Hello all,
is there any general law what you follow choose authentication system?
Are there any good article about pros/contras?
Thanks,
gezope
Hi…
If you are new to rails go for authlogic. because device needs lots of customization .
Thanks and regards, Shyam ruby on rails developer Mobile : +91(0)86-8846-8400 Web : Shyam.heroku.com
Hi…
If you are new to rails go for authlogic. because device needs lots of customization .
Devise gives you a heads up start, and its modular. Yes, it needs customization but any authentication solution would need that because everyone has its own set of requirements
Hi..
If you are new to rails go for authlogic. because device needs lots of customization .
I'm not new to Rails and I go with a +1 to authlogic. I just tried Devise, but seemed too much for me. I love Authlogic's simplicity.
If you just need a simple authentication system you can also roll your own. Ryan Bates has a good screencast for it at Railscasts.com: #250 Authentication from Scratch - RailsCasts
... as well as Devise screencasts
Watch for them and see why Ryan suggests to use Devise
The Railscast on rolling your own authentication solution was made later than the Railscasts on Devise. Ryan made the later cast on rolling your own because he kept getting a lot of questions on Devise.
Neither, go with the external authentication omniauth gem. People don’t like to register to any web sites. They like to use their existing accounts.
Thanks for all, I'll watch all related screencasts and make decision. Do you use mixed authentication? Like Devise with Omniauth together? Thanks again, all helped a lot! Zoltan
That seems like a pretty sweeping statement, especially without any context as to a given site's audience.
It doesn't appear to me that omniauth offers an alternate local account authentication method, which means that if a user doesn't use any of your offered providers (or prefers not to), s/he's out of luck.
Something to consider.
Neither, go with the external authentication omniauth gem. People don’t like
to register to any web sites. They like to use their existing accounts.
That seems like a pretty sweeping statement, especially without any
context as to a given site’s audience.
It doesn’t appear to me that omniauth offers an alternate local account
authentication method, which means that if a user doesn’t use any of
your offered providers (or prefers not to), s/he’s out of luck.
Not really. The user can still click on a provider icon and signup right there. It is better to offload authentication to the main stream sites. I don’t see a reason for providing a fifth wheel :). Let’s face it. No one wants to fill out another registration form and compromise their password or worst remember yet another password.
How is "click on a provider icon and signup right there" any different, then, other than passing this off to a third party who the user may or may not perceive as "trusted", compared to your site?
I'd love to see some A/B testing on task abandonment using the two approaches, but in the absence of it I'll remain skeptical about the use of this across the board.
YMMV,
