Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Gems You Might Not Need - Authentication and Au...

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for Brandon Beacher Brandon Beacher
March 30, 2012
Programming
5
380

Gems You Might Not Need - Authentication and Authorization

Avatar for Brandon Beacher

Brandon Beacher

March 30, 2012
Tweet

More Decks by Brandon Beacher

See All by Brandon Beacher
Ruby for Recruiters
Avatar for Brandon Beacher brandon_beacher
1
77
Academic Software Development Collaboration Tools
Avatar for Brandon Beacher brandon_beacher
3
180

Other Decks in Programming

See All in Programming
Claude Codeと2つの巻き戻し戦略 / Two Rewind Strategies with Claude Code
Avatar for 果物リン fruitriin
0
140
humanlayerのブログから学ぶ、良いCLAUDE.mdの書き方
Avatar for Yuto tsukamoto1783
0
200
The Past, Present, and Future of Enterprise Java
Avatar for ivargrimstad ivargrimstad
0
610
Lambda のコードストレージ容量に気をつけましょう
Avatar for tatsuki-yamada tattwan718
0
140
なるべく楽してバックエンドに型をつけたい!(楽とは言ってない)
Avatar for HIBIKI CUBE hibiki_cube
0
140
生成AIを活用したソフトウェア開発ライフサイクル変革の現在値
Avatar for Hiroyuki Mori hiroyukimori
PRO
0
100
AWS re:Invent 2025参加 直前 Seattle-Tacoma Airport(SEA)におけるハードウェア紛失インシデントLT
Avatar for tetutetu214 tetutetu214
2
120
例外処理とどう使い分ける?Result型を使ったエラー設計 #burikaigi
Avatar for Takuma Kajikawa kajitack
16
6.1k
AI によるインシデント初動調査の自動化を行う AI インシデントコマンダーを作った話
Avatar for azukiazusa azukiazusa1
1
750
Oxlint JS plugins
Avatar for kazupon kazupon
1
990
CSC307 Lecture 07
Avatar for Javier Gonzalez-Sanchez javiergs
PRO
1
560
Best-Practices-for-Cortex-Analyst-and-AI-Agent
Avatar for ryotaro.ikeda@finatext.com ryotaroikeda
1
110

Featured

See All Featured
The Spectacular Lies of Maps
Avatar for Per Axbom axbom
PRO
1
530
4 Signs Your Business is Dying
Avatar for Josh Pigford shpigford
187
22k
Data-driven link building: lessons from a $708K investment (BrightonSEO talk)
Avatar for Szymon szymonslowik
1
920
Fantastic passwords and where to find them - at NoRuKo
Avatar for Phil Nash philnash
52
3.6k
The untapped power of vector embeddings
Avatar for Frank van Dijk frankvandijk
1
1.6k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
Avatar for Tammy Everts tammyeverts
11
830
[SF Ruby Conf 2025] Rails X
Avatar for Vladimir Dementyev palkan
1
760
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
Avatar for Stéphanie Walter stephaniewalter
287
14k
Marketing Yourself as an Engineer | Alaka | Gurzu
Avatar for Gurzu gurzu
0
130
16th Malabo Montpellier Forum Presentation
Avatar for AKADEMIYA2063 akademiya2063
PRO
0
52
Mozcon NYC 2025: Stop Losing SEO Traffic
Avatar for Sam Torres samtorres
0
140
Context Engineering - Making Every Token Count
Avatar for Addy Osmani addyosmani
9
660

Transcript

  1. Gems You Might Not Need Authentication and Authorization

  2. Authentication Who are you? Authorization Are you allowed to do

    that?

  3. Do I need an authentication gem? Maybe not...

  4. has_secure_password • Built in to newer versions of Rails •

    Adds methods to set and authenticate against a BCrypt password. • This mechanism requires you to have a password_digest attribute. https://gist.github.com/2252946

  5. Invitations • Add an invitation_token string attribute to your model

    • Generate the token with ActiveSupport:: SecureRandom.hex https://gist.github.com/2253047

  6. Do I need an authorization gem? Maybe not...

  7. Before filters • Methods with redirects https://gist.github.com/2253206

  8. Before filters - a step further • Stay flexible to

    meet needs https://gist.github.com/3f28fd45a9755dfafd72

  9. The Forbid pattern • When you need to get more

    granular than before filters • class ForbiddenError < StandardError • rescue_from ForbiddenError https://gist.github.com/2253303

  10. The Forbid pattern - a step further • Stay flexible

    to meet business needs https://gist.github.com/2253352

  11. The End • Simple • Flexible • Easy to understand