Which Rails authentication system is better: AuthLogic, Clearance, or Devise?

Question

I'd like to implement a third-party Ruby on Rails authentication system that is actively developed and carries sensible defaults.

I've narrowed down my selection to AuthLogic and Clearance (thoughtbot) -- can anyone sway me in either direction? In terms of requirements, both would work for my project from what I can tell. It looks like documentation/code samples in both are fairly similar, and both are relatively easy to setup.

Anyone have a preference? I really like AuthLogic's OpenID plugin -- don't know if Clearance can do that.

Consider revising your title, as it suggests that your question is much broader than it actually is (resulting in it being flagged as subjective), when in fact you're just asking for a comparison between two options. — Tim Post, Apr 25 '11 at 23:08

score 7 · Accepted Answer · answered Apr 25 '11 at 22:42

7

Devise for sure :)

https://github.com/plataformatec/devise

answered Apr 25 '11 at 22:42

Spyros

46,820
25
86
129

I'll take a look, I'm reading their docs and liking it so far! Thanks :) – Trent Scott Apr 25 '11 at 22:56
Devise is a bit of a mess, with logic spread out over models and controllers. – Doug Oct 09 '16 at 15:49

Michael Durrant · Answer 2 · 2012-03-30T20:58:28.830

I have used the restful_authentication gem, authLogic and Devise and I like devise 'cos it's model based (higher up the stack is better and easier to rspec) and also lets you just put in an admin flag in the user table for admins and go with that (or use roles for more complex stuff).

Another gem that has become common with devise is cancan for roles, e.g. admin, reader, manager, etc (whatever you want) with syntax like below (from the cancan gem).

<% if can? :update, @article %>
  <%= link_to "Edit", edit_article_path(@article) %>
<% end %>

score 2 · Answer 3 · answered Nov 15 '12 at 14:24

Questions about authorization are often poorly formulated because we are all interested in different aspects.

In my case, we have a well developed application (Wagn, see http://wagn.org), and it has a home grown authentication functions built in already. What we are doing is making the application independent of the authentication system, so I am most interested in two dimensions:

1) What is the API for the provider interface and how easy is it to add to my app.

I've just done a lot of work to route all of it through a set of class or module methods that the application uses, and a model for the home grown AR class (a User class and users table) that. This leads to the next part:

2) What authorization providers are available and what do I have to do to load them with my application (typically I would expect these to be in one or more Rack middlewares).

I don't need Devise, it does too much, I want an interface to external auth providers. My app may provide forms that will post parameters to the auth services, but it won't be using their Rails views or controller.

I suspect this situation is common for a certain class of developers.

score 2 · Answer 4 · answered Apr 25 '11 at 23:09

2

Did you already rule out Devise for some reason?

If not, it's the most current and complete authentication framework for Rails. As for openID authentication, take a look at OmniAuth, which integrates seamlessly with devise.

answered Apr 25 '11 at 23:09

Adam Rubin

777
1
7
16

Thanks, I'm looking at it now! Seems like it will do everything I need and then some. – Trent Scott Apr 25 '11 at 23:15

Which Rails authentication system is better: AuthLogic, Clearance, or Devise?

4 Answers4