I have used devise in the past for user authentication and while it is a powerful gem, it certainly imposes a lot of restrictions on you.
Most of the time, it is so closed off that you cannot even open the hood and tweak it to your needs. I think this comes mostly from the fact, that it concerns itself with just too much. From verification of a password up to tracking of failed sign-ins, there is a lot that seems to be possible with devise, what bothers me is that i can't take over some part if devise's solutions does not work for me.
So, for my projects, I wanted to get rid of the cruft and start with minimal solutions. One first step on this journey is
Tinytokenauth-rails https://github.com/1klap/tinytokenauth-rails
It just concerns itself with the problem, how does any controller know whether a user is signed in or not (if yes, who is it) and how to sign a given user in or out.
With this, the task (and freedom) to come up with a solution for the required work around this, falls to the developer. Like model creation, password checking, controller and routes for registration and session, email sending, password change handling, etc. But this is also the part where customization can and will occur. Like when you want to sign up users with an invite token or a referral code, it will be trivial to add when you are handling the sign-up code yourself.
To me, this make most sense. I while I agree that not every developer should write his own authentication code from scratch, because this can be hard problems with subtle caveats, I also think that this should not be considered arcane craft that must never be touched.
I am happy for the increase in flexibilty. If you crave the same, try out the gem and let me know in the comment section here or on github how you like it.
Top comments (0)