Sander, devise( https://github.com/plataformatec/devise ) + doorkeeper( https://github.com/doorkeeper-gem/doorkeeper ) may work well for your case. Doorkeeper is based on OAuth specs which is pretty solid for token based auth. A google search involving both the gems would give you enough material to get started. Good luck !
On 5 September 2014 01:47, Sander Obdeijn <i...@sanderobdeijn.nl> wrote: > No only my own private 'au natural' pictures will be hosted. > > I'm looking a the gem, but i can't find how to request a token after you > have implemented it. Is there more documention about using the token > authentication? > > Op donderdag 4 september 2014 17:20:05 UTC+2 schreef Jason FB: >> >> >> >> I think you can implement that yourself along with Devise. Since you get >> so much with devise I would do that if it were me. >> >> last time I discussed this with business people, the need for the token >> auth outweighed the security considerations. We ameliorated this by 1) >> Making the token expire 7 days after you generate it, and 2) making it >> automatically expire the moment it is used. >> >> Also, if you send that sh*t over email then you're still transmitting it >> in plain-text, which is susceptible to MITM. But the limits we put in made >> us confident this was an acceptable middle-ground. >> >> Then again, if you're storing celebrities' naked pictures of themselves, >> you might want to reconsider ;) >> >> -Jason >> >> >> >> >> On Sep 3, 2014, at 2:41 PM, Sander Obdeijn <in...@sanderobdeijn.nl> >> wrote: >> >> Hi all, i'm building my first project in RoR. And i'm now looking into >> authentication. A lot of the posts online recommended devise so i'm looking >> into that. >> I require authentication in a html website and a json api and i'm using >> ruby 1.9.3 and rails 4.1.4. Now I have seen that devise has >> removed TokenAuthenticatable. Is devise still a good option for token >> authentication or are there better options? >> >> I have seen some custom implementations of token authentication with >> devise. But i'm reluctant to use these, security is one of those area's I >> try to prevent hacking together my own code. My users trust me with their >> personal information, and I think I should respect that trust by using a >> mature solution, which has the best chance of keeping their data secure. >> >> Just to be clear I'm not running a bank or handling medical data, but >> still I don't want to implement the first snippet of code that I see and >> risk leaking my users data. >> >> Could someone offer me some advise? >> >> Regards, >> >> Sander >> >> >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Ruby on Rails: Talk" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to rubyonrails-ta...@googlegroups.com. >> To post to this group, send email to rubyonra...@googlegroups.com. >> >> To view this discussion on the web visit https://groups.google.com/d/ >> msgid/rubyonrails-talk/6911f179-05a0-4c87-bbd7- >> 6aefcae81837%40googlegroups.com >> <https://groups.google.com/d/msgid/rubyonrails-talk/6911f179-05a0-4c87-bbd7-6aefcae81837%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> For more options, visit https://groups.google.com/d/optout. >> >> >> -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to rubyonrails-talk+unsubscr...@googlegroups.com. > To post to this group, send email to rubyonrails-talk@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/rubyonrails-talk/13b03f67-70af-40fc-9cdc-bc7aee21dfc3%40googlegroups.com > <https://groups.google.com/d/msgid/rubyonrails-talk/13b03f67-70af-40fc-9cdc-bc7aee21dfc3%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-talk@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/CAJ%3Dox-BxE-2XjWyNNzF%3DcjpKGBw2RsZsDkks%3DPByAc3LNBVvqA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
