Thursday, September 4, 2014
On Wednesday, 3 September 2014 14:41:30 UTC-4, Sander Obdeijn wrote:
Hi all, i'm building my first project in RoR. And i'm now looking into authentication. A lot of the posts online recommended devise so i'm looking into that.I require authentication in a html website and a json api and i'm using ruby 1.9.3 and rails 4.1.4. Now I have seen that devise has removed TokenAuthenticatable. Is devise still a good option for token authentication or are there better options?I have seen some custom implementations of token authentication with devise. But i'm reluctant to use these, security is one of those area's I try to prevent hacking together my own code. My users trust me with their personal information, and I think I should respect that trust by using a mature solution, which has the best chance of keeping their data secure.Just to be clear I'm not running a bank or handling medical data, but still I don't want to implement the first snippet of code that I see and risk leaking my users data.Could someone offer me some advise?
Some info on token_authenticatable, direct from Jose Valim:
https://gist.github.com/josevalim/fb706b1e933ef01e4fb6
A gemified version of it, recently extracted:
https://github.com/baschtl/devise-token_authenticatable
I've used the Gist version in a production app.
--Matt Jones
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/094b53ce-a92e-40b3-bcee-a330d46bcab9%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment