An authentication system is a great first step into thinking about problems as a full-stack developer—we want the user experience to be great, but we also want the back end to be secure, all the way down to the data layer. We’ll use the Devise gem to handle the middleware bits of authentication.
Creating an authentication system from scratch is rarely a good idea. It’s difficult to get every part of it correct, because security controls can be subverted in unusual and counterintuitive ways. Devise is tried-and-true and handles all of this for us. It’s also quite flexible and will totally suit our needs. Here are the rules we want for our authentication system: