Should I create my own auth system or use devise as a beginner in rails?

Hi rubyists!

I’m learning rails through the official guide . So as a beginner should I create my own authentication system or go with devise ?



I think that as always it depends…

  • If you want to learn how to do it, you can create your own
  • If you want to just do the default login with email and password… I think that you could use devise, because it will be easier.
  • If you want to do something that is not the “devise standard”, maybe you can look for other options like…
    • Rodauth
    • Clearence
    • Sorcery
    • Authlogic

I have created apps with my own authentication system, although just for personal use.

For all the apps that I have build “professionally” I have always used devise. And although is hard sometimes to build something custom, it has been possible. In my opinion, most of the time, building your own authentication system will not make your app special.


I have a personal dislike for large dependencies on top of rails, and the way Devise expects you to configure auth. I would recommend taking a look at “Learn Enough Rails to Be Dangerous”. It has a chapter on how to implement user authentication, then RailsCasts “Authorization from Scratch” to add authorization on top of that.

You can probably do it in an afternoon, and the authentication/authorization model is much more sane because it relies on a single source of truth. Add the authentication/authorization concerns to ApplicationController, then configure everything in a single permission file per role (guest, user, admin).

1 Like

I switched to Sorcery a couple of years ago. I love it. Sorcery takes care of all the security stuff and leaves the UI to you. The UI and controller interactions are quite easy to build and you avoid all the “helpful” magic that Devise does for you.

With Devise, I always feel like I spend half my time fighting with the code that tries to do everything for me.

1 Like

If you want to learn in your spare time, - create your own. If you want to deploy a “production something” on the Internet - use devise