On Wednesday, 3 September 2014 14:41:30 UTC-4, Sander Obdeijn wrote: > > Hi all, i'm building my first project in RoR. And i'm now looking into > authentication. A lot of the posts online recommended devise so i'm looking > into that. > I require authentication in a html website and a json api and i'm using > ruby 1.9.3 and rails 4.1.4. Now I have seen that devise has > removed TokenAuthenticatable. Is devise still a good option for token > authentication or are there better options? > > I have seen some custom implementations of token authentication with > devise. But i'm reluctant to use these, security is one of those area's I > try to prevent hacking together my own code. My users trust me with their > personal information, and I think I should respect that trust by using a > mature solution, which has the best chance of keeping their data secure. > > Just to be clear I'm not running a bank or handling medical data, but > still I don't want to implement the first snippet of code that I see and > risk leaking my users data. > > Could someone offer me some advise? > > Some info on token_authenticatable, direct from Jose Valim:
https://gist.github.com/josevalim/fb706b1e933ef01e4fb6 A gemified version of it, recently extracted: https://github.com/baschtl/devise-token_authenticatable I've used the Gist version in a production app. --Matt Jones -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-talk@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/094b53ce-a92e-40b3-bcee-a330d46bcab9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
