开发者

Rails 3 Authentication: Authlogic vs Devise

I have always used Authlogic in Rails 2.3 but now that I am using Rails 3 I think I might try out a new authentication solution.

How does Devise compare wi开发者_Go百科th Authlogic? What are their differences?


I've used them both, but not extensively. In my last project, I gave Devise a shot. I ended up using Rails-Warden instead.

  • Devise is a full authentication framework built on top of Warden. To customize its looks, you use generators, then edit the resulting views. Its routes, and view logic are hard coded. For example, successful login will always take you to /session/new? This was a dealbreaker or me, I wanted my users to end up on "welcome/index". Devise is not as well documented, or intuitive as authlogic.

  • Warden is a middleware framework Devise is based upon. It has plugins for many web authentication schemes (fb, openid, oauth), and it is easy to build a plugin for your own authentication back end. It comes with no UI, and docs are not as good as authlogic.

  • I ended up using rails-warden because I needed to plugin multiple custom authentication schemes.

  • Also, see OmniAuth answer below, that's what I am using in 2012.


    for devise, if you want to send successful login to "welcome/index" you add to routes.rb

    namespace :user do
        root :to => "welcome#index"
    end
    

    as documented https://github.com/plataformatec/devise/wiki/How-To:-Redirect-to-a-specific-page-on-successful-sign-in

    personally, i like devise. it think it's great and i guess you can call it "opinionated" but those opinions can be easily overwritten.


    I found Devise too opinionated for me. If you just want to accept the way it does things out of the box it is good and easy to get going. I had some specific requirements and found myself writing things to get round Devise so ended up ripping it out and updating Authlogic to Rails3 instead.


    Like the original questioner, I too had always used AuthLogic in the Rails 2.3 days but made the choice to use Devise when AuthLogic wasn't ready for Rails 3.1 (when it was at the RC stage). Overall I've made Devise do what I want but I'm unhappy and wish I hadn't made the change.

    User Authentication seems simple on the surface and an ideal thing to "componentize" but so many times you want to let a user engage with your site fully before requiring login and Devise makes this harder.

    Yes features like putting after_sign_in_path_for / after_sign_up_path_for into Application Controller work but these functions are really intended to do nothing more than return a path and if you're using Devise you'll find yourself sticking big blocks of code into them. It works but having your own users controller to handle user related actions is, to me, more elegant.


    If you need multiple OAuth authentication to Twitter, Facebook, LinkedIn and Google, you can use the OmniAuth gem along with Authlogic. Easy to figure out and gives you complete control over what happens as users authenticate from different social sites, which you do in authorizations_controller.rb.


    I like Devise. You can use OmniAuth with Devise too. I think that the Devise project is very active, and it has a big support on the internet.

  • 0

    上一篇:

    下一篇:

    精彩评论

    暂无评论...
    验证码 换一张
    取 消

    最新问答

    问答排行榜