Rails authentication with Authlogic RPX

Paul Gallagher
Paul GallagherIndependent Technology Consultant at Tardate Consulting
NB: This presentation was delivered at the Singapore Ruby Brigade meetup 7-Oct-2009 (hosted at wego.com)
Some things should just be banned on the interwebs..
.. pointless social “applications” ..
.. pointless social “applications” ..
.. twitter celebs ..
.. twitter celebs ..
.. custom login screens!
.. custom login screens!
What’s so bad about that? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
End of days for “own the user identity”? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Or “Why authentication and identity management is still worth talking about”
Authorisation Options
[object Object],[object Object],[object Object],[object Object],[object Object],Internal (username / password)
LDAP/AD Intranet applications Legacy directories
[object Object],[object Object],[object Object],[object Object]
OAuth Must tie to a   specific  provider ahead of time Also used as the basis  of OpenSocial signed requests Great if you just   want  to target a specific community  (e.g. build a twitter app)
A single-sign-on  solution for web sites Abstracts the  authentication provider – you can support as many as JanRain support Normalizes profile  settings across providers (i.e. “email” is always “email”) RPX by JanRain
SAML – WS* security  mainly enterprise use, but now gaining some attention via openSSO 2FA/3FA solutions  – provider specific or custom integrated Many others..
Authentication options in Rails Internal (username/password) LDAP/AD RPX by JanRain Many others.. OAuth Acts_as_authenticated Restful_authentication Clearance Twitter_oauth Openid_authentication ActiveLDAP acts_as_ldpa_authenticated Ruby Net-LDAP Rpx_now … Ruby oauth OpenID
Or Authlogic Internal (username/password) LDAP/AD RPX by JanRain Many others.. OAuth Authlogic-oauth Authlogic-ldap Authlogic-oid Authlogic_rpx Authlogic (base) Authlogic plugin X Or use Authlogic “ unobtrusive authentication” No generator crud Smells like ActiveRecord Plugin architecture
Using Authlogic_RPX
RPX Request Model Link to sign-in ..chatter.. ..chatter.. Post:token Verify:token (returns:profile info)
Authlogic_RPX-on-a-page
Enabling Authlogic_RPX ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Register your RPX app ,[object Object],Note: max 6 providers with the free RPX account
Configure your project ,[object Object],[object Object],[object Object],[object Object],[object Object]
Two MVCs: session and user ,[object Object],[object Object],[object Object],[object Object]
Controllers – clean and sweet
[:post] create – this is a user “signing in” Session controller All this is optional branching logic, which you can tailor specifically for your application successful save means authentication OK!
[:delete] destroy – this is a user “signing out” Session controller
Access controls: Registration form (optional): Save registration (optional): Edit my profile: Show my profile: Save my profile: User controller Note: sample is a controller that only lets users access their own information, but you can just as easily adapt this so they can list and see the public profile information of other users too.
Auto registration ,[object Object],[object Object],[object Object]
UserSession model – profile mapping ,[object Object],[object Object],[object Object]
UserSession model – profile mapping
UserSession model – profile mapping ,[object Object],[object Object],[object Object],[object Object]
RPX – the catch (or: why you might want to buy their pro service) Today I sign-in with Tomorrow I use these aren’t the same identities! ,[object Object],[object Object],[object Object]
Try it out ,[object Object],[object Object],[object Object],[object Object]
Take-aways ,[object Object],[object Object],[object Object],3
Take-aways ,[object Object],[object Object],[object Object],[object Object],[object Object],2
Take-aways ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],1
Thank you! ,[object Object],0
Some References ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
1 of 42

