Chapter 14. Authentication and Authorization

Thanks goodness [sic], there’s only about a billion of these because DHH doesn’t think auth/auth [sic] belongs in the core.

—George Hotelling

If you’re building a web application, more often than not you will likely need some form of user security. User security can be broken up into two categories: authentication, which verifies the identity of a user, and authorization, which verifies what they can do.

In version 3.1, Rails introduced has_secure_password, which adds methods to set and authenticate against a BCrypt password. Although this functionality now exists in the framework, it is only a small part of a robust authentication solution. We still need to write our own authentication code or have ...

Get The Rails™ 4 Way, Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.