Rails 8 Authentication generator docs?

Is there any official documentation for the Rails 8 Authentication generator?

The only “doc” I found that in the Rails 8 blog post announcement:

Just run bin/rails generate authentication and you’ll get basic models for Session and User , together with a PasswordsMailer , SessionsController , and an Authentication concern. All you have to bring yourself is a user sign-up flow (since those are usually bespoke to each application). No need to fear rolling your own authentication setup with these basics provided…

I would be nice to have something to introduce it as a starter authentication, and maybe even explain some of the choices, before pushing you out of the nest to make it your own.

There are some docs:

1. All generators have help docs (rails g authentication --help), but this one is pretty sparse.

2. There is a generators guide (covers --help): Creating and Customizing Rails Generators & Templates — Ruby on Rails Guides

3. I’ve found the source code to be very readable (but without any explainer comments):

This feels really strange. I don’t think I’ve ever come across a web dev framework that doesn’t have a “Docs” link on the official site. The “Guides” are excellent but they don’t provide full coverage.

Rails does too, just not called “Docs”. The API link on the homepage is that “full coverage” framework documentation. They’re very good and cover every (public) Rails method, including those used within the generator templates.

But this generator…weeell , this is a brand new generator, so the --help docs will probably get a small update as folks like yourself dig in, ask questions, learn, and submit PRs to cover the gap.

P.S. If you’re looking for something, I’ve started watching some GoRails videos on it (Rails 7.1 Authentication From Scratch, etc.), and comparing with the authentication-zero generators.

Good tips. Thank you!

Hey there. I found this article written by Jaimy Simon. It explains most of the actors and has a couple of diagrams to get your head around the flow.

Also, as @ansonhoyt mentioned, the API reference contains valuable information about the methods used on the generated concerns/code, mainly has_secure_password and authenticate_by

Oh thanks – this is very helpful.

Since rails 8 is new the generation has a default model(User). I suppose in a near future it will be able to add yout own model. However I dont think is that necessary since the authenthication concern is very simple to use and in case you can just modify it.

Been looking for this as well. The default password reset token expires in just 15 minutes, which isn’t enough time for the SMTP service I use (smtp2go.com) to reliably deliver the email. Once the user receives the email and clicks the link the token has often already expired. I’d like to increase this to 1 hour, but haven’t been able to figure out how - not even after looking at the source code. Does anyone know how to configure this?

Edit: This is where it’s set.

It feels pretty strange to me that one of Rails 8’s flagship new features literally has no docs. Don’t think I’ve ever encountered this sort of thing before with other frameworks. Is this common for Rails to have major features that are just wholly undocumented?

I agree. The Rails documentation, both the API index and the guides, is usually excellent. I get the feeling there was a rush to get the authentication feature included in Rails 8, and then the holidays got in between. I’m sure they’ll get round to it eventually.

Hey I just came across this. Maybe you’ll find it helpful: Custom `has_secure_password` token generator expiry · abeidahmed/rails@f34269c · GitHub

Thanks, that looks like the kind of change that’s needed. Shame it doesn’t appear to have been submitted as a pull request - seems a pretty solid bit of code. Doesn’t help me since I’m not prepared to maintain my own fork.

Oh right – didn’t catch that. Well, maybe that means it’s coming soon