Recommended

Introduction to Ruby on Rails by
Introduction to Ruby on RailsIntroduction to Ruby on Rails
Introduction to Ruby on RailsDiki Andeas
1.3K views45 slides
Five Killer Ways to Design The Same Slide by
Five Killer Ways to Design The Same SlideFive Killer Ways to Design The Same Slide
Five Killer Ways to Design The Same SlideCrispy Presentations
3.8M views20 slides
Ruby - The Hard Bits by
Ruby - The Hard BitsRuby - The Hard Bits
Ruby - The Hard BitsPaul Gallagher
8.6K views52 slides
Multi-tenancy with Rails by
Multi-tenancy with RailsMulti-tenancy with Rails
Multi-tenancy with RailsPaul Gallagher
15.1K views41 slides
ActiveWarehouse/ETL - BI & DW for Ruby/Rails by
ActiveWarehouse/ETL - BI & DW for Ruby/RailsActiveWarehouse/ETL - BI & DW for Ruby/Rails
ActiveWarehouse/ETL - BI & DW for Ruby/RailsPaul Gallagher
5.2K views40 slides
The Adventures Of Ecka The Echidna by
The Adventures Of Ecka The EchidnaThe Adventures Of Ecka The Echidna
The Adventures Of Ecka The EchidnaPaul Gallagher
508 views25 slides

More Related Content

Recently uploaded

Discover Aura Workshop (12.5.23).pdf by
Discover Aura Workshop (12.5.23).pdfDiscover Aura Workshop (12.5.23).pdf
Discover Aura Workshop (12.5.23).pdfNeo4j
20 views55 slides
Evaluation of Quality of Experience of ABR Schemes in Gaming Stream by
Evaluation of Quality of Experience of ABR Schemes in Gaming StreamEvaluation of Quality of Experience of ABR Schemes in Gaming Stream
Evaluation of Quality of Experience of ABR Schemes in Gaming StreamAlpen-Adria-Universität
44 views34 slides
NTGapps NTG LowCode Platform by
NTGapps NTG LowCode Platform NTGapps NTG LowCode Platform
NTGapps NTG LowCode Platform Mustafa Kuğu
474 views30 slides
Innovation & Entrepreneurship strategies in Dairy Industry by
Innovation & Entrepreneurship strategies in Dairy IndustryInnovation & Entrepreneurship strategies in Dairy Industry
Innovation & Entrepreneurship strategies in Dairy IndustryPervaizDar1
39 views26 slides
Netmera Presentation.pdf by
Netmera Presentation.pdfNetmera Presentation.pdf
Netmera Presentation.pdfMustafa Kuğu
22 views50 slides
Choosing the Right Flutter App Development Company by
Choosing the Right Flutter App Development CompanyChoosing the Right Flutter App Development Company
Choosing the Right Flutter App Development CompanyFicode Technologies
13 views9 slides

Recently uploaded(20)

