Old thread, but it piqued my interest. Here's a pattern that I end up using quite a bit in my internal admin APIs. Once you build it a few times, it's not really any more work than basic auth, and it has very nice security characteristics.
http://git.io/vTNxj If I were going to build a public facing version of this, I'd borrow heavily from Joyent's node-http-signature scheme: https://github.com/joyent/node-http-signature/blob/master/http_signing.md On Thu, Apr 23, 2015 at 1:42 PM, Ian Young <[email protected]> wrote: > I'm wondering if anyone has recommendations for gems for serving simple > token-based authentication in Rails. You know, when you need to provide > safe API access but you don't need the overhead of OAuth2. Just have the > client send some credentials, get a token, use the token to make requests. > > Providing this in Rails is just complicated enough that I don't want to > reinvent it myself, but there's a strange dearth of good solutions out > there. There are a couple > <https://github.com/gonzalo-bulnes/simple_token_authentication> simple > ones <https://github.com/baschtl/devise-token_authenticatable> that are > tightly coupled to Devise and don't do quite enough (for example, only one > token per user), and there's this one > <https://github.com/lynndylanhurley/devise_token_auth> which does a bit > too much, is still tightly coupled to Devise, and I'm liking less the more > I use it. > > Am I missing any good ones? It's strange to see such a lack of activity > around a very common need, and it makes me think that everyone is just > shamefully reimplementing this anew for each project. > > -- > -- > SD Ruby mailing list > [email protected] > http://groups.google.com/group/sdruby > --- > You received this message because you are subscribed to the Google Groups > "SD Ruby" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > > -- > Nick Zadrozny > -- -- SD Ruby mailing list [email protected] http://groups.google.com/group/sdruby --- You received this message because you are subscribed to the Google Groups "SD Ruby" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
