Chapter 14. Users and Authentication
While sessions expand your application-building possibilities, almost any interactive application that will be around for a while needs to be able to keep track of users. You might be a little startled to hear that Rails itself doesn’t include any mechanisms for tracking users, unlike most current web frameworks. That isn’t so much a failure as an opportunity for developers to create their own authentication approaches. Because you may want to allow users to log in through other services instead of a local username and password, the OmniAuth gem is a good place to start. (The code for this example is available in ch14/students007.)
OmniAuth uses Rack, staying a layer below most of your Rails work, and the convenience of offering both local and remote login possibilities is hard to beat.
Note
You can find out much more about OmniAuth at https://github.com/intridea/omniauth/; in particular, there’s a list of authentication strategies at https://github.com/intridea/omniauth/wiki/List-of-Strategies/.
I strongly recommend Ryan Bates’ Railscasts presentations at http://railscasts.com/episodes/241-simple-omniauth/ and http://railscasts.com/episodes/304-omniauth-identity/. They start by using remote authentication and then come back to local. That may or may not be what you want when you’re getting started.
This chapter follows many of Bates’ approaches, but focuses on local authentication. Code is also simplified to be more readable for Ruby newbies, though ...
Get Learning Rails 3 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.