Discover Aura Workshop (12.5.23).pdf by Neo4j
Discover Aura Workshop (12.5.23).pdfDiscover Aura Workshop (12.5.23).pdf
Discover Aura Workshop (12.5.23).pdf
Neo4j20 views
NTGapps NTG LowCode Platform by Mustafa Kuğu
NTGapps NTG LowCode Platform NTGapps NTG LowCode Platform
NTGapps NTG LowCode Platform
Mustafa Kuğu474 views
Innovation & Entrepreneurship strategies in Dairy Industry by PervaizDar1
Innovation & Entrepreneurship strategies in Dairy IndustryInnovation & Entrepreneurship strategies in Dairy Industry
Innovation & Entrepreneurship strategies in Dairy Industry
PervaizDar139 views
Bronack Skills - Risk Management and SRE v1.0 12-3-2023.pdf by ThomasBronack
Bronack Skills - Risk Management and SRE v1.0 12-3-2023.pdfBronack Skills - Risk Management and SRE v1.0 12-3-2023.pdf
Bronack Skills - Risk Management and SRE v1.0 12-3-2023.pdf
ThomasBronack31 views
Redefining the book supply chain: A glimpse into the future - Tech Forum 2023 by BookNet Canada
Redefining the book supply chain: A glimpse into the future - Tech Forum 2023Redefining the book supply chain: A glimpse into the future - Tech Forum 2023
Redefining the book supply chain: A glimpse into the future - Tech Forum 2023
BookNet Canada46 views
The Power of Heat Decarbonisation Plans in the Built Environment by IES VE
The Power of Heat Decarbonisation Plans in the Built EnvironmentThe Power of Heat Decarbonisation Plans in the Built Environment
The Power of Heat Decarbonisation Plans in the Built Environment
IES VE85 views
LLMs in Production: Tooling, Process, and Team Structure by Aggregage
LLMs in Production: Tooling, Process, and Team StructureLLMs in Production: Tooling, Process, and Team Structure
LLMs in Production: Tooling, Process, and Team Structure
Aggregage65 views
Business Analyst Series 2023 - Week 4 Session 8 by DianaGray10
Business Analyst Series 2023 -  Week 4 Session 8Business Analyst Series 2023 -  Week 4 Session 8
Business Analyst Series 2023 - Week 4 Session 8
DianaGray10180 views
Future of AR - Facebook Presentation by Rob McCarty
Future of AR - Facebook PresentationFuture of AR - Facebook Presentation
Future of AR - Facebook Presentation
Rob McCarty66 views
PCCC23:日本AMD株式会社 テーマ2「AMD EPYC™ プロセッサーを用いたAIソリューション」 by PC Cluster Consortium
PCCC23:日本AMD株式会社 テーマ2「AMD EPYC™ プロセッサーを用いたAIソリューション」PCCC23:日本AMD株式会社 テーマ2「AMD EPYC™ プロセッサーを用いたAIソリューション」
PCCC23:日本AMD株式会社 テーマ2「AMD EPYC™ プロセッサーを用いたAIソリューション」
Optimizing Communication to Optimize Human Behavior - LCBM by Yaman Kumar
Optimizing Communication to Optimize Human Behavior - LCBMOptimizing Communication to Optimize Human Behavior - LCBM
Optimizing Communication to Optimize Human Behavior - LCBM
Yaman Kumar39 views
Measurecamp Brussels - Synthetic data.pdf by Human37
Measurecamp Brussels - Synthetic data.pdfMeasurecamp Brussels - Synthetic data.pdf
Measurecamp Brussels - Synthetic data.pdf
Human37 27 views
Don’t Make A Human Do A Robot’s Job! : 6 Reasons Why AI Will Save Us & Not De... by Moses Kemibaro
Don’t Make A Human Do A Robot’s Job! : 6 Reasons Why AI Will Save Us & Not De...Don’t Make A Human Do A Robot’s Job! : 6 Reasons Why AI Will Save Us & Not De...
Don’t Make A Human Do A Robot’s Job! : 6 Reasons Why AI Will Save Us & Not De...
Moses Kemibaro38 views
"Package management in monorepos", Zoltan Kochan by Fwdays
"Package management in monorepos", Zoltan Kochan"Package management in monorepos", Zoltan Kochan
"Package management in monorepos", Zoltan Kochan
Fwdays37 views

Featured

Google's Just Not That Into You: Understanding Core Updates & Search Intent by
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
7.1K views99 slides
How to have difficult conversations by
How to have difficult conversations How to have difficult conversations
How to have difficult conversations Rajiv Jayarajah, MAppComm, ACC
5.9K views19 slides
Introduction to Data Science by
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data ScienceChristy Abraham Joy
82.8K views51 slides
Time Management & Productivity - Best Practices by
Time Management & Productivity -  Best PracticesTime Management & Productivity -  Best Practices
Time Management & Productivity - Best PracticesVit Horky
169.8K views42 slides
The six step guide to practical project management by
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
36.7K views27 slides
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright... by
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
12.8K views21 slides

Featured(20)

