authentication-zero VS rodauth-rails

Subsequently, we need a way to authenticate our users to associate prompts with them. Rather than using an incumbent like Devise, I chose to use a different approach. The authentication-zero gem can flexibly generate an authentication system, as opposed to including it as an engine. Conveniently, it comes with options such as:

If you don’t need a good amount of features that Devise brings to the table, I‘d skip it entirely. Look up has_secure_password, that will be enough for a vast amount of applications with authentication. Maybe combine with cancancan for authorization. Once you feel you have a grip on those, re-evaluate devise or take a look at https://github.com/lazaronixon/authentication-zero which will transparently integrate into your app instead of providing a Rube Goldberg machine (that’s what devise will feel like for beginners for a long time).

I keep going back and forth between Devise and something a little more friendly like authentication-zero gem for authentication.

For those that have used the authentication-zero gem or are familiar with its functionality, what is the best way to upgrade it in a project when new functionality is released?

True. I tend to stay away from gems that try to integrate into multiple parts of your app to provide some sort of comprehensive solution. The kinds of gems I recommend are: 1) libraries (you call into them when you need them) 2) mounted apps on a url, isolated from the rest of your app 3) generators (this one seems nice, the author mentioned it in another HN thread: https://github.com/lazaronixon/authentication-zero).

Check out https://github.com/lazaronixon/authentication-zero

I prefer to use authentication-zero, which generates code for me in the same application using has_secure_password, has good security practices, uses the same functions as Rails, and allows me to modify the flow to my liking.

In this article, I would like to show how to set each of these up in a Rails app that uses rodauth-rails. I'll be using Safari on macOS Ventura, and have iCloud Keychain sync enabled, which is a requirement for Apple passkeys.

Once I felt things were functioning well enough, I extracted the glue code into the rodauth-rails gem and added tests. I also included an install generator, which created the initial skeleton with sensible default configuration. A new Roda superclass provided a convenience configure method for loading the Rodauth plugin together with the rails feature.

FWIW I'm using rodauth and I like it: https://github.com/janko/rodauth-rails

My question is pretty much in the title. Is it possible to do Omniauth in a Rails API Only app? I've been looking into devise-token-auth and rodauth-rails. rodauth-rails has a tutorial for Omniauth (https://github.com/janko/rodauth-rails/wiki/OmniAuth), but it is using a Rails monolith.

I didn't create it, it was created by Jeremy Evans, I just contribute to it occasionally ;). I created the Rails integration, because I wanted to bring it into the Rails ecosystem, and I recently started recording screencasts. So I'm biased in that sense :)

maybe https://github.com/janko/rodauth-rails

$/myapp> bundle info rodauth-rails * rodauth-rails (0.18.1) Summary: Provides Rails integration for Rodauth. Homepage: https://github.com/janko/rodauth-rails Path: /Users/shino/.rbenv/versions/3.0.0/lib/ruby/gems/3.0.0/gems/rodauth-rails-0.18.1

I don't know if you've seen, but I wrote a guide that shows an integration, which you can use for now. This is also what the official demo Rails app uses.