Roda VS OmniAuth

Roda (roda.jeremyevans.net)

Jeremy also maintains an awesome web framework called Roda. It's lightweight, fast, and easy to use when you don't need the heft of Rails.

I've been on the Roda [0] and Sequel [1] framework for over 10 years now across various projects. Even after all these years, starting a project in this stack feels like a breath of fresh air even compared to the newer language/frameworks that jabe come out since.

Jeremy Evans is the creator and maintainer of both of these Ruby gems and is super helpful in resolving ask kinda of issues.

[0]: https://roda.jeremyevans.net/

[1]: https://sequel.jeremyevans.net/

My memory is failing me on the specifics, but I posted this issue on roda, which then led to this other issue in omniauth, plus 2 MRs on omniauth and rack-protection for doc updates.

You could pick up a framework like Phoenix, or Remix (the newest kid on the block) and I'm sure you'd get plenty far with either - and if you want ruby, try Roda. You might not have ready made tools with the newer frameworks, so watch out for that. But they have the advantage of doing thing slightly differently.

Even though Rodauth is built on top of Roda and Sequel, it can work as a Rack middleware in any Ruby web framework. In the beginning, there was a demo app showing how Rodauth can be used in Rails, which leveraged the (now discontinued) roda-rails gem. However, the integration felt fairly raw, and definitely lacked the ergonomics Rails developers are used to.

I'm a big fan of Sinatra, but recently I came across Roda which is by Jeremy Evan's whose wonderful ORM gem Sequel I've used in several projects. Looking at the documentation, Roda seems quite nice and performance gain is always appreciated.

For anything but a large app, Roda is well worth considering. It's not the easiest for beginners, due to its philosophy of being bare-bones by default but highly extendable. But it's gradually becoming integrated into Bridgetown, whose batteries-included approach is making Roda much more accessible.

I've seen the Omniauth gem. But based on this gist it seems this gem is more suitable for web apps. Here is the quote from that gist.

In many cases, this convenient multi-provider authentication is powered by a library called OmniAuth. OmniAuth is a flexible and powerful authentication library for Ruby that allows you to integrate with multiple external providers.

Omniauthable: adds OmniAuth support.

:omniauthable is a special module in devise but it's also in charge of a very common feature: letting users log in by using a user's session from another website, e.g. Facebook, Google, Twitter, Github, etc. It's kind of delegating authentication work to those big tech companies. Nowadays, most companies follow OAuth's standards to build the authentication workflow (OAuth always means OAuth 2.0 in this article). However, each company may have different dialects when you communicate via OAuth. This module is called :omniauthable because devise has integrated with the gem omniauth, which provides a unified interface to realize the login process via OAuth.

If you want more details, the google authentication is one of many strategies for OmniAuth.

# https://github.com/omniauth/omniauth # https://github.com/settings/applications/new # echo > config/initializers/omniauth.rb # config/initializers/omniauth.rb Rails.application.config.middleware.use OmniAuth::Builder do provider :github, "GITHUB_ID", "GITHUB_SECRET" end

In general, even though the Hanami ecosystem lacks any "plug-and-play" solutions such as Devise, you can use many existing libraries not tightly coupled to Ruby on Rails. For authentication, you can use Warden, OmniAuth or Rodauth. For uploads there is Shrine. The pagination is built into ROM. Integration with exception catchers such as Rollbar is easy.

In this article, I show how to set up the rodauth-omniauth gem I had created in a Rails app, and customize the flow. This gem provides a much more integrated solution compared to Devise, in the sense that it implements the OmniAuth callback phase, automatically registering the user and/or logging them in, and persisting their external identities. It supports multiple providers, and essentially codifies this OmniAuth guide.

OmniAuth provides a standardized interface for authenticating with various external providers. Once the user authenticates with the provider, it's up to us developers to handle the callback and implement actual login and registration into the app. There is a wiki page laying out various scenarios that need to be handled if you want to support multiple providers, showing that it's by no means a trivial task.

My memory is failing me on the specifics, but I posted this issue on roda, which then led to this other issue in omniauth, plus 2 MRs on omniauth and rack-protection for doc updates.