Should I create my own auth system or use devise as a beginner in rails?

Hi rubyists!

I’m learning rails through the official guide . So as a beginner should I create my own authentication system or go with devise ?



I think that as always it depends…

  • If you want to learn how to do it, you can create your own
  • If you want to just do the default login with email and password… I think that you could use devise, because it will be easier.
  • If you want to do something that is not the “devise standard”, maybe you can look for other options like…
    • Rodauth
    • Clearence
    • Sorcery
    • Authlogic

I have created apps with my own authentication system, although just for personal use.

For all the apps that I have build “professionally” I have always used devise. And although is hard sometimes to build something custom, it has been possible. In my opinion, most of the time, building your own authentication system will not make your app special.


I have a personal dislike for large dependencies on top of rails, and the way Devise expects you to configure auth. I would recommend taking a look at “Learn Enough Rails to Be Dangerous”. It has a chapter on how to implement user authentication, then RailsCasts “Authorization from Scratch” to add authorization on top of that.

You can probably do it in an afternoon, and the authentication/authorization model is much more sane because it relies on a single source of truth. Add the authentication/authorization concerns to ApplicationController, then configure everything in a single permission file per role (guest, user, admin).

1 Like