rodauth device and you

View Slide

Anton Davydov
github.com/davydovanton 
twitter.com/anton_davydov
davydovanton.com

View Slide

OpenSource

View Slide

View Slide

authentication

View Slide

typical authentication

View Slide

• user authentication
• working with current user
• security
• different auth ways (OTP, OmniAuth, 2FA)
• simple way to use it with other frameworks

View Slide

but in a real life
we have some

View Slide

• wasting time for typical functionality
• complicated logic
• magic in models/controllers
• it’s hard to add new feature

View Slide

and actually we can use…

View Slide

devise

View Slide

devise ❤
• popular
• based on Rails engines
• use only what you really need
• add-ons
• fast for production

View Slide

devise
• only rails
• problem with custom logic
• creates unnecessary raws in table
• hulk
• can be difﬁcult to integrate

View Slide

warden

View Slide

sorcery

View Slide

custom solution

View Slide

custom solution ❤
• absolutely custom
• works only for special cases
• works good when other solutions sucks

View Slide

• DRY in each application
• spend much time for simple cases
• you can write
• you need to write all popular solutions
custom solution

View Slide

what problems we have
• no simplicity
• no ﬂexibility
• magic
• only for rails

View Slide

rodauth
github.com/jeremyevans/rodauth

View Slide

rodauth ❤
• fast
• simple
• easy to integrate with other frameworks
• many features from the box
• use only what you need

View Slide

rodauth
• little-known solution
• new technology (from Jun 7, 2015)
• another routing framework

View Slide

Jeremy Evans
github.com/jeremyevans

View Slide

roda
github.com/jeremyevans/roda

View Slide

roda: general ideas
• simplicity
• reliability
• extensibility
• performance

View Slide

# config.ru
require "roda"
class App < Roda
route do |r|
r.root do
r.redirect "/hello"
end
# GET /hello request
r.get "hello" do
"Hello world!"
end
end
end
run App.freeze.app

View Slide

rodauth: general ideas

View Slide

security

View Slide

simplicity

View Slide

flexibility

View Slide

all features

View Slide

login
logout
change password
change login
reset password
create account
close account
verify account
conﬁrm account
remember
lockout
OTP
recovery codes
SMS codes
verify change login
verify account grace period
password grace period
password complexity
disallow password reuse
password expiration
account expiration
session expiration
single session
JWT (JSON API)

View Slide

architecture

View Slide

it’s just a plugin for roda

View Slide

# cat config.ru
require "roda"
class RodauthApp < Roda
plugin :rodauth do
enable :login, :logout, :change_password
end
route do |r|
r.rodauth
rodauth.require_authentication
end
end
run RodauthApp

View Slide

how we can use rodauth
with other apps

View Slide

general idea
for integration

View Slide

use middleware

View Slide

Rack
Rodauth Your app

View Slide

Rack
environment
session
Rodauth Your app

View Slide

github.com/jeremyevans/rodauth-demo-rails

View Slide

https://git.io/vPDao

View Slide

github.com/davydovanton/rodauth_hanami

View Slide

github.com/davydovanton/grape-rodauth
JSON auth only

View Slide

but we live in real world
and we won’t use this

View Slide

how we can use these ideas
in our apps

View Slide

devise

View Slide

View Slide

use separate Account model
instead of User/Admin

View Slide

put all logic to separate
application like admin app

View Slide

don’t put all your
logic to Model

View Slide

bonus

View Slide

View Slide

• roda.jeremyevans.net
• rodauth.jeremyevans.net
• groups.google.com/forum/#!forum/ruby-roda
• irc://chat.freenode.net/#roda
• trailblazer and devise: goo.gl/cdANIA

View Slide

conclusions

View Slide

View Slide

github.com/davydovanton 
twitter.com/anton_davydov
davydovanton.com
Thank you

View Slide

rodauth device and you

rodauth device and you

Anton Davydov

More Decks by Anton Davydov

Other Decks in Programming

Featured

Transcript