Google's Just Not That Into You: Understanding Core Updates & Search Intent by Lily Ray
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Lily Ray7.1K views
Time Management & Productivity - Best Practices by Vit Horky
Time Management & Productivity -  Best PracticesTime Management & Productivity -  Best Practices
Time Management & Productivity - Best Practices
Vit Horky169.8K views
The six step guide to practical project management by MindGenius
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
MindGenius36.7K views
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright... by RachelPearson36
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
RachelPearson3612.8K views
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present... by Applitools
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Applitools55.5K views
12 Ways to Increase Your Influence at Work by GetSmarter
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
GetSmarter401.7K views
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G... by DevGAMM Conference
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
DevGAMM Conference3.6K views
Barbie - Brand Strategy Presentation by Erica Santiago
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy Presentation
Erica Santiago25.1K views
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well by Saba Software
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Saba Software25.3K views
Introduction to C Programming Language by Simplilearn
Introduction to C Programming LanguageIntroduction to C Programming Language
Introduction to C Programming Language
Simplilearn8.5K views
The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr... by Palo Alto Software
The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...
The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...
Palo Alto Software88.4K views
9 Tips for a Work-free Vacation by Weekdone.com
9 Tips for a Work-free Vacation9 Tips for a Work-free Vacation
9 Tips for a Work-free Vacation
Weekdone.com7.2K views
How to Map Your Future by SlideShop.com
How to Map Your FutureHow to Map Your Future
How to Map Your Future
SlideShop.com275.1K views
Beyond Pride: Making Digital Marketing & SEO Authentically LGBTQ+ Inclusive -... by AccuraCast
Beyond Pride: Making Digital Marketing & SEO Authentically LGBTQ+ Inclusive -...Beyond Pride: Making Digital Marketing & SEO Authentically LGBTQ+ Inclusive -...
Beyond Pride: Making Digital Marketing & SEO Authentically LGBTQ+ Inclusive -...
AccuraCast3.4K views

Rails authentication with Authlogic RPX

  • 1. NB: This presentation was delivered at the Singapore Ruby Brigade meetup 7-Oct-2009 (hosted at wego.com)
  • 2. Some things should just be banned on the interwebs..
  • 3. .. pointless social “applications” ..
  • 4. .. pointless social “applications” ..
  • 7. .. custom login screens!
  • 8. .. custom login screens!
  • 9.
  • 10.
  • 11. Or “Why authentication and identity management is still worth talking about”
  • 13.
  • 14. LDAP/AD Intranet applications Legacy directories
  • 15.
  • 16. OAuth Must tie to a specific provider ahead of time Also used as the basis of OpenSocial signed requests Great if you just want to target a specific community (e.g. build a twitter app)
  • 17. A single-sign-on solution for web sites Abstracts the authentication provider – you can support as many as JanRain support Normalizes profile settings across providers (i.e. “email” is always “email”) RPX by JanRain
  • 18. SAML – WS* security mainly enterprise use, but now gaining some attention via openSSO 2FA/3FA solutions – provider specific or custom integrated Many others..
  • 19. Authentication options in Rails Internal (username/password) LDAP/AD RPX by JanRain Many others.. OAuth Acts_as_authenticated Restful_authentication Clearance Twitter_oauth Openid_authentication ActiveLDAP acts_as_ldpa_authenticated Ruby Net-LDAP Rpx_now … Ruby oauth OpenID
  • 20. Or Authlogic Internal (username/password) LDAP/AD RPX by JanRain Many others.. OAuth Authlogic-oauth Authlogic-ldap Authlogic-oid Authlogic_rpx Authlogic (base) Authlogic plugin X Or use Authlogic “ unobtrusive authentication” No generator crud Smells like ActiveRecord Plugin architecture
  • 22. RPX Request Model Link to sign-in ..chatter.. ..chatter.. Post:token Verify:token (returns:profile info)
  • 24.
  • 25.
  • 26.
  • 27.
  • 29. [:post] create – this is a user “signing in” Session controller All this is optional branching logic, which you can tailor specifically for your application successful save means authentication OK!
  • 30. [:delete] destroy – this is a user “signing out” Session controller
  • 31. Access controls: Registration form (optional): Save registration (optional): Edit my profile: Show my profile: Save my profile: User controller Note: sample is a controller that only lets users access their own information, but you can just as easily adapt this so they can list and see the public profile information of other users too.
  • 32.
  • 33.
  • 34. UserSession model – profile mapping
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.