Hello,
I would like to add authentication to my Rails app. I came across few plugins that do this: acts_as_authenticated, restful_authentication, Authlogic...etc
I haven't seen an article that describes differences, advantages and disadvantages of using each.
Can you help with that? which one do you use and why?
Thanks,
Tam
I recently switched from restful_authentication to AuthLogic. The main reason was because I found restful_authentication a bit too bloated for what I was trying to achieve. Check out Ryan Bates' brilliant screencast:
If I am correct, restful_authentication is the succesor of acts_as_authenticated. I would therefore strongly disrecommend using acts_as_authenticated.
I personally use restful_authentication. It just works the way I expect it to work...
I personally tend to use restful_authentication out of habit, but I've made use of AuthLogic a few times. AuthLogic is a lot leaner and cleaner code and tends to be much easier to setup and integrate into a project. It is also is newer and more popular (or feels like it as of late), so it should be easier to find resources or help if you need it. I'd definitely go AuthLogic.
If you'd like to know more about restful_authentication and see how it varies from AuthLogic in practice, there is also a railscast for it.
I've switched from restful_authentication to Authlogic, because Authlogic is a plugin/gem as opposed to a generator. This makes it infinitely easier to upgrade.
Authlogic is also geared around being extensible, so you can fairly easily use it with OAuth or Facebook Connect (there are Authlogic modules that implement this, but I'm not using them; it's super easy to create an Authlogic user session manually).
Stay away from acts_as_authenticated. It's ancient and unmaintained. As noted, restful_authentication is its successor.
There's also thoughtbot's clearance. Though I chose Authlogic because of the authlogic-oid open id "add-on" gem.
I'm a bit late to this party, but Devise looks pretty good. I'm using it on a project after trying AuthLogic. There's a couple of railscasts on it as well. I like it so far...definitely worth a look.
If you are looking for alternatives to the standard username/password scheme and using only external identity providers, there is a new plugin called OmniAuth that works at the rack level (so it's independent from Ruby on rails) and supports multiple external identity providers like OAuth, Facebook Connect, Google and LDAP.
There are also two Railscast episodes on how to use it: Episode 1 and Episode 2