RESTful Authentication

I've seen the RESTful Authentication plugin that Rick Olsen has, and
was wondering if anyone has used it, or can answer my questions:

1. What does RESTful Authentication really mean? How does CRUD fit
into this?

Create - Create new user
Read - What does it mean to 'read' a user?
Update - Change the user name, etc?
Destroy - Remove user account

Seems like you would have to have a session id anyways, otherwise how
do you authorize?

2. How do sessions fit into CRUD? Is the session the object of the
CRUD, as opposed to a user?

3. What's the benefit of this over acts_as_authenticated?

Thanks!

I'm still a newb but I'll answer to the best of my ability.
Authorization is enforced using a before_filter set to certain
controller's and actions of your choice. The advantage over
acts_as_authenticated, that I see as a newb, is your getting rid of
the admin controller. Less code for the same function is always
better.

Yottameter wrote:

I’ve seen the RESTful Authentication plugin that Rick Olsen has, and

was wondering if anyone has used it, or can answer my questions:

  1. What does RESTful Authentication really mean? How does CRUD fit

into this?

Create - Create new user

Read - What does it mean to ‘read’ a user?

Update - Change the user name, etc?

Destroy - Remove user account

Seems like you would have to have a session id anyways, otherwise how do you authorize?

The restful_authentication plugin adds a couple of things over acts_as_authenticated.

One is refactoring users and sessions to follow CRUD conventions. Your list above is about right. ‘Read’ isn’t enabled by default, but could be used, for example, to show a user’s profile page.

The other thing that it adds is support for HTTP authentication of web service requests, which is the most standard way to do authentication for RESTful APIs. That’s the real benefit of this plugin over acts_as_authenticated imho – the same code will now handle both your standard login page and your API.

  1. How do sessions fit into CRUD? Is the session the object of the CRUD, as opposed to a user?

You can create/destroy sessions just as you would any other resource.

In restful_authentication for standard web pages (ie. not using the API) that will usually create a cookie which is used to store your session ID just like in acts_as_authenticated.

James.