonishi
 
Chaione Ember.js Training
Chaione Ember.js TrainingChaione Ember.js Training
Chaione Ember.js Trainingaortbals
 
SharePoint 2010 - Tips and Tricks of the Trade - Avoiding Administrative Blun...
SharePoint 2010 - Tips and Tricks of the Trade - Avoiding Administrative Blun...SharePoint 2010 - Tips and Tricks of the Trade - Avoiding Administrative Blun...
SharePoint 2010 - Tips and Tricks of the Trade - Avoiding Administrative Blun...Dan Usher
 
BSides São Paulo - Trabalho no exterior e segurança de aplicações
BSides São Paulo - Trabalho no exterior e segurança de aplicaçõesBSides São Paulo - Trabalho no exterior e segurança de aplicações
BSides São Paulo - Trabalho no exterior e segurança de aplicaçõesIsmael Goncalves
 
HTML5 History & Features
HTML5 History & FeaturesHTML5 History & Features
HTML5 History & FeaturesDave Ross
 
Premature optimisation: The Root of All Evil
Premature optimisation: The Root of All EvilPremature optimisation: The Root of All Evil
Premature optimisation: The Root of All EvilFabio Akita
 
DevCommerce Conference 2016: Performance, anti-patterns e stacks pra desenvol...
DevCommerce Conference 2016: Performance, anti-patterns e stacks pra desenvol...DevCommerce Conference 2016: Performance, anti-patterns e stacks pra desenvol...
DevCommerce Conference 2016: Performance, anti-patterns e stacks pra desenvol...iMasters
 

Similar to Authentication in-rails (20)

Brute Force - Lior Rotkovitch - f5 SIRT v5.pdf
Brute Force - Lior Rotkovitch - f5 SIRT v5.pdfBrute Force - Lior Rotkovitch - f5 SIRT v5.pdf
Brute Force - Lior Rotkovitch - f5 SIRT v5.pdf
 
Testing mit Codeception: Full-stack testing PHP framework
Testing mit Codeception: Full-stack testing PHP frameworkTesting mit Codeception: Full-stack testing PHP framework
Testing mit Codeception: Full-stack testing PHP framework
 
Poisoning Google images
Poisoning Google imagesPoisoning Google images
Poisoning Google images
 
DevOpsDaysRiga 2017: Mandi Walls - Building security into your workflow with ...
DevOpsDaysRiga 2017: Mandi Walls - Building security into your workflow with ...DevOpsDaysRiga 2017: Mandi Walls - Building security into your workflow with ...
DevOpsDaysRiga 2017: Mandi Walls - Building security into your workflow with ...
 
IBM Connection - customize it, #dd13
IBM Connection - customize it, #dd13IBM Connection - customize it, #dd13
IBM Connection - customize it, #dd13
 
下吧开发总结
下吧开发总结下吧开发总结
下吧开发总结
 
Leadership Guide, 초보팀장을 위한 리더십 가이드
Leadership Guide, 초보팀장을 위한 리더십 가이드Leadership Guide, 초보팀장을 위한 리더십 가이드
Leadership Guide, 초보팀장을 위한 리더십 가이드
 
SharePoint Saturday Philly - SharePoint 2010 Administrative Blunders
SharePoint Saturday Philly - SharePoint 2010 Administrative BlundersSharePoint Saturday Philly - SharePoint 2010 Administrative Blunders
SharePoint Saturday Philly - SharePoint 2010 Administrative Blunders
 
SPSPhilly - SharePoint 2010 Tips & Tricks of the Trade - Avoiding Administrat...
SPSPhilly - SharePoint 2010 Tips & Tricks of the Trade - Avoiding Administrat...SPSPhilly - SharePoint 2010 Tips & Tricks of the Trade - Avoiding Administrat...
SPSPhilly - SharePoint 2010 Tips & Tricks of the Trade - Avoiding Administrat...
 
Getting Started With SharePoint REST API in Nintex Workflows for Office 365 I...
Getting Started With SharePoint REST API in Nintex Workflows for Office 365 I...Getting Started With SharePoint REST API in Nintex Workflows for Office 365 I...
Getting Started With SharePoint REST API in Nintex Workflows for Office 365 I...
 
Sucuri Webinar: Website Security for Web Agencies
Sucuri Webinar: Website Security for Web AgenciesSucuri Webinar: Website Security for Web Agencies
Sucuri Webinar: Website Security for Web Agencies
 
Google-image poisoning: How hackers use images to spread malware
Google-image poisoning: How hackers use images to spread malwareGoogle-image poisoning: How hackers use images to spread malware
Google-image poisoning: How hackers use images to spread malware
 
(BDT402) Performance Profiling in Production: Analyzing Web Requests at Scale...
(BDT402) Performance Profiling in Production: Analyzing Web Requests at Scale...(BDT402) Performance Profiling in Production: Analyzing Web Requests at Scale...
(BDT402) Performance Profiling in Production: Analyzing Web Requests at Scale...
 
memories of tumblr gear & Tumblrowl
memories of tumblr gear & Tumblrowlmemories of tumblr gear & Tumblrowl
memories of tumblr gear & Tumblrowl
 
Chaione Ember.js Training
Chaione Ember.js TrainingChaione Ember.js Training
Chaione Ember.js Training
 
SharePoint 2010 - Tips and Tricks of the Trade - Avoiding Administrative Blun...
SharePoint 2010 - Tips and Tricks of the Trade - Avoiding Administrative Blun...SharePoint 2010 - Tips and Tricks of the Trade - Avoiding Administrative Blun...
SharePoint 2010 - Tips and Tricks of the Trade - Avoiding Administrative Blun...
 
