Cover by Edd Dumbill, Simon St. Laurent, Eric J Gruber

Safari, the world’s most comprehensive technology and business learning platform.

Find the exact information you need to solve a problem on the fly, or go deeper to master the technologies and skills you need to succeed

Start Free Trial

No credit card required

O'Reilly logo

Chapter 14. Users and Authentication

While sessions expand your application-building possibilities, almost any interactive application that will be around for a while needs to be able to keep track of users. You might be a little startled to hear that Rails itself doesn’t include any mechanisms for tracking users, unlike most current web frameworks. That isn’t so much a failure as an opportunity for developers to create their own authentication approaches. Because you may want to allow users to log in through other services instead of a local username and password, the OmniAuth gem is a good place to start. (The code for this example is available in ch14/students007.)

OmniAuth uses Rack, staying a layer below most of your Rails work, and the convenience of offering both local and remote login possibilities is hard to beat.

Note

You can find out much more about OmniAuth at https://github.com/intridea/omniauth/; in particular, there’s a list of authentication strategies at https://github.com/intridea/omniauth/wiki/List-of-Strategies/.

I strongly recommend Ryan Bates’ Railscasts presentations at http://railscasts.com/episodes/241-simple-omniauth/ and http://railscasts.com/episodes/304-omniauth-identity/. They start by using remote authentication and then come back to local. That may or may not be what you want when you’re getting started.

This chapter follows many of Bates’ approaches, but focuses on local authentication. Code is also simplified to be more readable for Ruby newbies, though ...

Find the exact information you need to solve a problem on the fly, or go deeper to master the technologies and skills you need to succeed

Start Free Trial

No credit card required