authentication-zero
devise-two-factor
authentication-zero | devise-two-factor | |
---|---|---|
15 | 5 | |
1,318 | 1,184 | |
- | 0.3% | |
8.0 | 6.0 | |
2 months ago | about 1 month ago | |
Ruby | Ruby | |
MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
authentication-zero
-
An Introduction to LiteStack for Ruby on Rails
Subsequently, we need a way to authenticate our users to associate prompts with them. Rather than using an incumbent like Devise, I chose to use a different approach. The authentication-zero gem can flexibly generate an authentication system, as opposed to including it as an engine. Conveniently, it comes with options such as:
- Generate a pre-built authentication system into a rails application
-
Everything was going great until I installed Devise!
If you don’t need a good amount of features that Devise brings to the table, I‘d skip it entirely. Look up has_secure_password, that will be enough for a vast amount of applications with authentication. Maybe combine with cancancan for authorization. Once you feel you have a grip on those, re-evaluate devise or take a look at https://github.com/lazaronixon/authentication-zero which will transparently integrate into your app instead of providing a Rube Goldberg machine (that’s what devise will feel like for beginners for a long time).
-
Authentication, Roles, and Authorization... oh my.
I keep going back and forth between Devise and something a little more friendly like authentication-zero gem for authentication.
-
Upgrading authentication-zero gem in project
For those that have used the authentication-zero gem or are familiar with its functionality, what is the best way to upgrade it in a project when new functionality is released?
- An authentication system generator for Rails applications.
- For Rails API-only authentication, do you go for a gem or 3D party service?
-
An Overview of Ruby on Rails 7.1 Features. Part III
True. I tend to stay away from gems that try to integrate into multiple parts of your app to provide some sort of comprehensive solution. The kinds of gems I recommend are: 1) libraries (you call into them when you need them) 2) mounted apps on a url, isolated from the rest of your app 3) generators (this one seems nice, the author mentioned it in another HN thread: https://github.com/lazaronixon/authentication-zero).
-
why is devise industry standard?
Check out https://github.com/lazaronixon/authentication-zero
-
Time to think about swapping off Devise?
I prefer to use authentication-zero, which generates code for me in the same application using has_secure_password, has good security practices, uses the same functions as Rails, and allows me to modify the flow to my liking.
devise-two-factor
-
Rails Authentication for Compliance
Your authentication mechanism should include multiple factors, something the user knows and something the user has. If you are using Devise, you can use the devise-two-factor gem. If you have custom authentication, you can use the rotp gem to generate OTP codes and verify those during login.
-
Ask HN: Why doesn't MFA as a stand alone API exist?
In Ruby-on-Rails it's part of the authentication framework Devise https://github.com/tinfoil/devise-two-factor and related modules including creating QR codes, backup codes etc. PHP Laraval has similar libraries https://jetstream.laravel.com/2.x/features/two-factor-authen...
Auth0 and similar commercial companies might very good at marketing. Try replacing "API" with "library" or a programming language name.
> It's just not valuable enough for anyone to create
For a commercial API you need to charge $10 USD/month, or equivalent in terms of per-API-call, otherwise your service won't be profitable. You call 5 US cent already expensive, so I think you're right, it's not valuable enough.
-
I resurrected devise-otp from the dead
I've used https://github.com/tinfoil/devise-two-factor before – it's good to know there is a maintained alternative that implements the UI already and is compatible to Rails 7.
-
What's going on with Devise for Rails 7 ?!
Are you referring to the devise two factor authentication gem at https://github.com/tinfoil/devise-two-factor? If so, I have posted a ticket that modifies the gem to use the Rails 7 Active Record encryption capabilities and some folks have been asking if a pull request could be created for it. There is some discussion going on in the issue thread on how to proceed. See https://github.com/tinfoil/devise-two-factor/issues/192 for details.
-
Modern 2FA gem for Devise
devise-two-factor: https://github.com/tinfoil/devise-two-factor
What are some alternatives?
devise - Flexible authentication solution for Rails with Warden.
active_model_otp - Adds methods to set and authenticate against one time passwords (Two-Factor Authentication). Inspired in AM::SecurePassword
Devise - Flexible authentication solution for Rails with Warden.
rodauth-rails - Rails integration for Rodauth authentication framework
rails_mvp_authentication - An authentication generator for Rails 7. Generate all the files needed to create a feature rich authentication system that you control. No configuration needed.
rotp - Ruby One Time Password library
JWT - A ruby implementation of the RFC 7519 OAuth JSON Web Token (JWT) standard.
warden - General Rack Authentication Framework
Devise Token Auth - Token based authentication for Rails JSON APIs. Designed to work with jToker and ng-token-auth.
Clearance - Rails authentication with email & password.
genkan - :door::running:Genkan is authentication engine for Rails
pwned - 😱 An easy, Ruby way to use the Pwned Passwords API.