BSides São Paulo - Trabalho no exterior e segurança de aplicações
BSides São Paulo - Trabalho no exterior e segurança de aplicaçõesBSides São Paulo - Trabalho no exterior e segurança de aplicações
BSides São Paulo - Trabalho no exterior e segurança de aplicações
 
HTML5 History & Features
HTML5 History & FeaturesHTML5 History & Features
HTML5 History & Features
 
Premature optimisation: The Root of All Evil
Premature optimisation: The Root of All EvilPremature optimisation: The Root of All Evil
Premature optimisation: The Root of All Evil
 
DevCommerce Conference 2016: Performance, anti-patterns e stacks pra desenvol...
DevCommerce Conference 2016: Performance, anti-patterns e stacks pra desenvol...DevCommerce Conference 2016: Performance, anti-patterns e stacks pra desenvol...
DevCommerce Conference 2016: Performance, anti-patterns e stacks pra desenvol...
 

Recently uploaded

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 

Recently uploaded (20)

A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 

Authentication in-rails

  • 1.
  • 2. Experience Technologies V.P. Engineering Dec 2011 - now Software Engineer August 2010 – Dec 2011 Software Engineer Mihir A. Vaidya Feb 2006 – August 2010 Co-Founder and V.P. Engineering ReadyPulse Software Engineer https://www.linkedin.com/in/vaidyamihir May 2004 – Feb 2006 https://twitter.com/mihirvaidya Researcher May 2003 – May 2004
  • 4. – –
  • 5. – – • – – – – – – – •
  • 6. • • – • • •
  • 7. – • • http_basic_authenticate_with :name => "ror", :password => "rocks", :except=>[:index]
  • 8. – – – • • • • – • • current_user, authenticate_user! – • – – – –
  • 9.
  • 10. – – • • – • – • – • – • – – • • • • •
  • 12. • • • – – – • – • – –
  • 13. – • – – • –  – » • Perform all authentication in a HTML POPUP with your own handler pages before and after Facebook OAuth calls – • • – – • – –
  • 14.
  • 15. • • – Sessions#fb_auth •
  • 16. – • •
  • 17. • • – • – – • • – – (session[:user_id]) – (current_user, authenticate_user!) • •
  • 18. • • • – • – gem „omniauth-twitter‟ – gem „omniauth-facebook‟ – bundle install • – • Rails.application.config.middleware.use OmniAuth::Builder do provider :twitter, APP_CONFIG[:twitter]['consumer_key'], APP_CONFIG[:twitter]['consumer_secret'] provider :facebook, APP_CONFIG[:facebook]['app_id'], APP_CONFIG[:facebook]['app_secret'], :client_options => { :ssl => { :ca_file => "#{Rails.root}/config/ca-bundle.crt" } } End • • (/auth/:provider/callback) – request.env[“omniauth.auth”]
  • 19. – • • • – OmniAuth.config.on_failure = -> env do env[ActionDispatch::Flash::KEY] ||= ActionDispatch::Flash::FlashHash.new env[ActionDispatch::Flash::KEY][:error] = "Authentication failed, please try again." SessionsController.action(:new).call(env) #call whatever controller/action that displays your signup form end
  • 20. – – – – • – –
  • 21. – • •
  • 22. – '/auth/:provider/callback' => 'sessions#create' • – • – – •
  • 23. – provider :identity, on_failed_registration: lambda { |env| # lambda is used so that the class IdentitiesController is not cached (important for dev environment). # That way, changes to the controller will be picked up automatically since # lamda is the rack application to handle failures and not IndentitiesController#new directly IdentitiesController.action(:new).call(env) }
  • 24. – • – –
  • 25. • • – • • – • • – • – • • • –
  • 26. – – • – • • – – • – • • – –
  • 27. – • • • • • –
  • 28.  • • – • –
  • 29. – • – – – • – –
  • 30. • • • – – • • • – –
  • 31. • •
  • 32. – – • – • • – • – – • • •
  • 33. • • • • – – – – • –
  • 34. • • –  • – – • – – –  • – •
  • 37.
  • 38.
  • 39.
  • 40. – • • • – • • – • – – – – • – – – • • – current_user – authenticate_user!
  • 41. – – – – • password_salt = BCrypt::Engine.generate_salt • password_hash = BCrypt::Engine.hash_secret(password, password_salt) • –
  • 42. – • – • –