rodauth device and you

Transcript

1. None

2. Anton Davydov github.com/davydovanton
 twitter.com/anton_davydov davydovanton.com

3. OpenSource

4. None
5. None
6. None
7. None

8. authentication

9. typical authentication

10. • user authentication • working with current user • security

    • different auth ways (OTP, OmniAuth, 2FA) • simple way to use it with other frameworks

11. but in a real life we have some

12. • wasting time for typical functionality • complicated logic •

    magic in models/controllers • it’s hard to add new feature

13. and actually we can use…

14. devise

15. devise ❤ • popular • based on Rails engines •

    use only what you really need • add-ons • fast for production

16. devise • only rails • problem with custom logic •

    creates unnecessary raws in table • hulk • can be difficult to integrate

17. warden

18. sorcery

19. custom solution

20. custom solution ❤ • absolutely custom • works only for

    special cases • works good when other solutions sucks

21. • DRY in each application • spend much time for

    simple cases • you can write • you need to write all popular solutions custom solution

22. what problems we have • no simplicity • no flexibility

    • magic • only for rails

23. rodauth github.com/jeremyevans/rodauth

24. rodauth ❤ • fast • simple • easy to integrate

    with other frameworks • many features from the box • use only what you need

25. rodauth • little-known solution • new technology (from Jun 7,

    2015) • another routing framework

26. Jeremy Evans github.com/jeremyevans

27. roda github.com/jeremyevans/roda

28. roda: general ideas • simplicity • reliability • extensibility •

    performance

29. # config.ru require "roda" class App < Roda route do

    |r| r.root do r.redirect "/hello" end # GET /hello request r.get "hello" do "Hello world!" end end end run App.freeze.app

30. # config.ru require "roda" class App < Roda route do

    |r| r.root do r.redirect "/hello" end # GET /hello request r.get "hello" do "Hello world!" end end end run App.freeze.app

31. # config.ru require "roda" class App < Roda route do

    |r| r.root do r.redirect "/hello" end # GET /hello request r.get "hello" do "Hello world!" end end end run App.freeze.app

32. # config.ru require "roda" class App < Roda route do

    |r| r.root do r.redirect "/hello" end # GET /hello request r.get "hello" do "Hello world!" end end end run App.freeze.app

33. rodauth: general ideas

34. security

35. simplicity

36. flexibility

37. all features

38. login logout change password change login reset password create account

    close account verify account confirm account remember lockout OTP recovery codes SMS codes verify change login verify account grace period password grace period password complexity disallow password reuse password expiration account expiration session expiration single session JWT (JSON API)

39. architecture

40. it’s just a plugin for roda

41. # cat config.ru require "roda" class RodauthApp < Roda plugin

    :rodauth do enable :login, :logout, :change_password end route do |r| r.rodauth rodauth.require_authentication end end run RodauthApp

42. # cat config.ru require "roda" class RodauthApp < Roda plugin

    :rodauth do enable :login, :logout, :change_password end route do |r| r.rodauth rodauth.require_authentication end end run RodauthApp

43. # cat config.ru require "roda" class RodauthApp < Roda plugin

    :rodauth do enable :login, :logout, :change_password end route do |r| r.rodauth rodauth.require_authentication end end run RodauthApp

44. # cat config.ru require "roda" class RodauthApp < Roda plugin

    :rodauth do enable :login, :logout, :change_password end route do |r| r.rodauth rodauth.require_authentication end end run RodauthApp

45. # cat config.ru require "roda" class RodauthApp < Roda plugin

    :rodauth do enable :login, :logout, :change_password end route do |r| r.rodauth rodauth.require_authentication end end run RodauthApp

46. how we can use rodauth with other apps

47. general idea for integration

48. use middleware

49. Rack Rodauth Your app

50. Rack Rodauth Your app

51. Rack Rodauth Your app

52. Rack environment session Rodauth Your app

53. github.com/jeremyevans/rodauth-demo-rails

54. https://git.io/vPDao

55. github.com/davydovanton/rodauth_hanami

56. github.com/davydovanton/grape-rodauth JSON auth only

57. but we live in real world and we won’t use

    this

58. how we can use these ideas in our apps

59. devise

60. None
61. None

62. use separate Account model instead of User/Admin

63. put all logic to separate application like admin app

64. don’t put all your logic to Model

65. bonus

66. None

67. • roda.jeremyevans.net • rodauth.jeremyevans.net • groups.google.com/forum/#!forum/ruby-roda • irc://chat.freenode.net/#roda • trailblazer

    and devise: goo.gl/cdANIA

68. conclusions

69. None

70. github.com/davydovanton
 twitter.com/anton_davydov davydovanton.com Thank you