I think you can implement that yourself along with Devise. Since you get so much with devise I would do that if it were me.
last time I discussed this with business people, the need for the token auth outweighed the security considerations. We ameliorated this by 1) Making the token expire 7 days after you generate it, and 2) making it automatically expire the moment it is used. Also, if you send that sh*t over email then you're still transmitting it in plain-text, which is susceptible to MITM. But the limits we put in made us confident this was an acceptable middle-ground. Then again, if you're storing celebrities' naked pictures of themselves, you might want to reconsider ;) -Jason On Sep 3, 2014, at 2:41 PM, Sander Obdeijn <i...@sanderobdeijn.nl> wrote: > Hi all, i'm building my first project in RoR. And i'm now looking into > authentication. A lot of the posts online recommended devise so i'm looking > into that. > I require authentication in a html website and a json api and i'm using ruby > 1.9.3 and rails 4.1.4. Now I have seen that devise has removed > TokenAuthenticatable. Is devise still a good option for token authentication > or are there better options? > > I have seen some custom implementations of token authentication with devise. > But i'm reluctant to use these, security is one of those area's I try to > prevent hacking together my own code. My users trust me with their personal > information, and I think I should respect that trust by using a mature > solution, which has the best chance of keeping their data secure. > > Just to be clear I'm not running a bank or handling medical data, but still I > don't want to implement the first snippet of code that I see and risk leaking > my users data. > > Could someone offer me some advise? > > Regards, > > Sander > > > > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to rubyonrails-talk+unsubscr...@googlegroups.com. > To post to this group, send email to rubyonrails-talk@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/rubyonrails-talk/6911f179-05a0-4c87-bbd7-6aefcae81837%40googlegroups.com. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-talk+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-talk@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/AAC4E423-9798-422F-856B-8EB30F336C2E%40datatravels.com. For more options, visit https://groups.google.com/d/optout.
