Our great sponsors
-
rails-authentication-from-scratch
A step-by-step guide on how to build your own authentication system in Rails from scratch.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
I agree in principle, but in practice I see why the "out of the box" experience is not great for new Rails apps since compatibility with Turbo is still an unresolved issue: https://github.com/heartcombo/devise/issues/5446
Devise not being Hotwire compatible is a huge turnoff for me. Honestly if I were staring a new project today I’d probably go with a “hand rolled” authentication. I haven’t done it myself but I know a lot of thought was put into this guide if you were interested in that route: https://stevepolito.design/blog/rails-authentication-from-scratch/
You can find the list of possible error identifiers here.
There hasn't been a lot that has changed to how sessions are managed. Warden itself hasn't had much by way of updates in years, but you didn't even mention that.
I prefer to use authentication-zero, which generates code for me in the same application using has_secure_password, has good security practices, uses the same functions as Rails, and allows me to modify the flow to my liking.