Authenticating Rails Apps - Don't go it alone

Bad tip. Doesn't work for all cases. Rails has SecurePassword module.

I agree with NARKOZ. Think twice before choosing devise. It's easy to setup and brings lots of features. But beware of the beast. This is some heavy shit you are loading into your project. Lots of code and nasty when you really wanna do some serious customizations. So please think twice before adding this burden.

Devise can be incredibly powerful, but also very heavy-handed. I for one prefer a slimmer approach to authentication, especially since implementing secure_password is pretty straightforward. Just my 2 pennies.

+1 hassecurepassword is a much lighter way to go that's just as secure as devise

I've used Devise quite a bit with great results but have recently started using hassecurepassword.

Gems You Might Not Need - Authentication and Authorization

http://vimeo.com/39498553

Devise is one of the largest pain points in my application. I routinely find myself writing inane work-arounds.

If I could do it all over, it would be omniauth + omniauth-identity + rails secure password.

Amyone have feedback on Sorcery? seems to work work well at least for simple cases

For Authorization we use CanCan (https://github.com/ryanb/cancan)
That gem is easy to assemble and also works with mountable engines.

Whenever i used Devise in a project i had to rip it out at some point because i could not implement customer wishes with Devise (two factor login, special brute force protection, ...). Devise was just not as configurable as required and messing with it's internals was just to complicated.

Oh, forgot to add: Comparing securepassword with Devise and then saying securepassword is easier is not really fair. Devise tries to solve a bunch of other problems as well.

Funny to receive this as a pro-tip by mail:-) See my comment above.

I use this gem instead: https://github.com/ricn/authpro

Looks like a 5 second installation. I'll give it a go