Sign In and Sign Up , User Authentication and Authorization

-

Links :::   https://auth0.com/blog/five-ruby-gems-for-authentication-and-authorization/

https://medium.com/@marjuhirsh/authentication-and-authorisation-in-rails-7f3c7c878b82

....................................................................................................................................................

Very good link to implement thsese gems in a single application ::

https://www.nopio.com/blog/authentication-authorization-rails/

....................................................................................................................................................

All gems we used ::

1. becrypt

2. pundit

3. can cancan

4. devise 

5. rolify 

....................................................................................................................................................





authentication and authorization ::

authentication :: who say they are 

authorization :: they can access the specific operation or not 

....................................................................................................................................................

authentication gems  ::  devise ,  omniauth 

authorization  gems  ::  pundit , cancancan , jwt 

....................................................................................................................................................

Road Auth Gem Link ::: Very Important Gem :: 

https://www.bootrails.com/blog/rails-authentication-with-rodauth-an-elegant-gem/

Road Auth removes all of these hurdles and the below are the hurdles and very imp points for this ::::


................................................................................................



  • Login
  • Logout
  • Change Password
  • Change Login
  • Reset Password
  • Create Account
  • Close Account
  • Verify Account
  • Confirm Password
  • Remember (Autologin via token)
  • Lockout (Bruteforce protection)
  • Audit Logging
  • Email Authentication (Passwordless login via email link)
  • WebAuthn (Multifactor authentication via WebAuthn)
  • WebAuthn Login (Passwordless login via WebAuthn)
  • WebAuthn Verify Account (Passwordless WebAuthn Setup)
  • OTP (Multifactor authentication via TOTP)
  • Recovery Codes (Multifactor authentication via backup codes)
  • SMS Codes (Multifactor authentication via SMS)
  • Verify Login Change (Verify new login before changing login)
  • Verify Account Grace Period (Don't require verification before login)
  • Password Grace Period (Don't require password entry if recently entered)
  • Password Complexity (More sophisticated checks)
  • Password Pepper
  • Disallow Password Reuse
  • Disallow Common Passwords
  • Password Expiration
  • Account Expiration
  • Session Expiration
  • Active Sessions (Prevent session reuse after logout, allow logout of all sessions)
  • Single Session (Only one active session per account)
  • JSON (JSON API support for all other features)
  • JWT (JSON Web Token support for all other features)
  • JWT Refresh (Access & Refresh Token)
  • JWT CORS (Cross-Origin Resource Sharing)
  • Update Password Hash (when hash cost changes)
  • Argon2
  • HTTP Basic Auth
  • Change Password Notify
  • Internal Request
  • Path Class Methods


..............................................................................

Full Application from scratch with all routes and controller , mailer with becrypt gem with user authentication ::::::    becrypt gem 

https://www.section.io/engineering-education/how-to-setup-user-authentication-from-scratch-with-rails-6/

...................................................................................


devise integrate link in the new application in rails :: 

https://www.digitalocean.com/community/tutorials/how-to-set-up-user-authentication-with-devise-in-a-rails-7-application

..............................................................................

integrate jwt and becrypt  in the new application in rails :: 


https://www.bluebash.co/blog/rails-6-7-api-authentication-with-jwt/#:~:text=JSON%20Web%20Token%20authentication%20(also,method%20of%20session%2Dbased%20authentication.



Good link ::

https://developer.okta.com/blog/2020/09/25/easy-auth-ruby-on-rails-6-login

Copy and paste this into your Gemfile:

gem 'omniauth-oktaoauth'
gem 'activerecord-session_store'
gem 'figaro'
gem  'devise'
gem 'omniauth-rails_csrf_protection', '~> 0.1'

What is token based authentication in jwt , what security features we used for the token based authentication in ror ::



..............................................................................




Comments

Post a Comment

Popular posts from this blog

Rails 7 Features :: Comparison with Rails 6 and Rails 5

-
Rails 7 Features :: Link ::    https://medium.com/geekculture/whats-new-in-rails-7-b97d44eecdb2 What's new in Rails 7 :: 1. Webpack and node is not required  2. Encrypted Database Layer  3. Asynchronous Querying 4. Applications would only run in Asychronous Querying  5. Ujs and Turbolink is now replaced Stimulous and Turbo 6. Inline your query with single record using sole  7. Use controller actions to the streamed generated file  8. Named Variant .............................................................................................................................. Whats new in Rails -6 :: Note :: In Rails 6 many things we extract from the basecamp  Link ::    https://www.cuelogic.com/blog/whats-new-in-rails-6 1. Action Mailbox  2. Action Text 3. Parellel Testing  4. Action Cable Testing  5. Webpack  ....................................... Rails -6 Features :: Link :::    https://www.toptal.com/r...
Read more