Login authentication - which plugin?

Hello,

This is my first post to the forum as I'm a new RoR user.

I'm trying to decide which login/authentication plugin to use. I suppose defining what I mean by best is a good idea, so I want the plugin that is most compatible with the current ruby and rails versions and is being actively worked on.

I've installed LoginGenerator and that seems to work fine, but I've just come across SaltedHashLoginGenerator that sends forgotten password emails etc, which is a nice feature, but nothing I can't add myself if the rest of the plugin is not as good as the LoginGenerator.

Reading the wiki (http://wiki.rubyonrails.com/rails/pages/LoginGenerator) the first section looks like a warning, "This article is part of the confusing world of Authentication in Rails. Feel free to get lost in a gazillion of nearly useless and/or outdated Wikipages.", which doesn't inspire me at all! Is there better documentation somewhere?

Any advice appreciated.

-Simon

We were using auth_generator (a login generator) but they are a pain
to upgrade though it did include a handful of useful features out the
box.

We've switched to restful_authentication:
http://agilewebdevelopment.com/plugins/restful_authentication and it
has been great. It is based off AAA (Acts_As_Authentication) and is
easily expandable.

I wrote acts_as_authenticated and later restful_authentication,
heavily based on the old login_generator. Most of the conventions
were stolen from Tobi :slight_smile:

There's an old wiki:
http://technoweenie.stikipad.com/plugins/show/Acts+as+Authenticated.
The info should still be valid, the plugin has changed very little
over the last year or so.

When you try out AAA and/or Restful Auth, I strongly recommend you
read through all the code and understand what it's doing. Its not that
much code and its important (IMO) that you not treat it as a black
box.

linoj

@Simon:

Have you tried writing your own as per the “Agile Web Development” book? It’s a good way to start as it will help you better understand how others do authentication. That might help you decide which one to go with.

For the record, I use acts_as_authenticated a lot.