A review of the current state of authentication in Rails, why Authlogic is the best thing since sliced bread, and how you can easily add multi-provider authentication support in your application using the new Authlogic_RPX plugin gem. This presentation was originally delivered at the Singapore Ruby Brigade Oct-09 meetup.
16. OAuth Must tie to a specific provider ahead of time Also used as the basis of OpenSocial signed requests Great if you just want to target a specific community (e.g. build a twitter app)
17. A single-sign-on solution for web sites Abstracts the authentication provider – you can support as many as JanRain support Normalizes profile settings across providers (i.e. “email” is always “email”) RPX by JanRain
18. SAML – WS* security mainly enterprise use, but now gaining some attention via openSSO 2FA/3FA solutions – provider specific or custom integrated Many others..
19. Authentication options in Rails Internal (username/password) LDAP/AD RPX by JanRain Many others.. OAuth Acts_as_authenticated Restful_authentication Clearance Twitter_oauth Openid_authentication ActiveLDAP acts_as_ldpa_authenticated Ruby Net-LDAP Rpx_now … Ruby oauth OpenID
20. Or Authlogic Internal (username/password) LDAP/AD RPX by JanRain Many others.. OAuth Authlogic-oauth Authlogic-ldap Authlogic-oid Authlogic_rpx Authlogic (base) Authlogic plugin X Or use Authlogic “ unobtrusive authentication” No generator crud Smells like ActiveRecord Plugin architecture
29. [:post] create – this is a user “signing in” Session controller All this is optional branching logic, which you can tailor specifically for your application successful save means authentication OK!
31. Access controls: Registration form (optional): Save registration (optional): Edit my profile: Show my profile: Save my profile: User controller Note: sample is a controller that only lets users access their own information, but you can just as easily adapt this so they can list and see the public profile information of other users too.