Authentication in-rails

921 views

Published on

Slides from my talk at the Eastside Incubator's Rails Chat series.

With so many authentication solutions out there (Devise, OmniAuth, AuthLogic, just to name a few), this slide deck goes through various options, and guides with choosing the best authentication solution for your app.

The deck covers following areas...

Your Own Auth (Authentication from Scratch)
Your Own Auth With Facebook Connect
OmniAuth (Facebook + Twitter)
OmniAuth (Facebook + Twitter + Identity)
Devise (+ Omniauthable, example includes Facebook and Twitter)

All source code for this talk is available on GitHub at https://github.com/mvaidya/Authentication-In-Rails

Published in: Technology
  • Be the first to comment

Authentication in-rails

  1. 1. Experience Technologies V.P. Engineering Dec 2011 - now Software Engineer August 2010 – Dec 2011 Software EngineerMihir A. Vaidya Feb 2006 – August 2010Co-Founder andV.P. EngineeringReadyPulse Software Engineerhttps://www.linkedin.com/in/vaidyamihir May 2004 – Feb 2006https://twitter.com/mihirvaidya Researcher May 2003 – May 2004
  2. 2. •••
  3. 3. • – –
  4. 4. • – – • – – – – – – – •
  5. 5. •• –•••
  6. 6. • –•• http_basic_authenticate_with :name => "ror", :password => "rocks", :except=>[:index]
  7. 7. • – – – • • • • – • • current_user, authenticate_user! –• – – – –
  8. 8. • –
  9. 9. • – – •• –• –• –• –• – –•••••
  10. 10. •••••
  11. 11. ••• – – –• – • – –
  12. 12. • – • – – • –  – » • Perform all authentication in a HTML POPUP with your own handler pages before and after Facebook OAuth calls – • • – – • – –
  13. 13.
  14. 14. •• – Sessions#fb_auth•
  15. 15. • – • •
  16. 16. •• –• – – •• – – (session[:user_id]) – (current_user, authenticate_user!)••
  17. 17. ••• –• – gem „omniauth-twitter‟ – gem „omniauth-facebook‟ – bundle install• – • Rails.application.config.middleware.use OmniAuth::Builder do provider :twitter, APP_CONFIG[:twitter][consumer_key], APP_CONFIG[:twitter][consumer_secret] provider :facebook, APP_CONFIG[:facebook][app_id], APP_CONFIG[:facebook][app_secret], :client_options => { :ssl => { :ca_file => "#{Rails.root}/config/ca-bundle.crt" } } End•• (/auth/:provider/callback) – request.env[“omniauth.auth”]
  18. 18. • – • •• – OmniAuth.config.on_failure = -> env do env[ActionDispatch::Flash::KEY] ||= ActionDispatch::Flash::FlashHash.new env[ActionDispatch::Flash::KEY][:error] = "Authentication failed, please try again." SessionsController.action(:new).call(env) #call whatever controller/action that displays your signup form end
  19. 19. • – – – –• – –
  20. 20. • –••
  21. 21. • – /auth/:provider/callback => sessions#create• –• – –•
  22. 22. • – provider :identity, on_failed_registration: lambda { |env| # lambda is used so that the class IdentitiesController is not cached (important for dev environment). # That way, changes to the controller will be picked up automatically since # lamda is the rack application to handle failures and not IndentitiesController#new directly IdentitiesController.action(:new).call(env) }
  23. 23. • –• – –
  24. 24. •• –•• –•• – • – • •• –
  25. 25. • – –• – • • – –• – •• – –
  26. 26. • – • • • • • –
  27. 27. •• – • –
  28. 28. • –• – – – • – –
  29. 29. ••• – – • •• – –
  30. 30. •• –
  31. 31. • – – • – •• –• – – • • •
  32. 32. •••• – – – – • –
  33. 33. •• – • – –• – – – • –•
  34. 34. •••
  35. 35. ••
  36. 36. • – • • • – •• – • – – – – • – – –•• – current_user – authenticate_user!
  37. 37. • – – – – • password_salt = BCrypt::Engine.generate_salt • password_hash = BCrypt::Engine.hash_secret(password, password_salt)• –
  38. 38. • –• – • –

×