Top 22 Ruby Authorization Projects

Pundit

4 7,240 0.4 Ruby

Minimal authorization through OO design and pure Ruby classes

Project mention: Project management app users advice | reddit.com/r/rubyonrails | 2021-04-10

This is called “authorization”. pundit is a great library for it.
CanCanCan

3 4,857 7.5 Ruby

The authorization Gem for Ruby on Rails.

Project mention: Using CanCanCan With StimulusReflex In Your Rails App | dev.to | 2021-03-22

If you are using CanCanCan for authorization and also want to use the magic of StimulusReflex for reactive page updates, these strategies will help you check user abilities in your reflexes.
Scout APM

Sponsored scoutapm.com

Scout APM - Leading-edge performance monitoring starting at $39/month. Scout APM uses tracing logic that ties bottlenecks to source code so you know the exact line of code causing performance issues and can get back to building a great product faster.
Doorkeeper

1 4,781 7.1 Ruby

Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape.
Project mention: Authelia is an open-source authentication/authorization server with 2FA/SSO | news.ycombinator.com | 2021-03-10

One thing that is missing from this list is open source language specific libraries. Projects such as https://oauthlib.readthedocs.io/en/latest/oauth2/server.html and https://github.com/doorkeeper-gem/doorkeeper
Depending on your use case, for example if you only have one application, you might be better off running something embedded in your app, or independent but using the same runtime/deployment environment. Then, when you are ready to add another app or integration, you should be able to introduce a standalone auth system more easily if appropriate (because all your auth interactions should be relatively standardized). I'm a big fan of standalone auth systems as a way to simplify access control and give a single view of a user/customer, but you can also succeed using open source embedded libraries.
When the moment comes to introduce a standalone system, you should consider a few dimensions (this list pulled from a previous comment of mine: https://news.ycombinator.com/item?id=26360048 ):
```
   * open source or not
```
rolify

0 2,867 2.0 Ruby

Role management library with resource scoping
Declarative Authorization

0 1,259 0.0 Ruby

An unmaintained authorization plugin for Rails. Please fork to support current versions of Rails
acl9

0 854 0.0 Ruby

Yet another role-based authorization system for Rails
Action Policy

1 736 7.3 Ruby

Authorization framework for Ruby/Rails applications

Project mention: Rails: How to Reduce Friction at the Authorization Layer | reddit.com/r/ruby | 2021-03-15

At work, we've recently faced similar issues and moved to ActionPolicy as a result. It's designed slightly differently, but there is a lot of overlap with what John came up with.
AccessGranted

0 733 0.0 Ruby

Multi-role and whitelist based authorization gem for Rails (and not only Rails!)
graphql-guard

0 434 0.3 Ruby

Simple authorization gem for GraphQL :lock:
Consul

0 274 2.7 Ruby

Scope-based authorization for Ruby on Rails. (by makandra)
RoleCore

0 264 2.0 Ruby

🔐A Rails engine providing essential industry of Role-based access control.
banken

0 249 0.0 Ruby

Simple and lightweight authorization library for Rails
Groupify

0 187 0.0 Ruby

Add group and membership functionality to your Rails models
Pundit Matchers

0 175 0.0 Ruby

A set of RSpec matchers for testing Pundit authorisation policies.
RedisWebManager

0 140 4.4 Ruby

Manage your Redis instance (see keys, memory used, connected client, etc...)
Canard

0 126 0.0 Ruby

Makes role based authorization in Rails really simple. Wraps CanCan and RoleModel up with a smattering of syntactic sugar, some generators and scopes.
Next Rails

0 95 1.5 Ruby

A toolkit to upgrade your next Rails application
Yabeda::Puma::Plugin

0 35 3.9 Ruby

Collects Puma web-server metrics from puma control panel
browserslist_useragent gem

0 26 0.0 Ruby
Operators

0 23 0.0 Ruby

Service Object based on Either Monad
KittyPolicy

0 22 0.0 Ruby

Kitty Policy Ruby Authorization Gem
Trust

0 14 0.0 Ruby

Authorization mechanisms for Rails (by teknobingo)

NOTE: The open source projects on this list are ordered by number of github stars. The number of mentions indicates repo mentiontions in the last 12 Months or since we started tracking (Dec 2020). The latest post mention was on 2021-04-10.

Index

What are some of the best open-source Authorization projects in Ruby? This list will help you:

	Project	Stars
1	Pundit	7,240
2	CanCanCan	4,857
3	Doorkeeper	4,781
4	rolify	2,867
5	Declarative Authorization	1,259
6	acl9	854
7	Action Policy	736
8	AccessGranted	733
9	graphql-guard	434
10	Consul	274
11	RoleCore	264
12	banken	249
13	Groupify	187
14	Pundit Matchers	175
15	RedisWebManager	140
16	Canard	126
17	Next Rails	95
18	Yabeda::Puma::Plugin	35
19	browserslist_useragent gem	26
20	Operators	23
21	KittyPolicy	22
22	Trust	14