Devise, Omniauth, Sorcery or write-your-own?

[jrgifford]

So for chapter 5, we have four major options:

• Devise. RailsCasts
• Omniauth. RailsCasts
• Sorcery. RailCasts.
• Write-our-own.

I'm leaning towards devise or Sorcery. Lastly, while I haven't used it, clearance by thoughtbot looks pretty good.

We need to pick one by Tuesday April 2nd, otherwise I'm going to flip a coin.

[jrgifford]

@jrgifford it depends. For understanding I recommend writing your own (like @railstutorial ) . For instant success and WOW I'd say Devise.

-- PragTob on Twitter

[PragTob]

So to elaborate on this, I consider security a first order concern for web applications. Actually building the login yourself teaches you so much about how the things work. You know, hashes, salts and all that stuff. This will always help you going forth.

Many people however don't do this since devise etc. solve the problem ok. But if you rolled your own it's kind of easy to understand how Devise works, if you modeled it a bit like devise does. Ripping custom Login out and replacing it with devise is actually a good exercise I've seen some people do after railstutorial.

I'd stick with rails when using an authentication gem since it kind of is the default in the Rails community, although lately I hear many people saying that they don't use it but those might just be few but very vocal folks. It should still be easiest to get help when Devise goes awry.
And to support my impression, at eurucamp 2012 someone asked "Who is using devise for authentication?" Almost everyone raised their hands, I think there was like one guy who didn't. Room full with ~150 people.

Hope that helps.

[jrgifford]

Right. Thanks for the elaboration.

[jrgifford]

This is my work item tomorrow. Devise and cancan, or perhaps rollify. Not sure about the second part yet.

[jrgifford]

stuck on this. heartcombo/devise#2358

[jrgifford]

Sorcery.

[josevalim]

We are getting the strong parameters support (to Devise) soon. :)

[jrgifford]

@josevalim How soon is "soon" likely to be?

I gave up on getting this chapter into the 1.0 release, since I really wanted to use devise, and sorcery was too complex. Is there anything I can do to help get the next version of Devise out the door in the next 2 weeks? :P

[josevalim]

@jrgifford we have discussed some final adjustment today. But if there is a timeline, it is up to @latortuga. :) Considering Rails is expected to be out by RailsConf (less than a month), it would be rather sooner than later.

[jrgifford]

@josevalim ok. thank you! ❤️

[jrgifford]

@flabricorn, @SnowyPelican - we need to decide - do we want to hold off more until devise+1 ships, or do we go ahead and pull the gem in via git source inside the gemfile?

[josevalim]

The rails4 branch is ready for Rails 4! We haven't merged it yet because we want to support both Rails 3.2 and 4 versions in Devise, so we need just a bit more of tidy up!

[jrgifford]

Awesome, thanks! Just need to debate semantics with the other people
involved with this, and then we'll be good to go.

Thanks for your help and assistance!

James Gifford
cell: 2162238574
Snowy Penguin Solutions, LLC | http://snowypenguinsolutions.com

On Mon, Apr 15, 2013 at 10:21 AM, José Valim [email protected]:

The rails4 branch is ready for Rails 4! We haven't merged it yet because
we want to support both Rails 3.2 and 4 versions in Devise, so we need just
a bit more of tidy up!

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/15#issuecomment-16387548
.

[jrgifford]

semantics yay, we'll pull the gem in via source.