Rodauth VS OmniAuth

Rodauth provides first class support for passkeys, implemented on top of the excellent webauthn-ruby gem. It enables using passkeys as a multifactor authentication method, or for passwordless login and registration. In addition to routes, views and database storage, it also provides the complete JavaScript part that interacts with Web Authentication API for zero configuration.

I can recommend rodauth: https://github.com/jeremyevans/rodauth It ships with a ton of things. Check out the features section.

In general, even though the Hanami ecosystem lacks any "plug-and-play" solutions such as Devise, you can use many existing libraries not tightly coupled to Ruby on Rails. For authentication, you can use Warden, OmniAuth or Rodauth. For uploads there is Shrine. The pagination is built into ROM. Integration with exception catchers such as Rollbar is easy.

While Devise provides a convenience layer around OmniAuth, it does nothing to actually sign the user into your app. When I started writing the OmniAuth integration for Rodauth, I wanted to go one step further and actually handle things like persistence of external identities, account creation and login, while still allowing the developer to customize the behaviour. That's how rodauth-omniauth was created. ✨

You can find the list of possible error identifiers here.

You probably meant the webauthn_login, which already supports passwordless.

When Rodauth came out, I was excited to finally have a full-featured authentication framework that wasn't tied to Rails, given that existing solutions required either Rails (Devise, Sorcery), or at least Active Record (Authlogic). Even though I mainly develop in Rails, I want other Ruby web frameworks to be viable alternatives, so I'm naturally drawn to generic solutions that everyone can use.

I wish there was the equivalent of this lib in go https://github.com/jeremyevans/rodauth

I've seen the Omniauth gem. But based on this gist it seems this gem is more suitable for web apps. Here is the quote from that gist.

In many cases, this convenient multi-provider authentication is powered by a library called OmniAuth. OmniAuth is a flexible and powerful authentication library for Ruby that allows you to integrate with multiple external providers.

Omniauthable: adds OmniAuth support.

:omniauthable is a special module in devise but it's also in charge of a very common feature: letting users log in by using a user's session from another website, e.g. Facebook, Google, Twitter, Github, etc. It's kind of delegating authentication work to those big tech companies. Nowadays, most companies follow OAuth's standards to build the authentication workflow (OAuth always means OAuth 2.0 in this article). However, each company may have different dialects when you communicate via OAuth. This module is called :omniauthable because devise has integrated with the gem omniauth, which provides a unified interface to realize the login process via OAuth.

If you want more details, the google authentication is one of many strategies for OmniAuth.

# https://github.com/omniauth/omniauth # https://github.com/settings/applications/new # echo > config/initializers/omniauth.rb # config/initializers/omniauth.rb Rails.application.config.middleware.use OmniAuth::Builder do provider :github, "GITHUB_ID", "GITHUB_SECRET" end

In general, even though the Hanami ecosystem lacks any "plug-and-play" solutions such as Devise, you can use many existing libraries not tightly coupled to Ruby on Rails. For authentication, you can use Warden, OmniAuth or Rodauth. For uploads there is Shrine. The pagination is built into ROM. Integration with exception catchers such as Rollbar is easy.

In this article, I show how to set up the rodauth-omniauth gem I had created in a Rails app, and customize the flow. This gem provides a much more integrated solution compared to Devise, in the sense that it implements the OmniAuth callback phase, automatically registering the user and/or logging them in, and persisting their external identities. It supports multiple providers, and essentially codifies this OmniAuth guide.

OmniAuth provides a standardized interface for authenticating with various external providers. Once the user authenticates with the provider, it's up to us developers to handle the callback and implement actual login and registration into the app. There is a wiki page laying out various scenarios that need to be handled if you want to support multiple providers, showing that it's by no means a trivial task.

My memory is failing me on the specifics, but I posted this issue on roda, which then led to this other issue in omniauth, plus 2 MRs on omniauth and rack-protection for doc updates.