Authentication and authorization recap and gems

Congratulations! You now know how to build a basic authentication and authorization system.

We would like to recap the Authentication and Authorization section by restating the definitions for the fundamental concepts and provide a list of gems commonly used to implement Authentication and Authorization.

Core Definitions

• Identification: Obtaining an identity claim from the user. (e.g., my email is, my name is)

• Authentication: The process of verifying the identity claim of a user.

• Access Policy: A policy for what the user can and cannot see or do based on the identity and attributes of the resource being accessed and of the user requesting access.

• Authorization: Access privileges granted to a user or the act of granting those privileges.

Commonly Used Authentication and Authorization Gems

Authentication

• Devise

• OmniAuth

• Authlogic

Authorization

• CanCanCan

• Pundit

You can browse the Ruby Toolbox for more Authentication and Authorization gem options.

Resources

• Supplemental material: Building your own Authorization with Metaprogramming