If you're writing an App using Ruby on Rails, why roll your own authentication?
Devise (https://github.com/plataformatec/devise) is an incredibly simple, secure and well written gem that will have you going from guest to user in under 10 minutes.
It's been tried and tested and survived code reviews, penetration tests and real-world usage in huge websites. Has your own code? WIth all the recent publicity about leaked passwords can you afford to have your name on the list?