Chapter 14. Users and Authentication
While sessions expand your application-building possibilities, almost any interactive application that will be around for a while needs to be able to keep track of users. You might be a little startled to hear that Rails itself doesnât include any mechanisms for tracking users, unlike most current web frameworks. That isnât so much a failure as an opportunity for developers to create their own authentication approaches. Because you may want to allow users to log in through other services instead of a local username and password, the OmniAuth gem is a good place to start. (The code for this example is available in ch14/students007.)
OmniAuth uses Rack, staying a layer below most of your Rails work, and the convenience of offering both local and remote login possibilities is hard to beat.
Note
You can find out much more about OmniAuth at https://github.com/intridea/omniauth/; in particular, thereâs a list of authentication strategies at https://github.com/intridea/omniauth/wiki/List-of-Strategies/.
I strongly recommend Ryan Batesâ Railscasts presentations at http://railscasts.com/episodes/241-simple-omniauth/ and http://railscasts.com/episodes/304-omniauth-identity/. They start by using remote authentication and then come back to local. That may or may not be what you want when youâre getting started.
This chapter follows many of Batesâ approaches, but focuses on local authentication. Code is also simplified to be more readable for Ruby ...
Get Learning Rails 3 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
