New Rails authentication king?
Рет қаралды 8,803
Жыл бұрынIn this video, we take a whirlwind tour of the authentication-zero gem github.com/lazaronixon/authen...
This new take on authentication in Rails builds upon the has_secure_password functionality and generates all the code for you, right inside your app. So you can customise all of your auth logic to your heart's content!
This is going to replace Devise as my new default auth gem!
The source code for this episode is available here:
github.com/phawk/rapid_auth_z...
---
Has this video helped you out? Consider buying me a coffee to say thanks and support future content like this, thanks!
app.payhere.co/rapid-ruby/buy...
You can also find more content like this, including premium courses and exclusive community and mentorship to help you level-up! Head over to rapidruby.com and use the code RRKZbin for a discount!
@TeenaCode Жыл бұрын
Hi Pete, Hope you're doing great... Been busy with work lately, but I'm here today to like and binge-watch all the videos I missed 😊 Have a great day!
@rapid-ruby Жыл бұрын
Awesome Teena, enjoy!
@beWorldly 6 ай бұрын
Thanks for bringing this amazing gem to my attention. I cannot stand Devise, so this is a very welcome change! It boggles my mind how difficult it is to do any kind of customization in Devise, and a gem like this is EXACTLY what I have been looking for! so Thank you!
@sidalidev 8 ай бұрын
Thanks for the discovery, I'll try it out 🙂
@dd-gk3mv 8 ай бұрын
What font and theme are you using?
@rafaeldepaula275 Жыл бұрын
Thanks for the video! I'm building a SaaS and was thinking in try this gem, but just realized that there is a PR ongoing on devise adding Rails 7/Hotwire integration. I'll test in another app soon tho.
@rapid-ruby Жыл бұрын
That’s good to know. I think in the future I’ll still lean towards authentication-zero because of how it works and owning the auth code just brings a lot of future flexibility and extensibility.
@rafaeldepaula275 Жыл бұрын
@@rapid-ruby yeah, this is powerful! I'll test in a later project, for sure. Also, I'm a Jr. developer, so it will be good to understand and learn more about RoR and programming in general. Thanks again for the tip!
@cmer79 Жыл бұрын
Great, to-the-point video. Thank you!
@cmer79 Жыл бұрын
One thing I've always wondered (but never spent much time researching) is how difficult it would be to convert an existing Devise application to a new authentication system like this while maintaining existing users and passwords. This would obviously require keeping the same hashing mechanism. Given how many people want to get off Devise, this might be a good idea for your next video.
@rapid-ruby Жыл бұрын
Great idea! Thanks!
@chaosmagican Жыл бұрын
It's not required to use the same hashing algo. When we took over a project and redid it from scratch we wanted to use strong bcrypt while the former application used (idk sha hash or something bad). We could have required all users to reset their password but we wanted to avoid that friction and just upgrade on successful authentication. This obviously requires some sort of distinction so you know which account has old hashes and which don't. Eventually after a grace period we then purged all the remaining old hashes.
@JohnSmall314 7 ай бұрын
As Devise uses Bcrypt it ought to be possible to move hashed passwords over. But Devise also uses a static pepper held in the app which would complicate things a bit,
@helmutkobler7752 Жыл бұрын
Thanks for the nice video! I don't know much about authentication systems....since the code is generated one time by the gem, that means you don't have the ability to download an update with security patches. How important is that? Perhaps auth systems are so straightforward that that's not really necessary?
@rapid-ruby Жыл бұрын
Thanks! Very good question! As far as I know, that’s why they recommend that you keep the gem installed, even after you have generated the code, so that it could update in the future. I don’t think it will update the code, but it might put a warning in your console so you know.
@kofferraum Жыл бұрын
This is my main concern with this as well. Not only for security issues but also to get new features or other improvements as they are released.
@rapid-ruby Жыл бұрын
Yeah, that’s why it’s recommended that you keep the gem installed. I don’t see the ‘new features’ reason though, there’s not much that I’m aware of that other auth gems have added feature wise over the years, they all follow a pretty standard feature set. Other than Devise, where you can add third party gems to get more features out of the box. But I’d avoid this as well, I wouldn’t want a lot of third party gems built into my authentication system, particularly if they aren’t battle tested.
@wmcraver Жыл бұрын
Thank you for creating this video. I've been messing around with it a lot today and have a question that I've had with other authentication gems. What is the best way to restrict new registrations? If I'm creating an internal application where I don't want people to sign up, how would I go about this? Is it a rolify & pundit type solution for authorization?
@rapid-ruby Жыл бұрын
Hey Mitchell, if it’s a very basic need, you could just check out the config/routes.tv file and comment out the routes for sign up. That would be the easiest approach, and then for creating user accounts, make them in the rails console?
@AkashGupta-wd3dp 5 ай бұрын
i am getting arguement error from testing api of signin method and also there is another issue authenticate by undefined method error
@azizdevfull Жыл бұрын
amazing : )
@lucasmedeiros9755 Жыл бұрын
I have a crud of notes, how i can use this authentication-zero gem to create the notes for the logged user?
@vazryag Жыл бұрын
Hi, Pete! Is there some problem with Devise recently? I've seen many ruby developers talking about Devise alternatives on Twitter. Some security concern? Problems with integrating Devise with Rails 7?
@rapid-ruby Жыл бұрын
Hey @n0rmand! Not that I know of, the main reason I prefer this is just owning all of the auth code inside your own codebase makes it the most flexible solution over time. I think it's a personal preference.
@steveclarke1764 Жыл бұрын
I think it may have to do with how slow Devise has been to keep up with Rails changes. For e.g. it still doesn't work seamlessly out of the box with Turbo/Hotwire.
@rapid-ruby Жыл бұрын
Yeah that makes a lot of sense. And this approach works out of the box with turbo which is awesome!
@stpaquet Жыл бұрын
Yes there are tons for Rails7. Devise poorly integrates with Turbo leading developers to money patch all the issues created by this situation. Devise moved to a new maintenance group that displayed great ambitions, but seem to be failing at following them. All in all, Devise project looks dead from my point of view and I decided to move the DHH way: having my own authentication process. Thanks to Pete I discovered an alternative that seem to be well thought. Let's keep our fingers crossed that this initiative will have enough resources to not fall into the same pitfalls Devise did.
@abdu5822 Жыл бұрын
could you please make one or two videos about Database model relationships and their queries. please?
@rapid-ruby Жыл бұрын
Hey @Abdullahi, is there anything in particular you’d like to know or are struggling with? Thanks!
@abdu5822 Жыл бұрын
single table inheritance, polymorphic relationships etc
@GabrielMartinez-ez9ue 3 ай бұрын
For someone new to rails, would you suggest not learning devise and stick to this one instead?
@rapid-ruby 3 ай бұрын
Hey Gabriel, yes, most definitely, devise has a lot of magic going on underneath and I think it can be tricky to grasp. At least with this you can look at all the controllers that have been generated for you.
@TheVimeo Жыл бұрын
the url for the gem has a the end of the link ). also really nice video
@rapid-ruby Жыл бұрын
Thanks for this, I hope that's fixed it now :)
@alexk440 8 ай бұрын
What about jwt?
@rapid-ruby 8 ай бұрын
Do you mean using jwt for auth? In my opinion it’s not really authentication, it’s a token mechanism which you can use for APIs, but not really useful when it comes to building Hotwire apps.
Ruby on Rails
Рет қаралды 17 М.
CaseGuru / Наушники / Пылесосы / Смарт-часы /
Рет қаралды 3,9 МЛН