Heads up! To view this whole video, sign in with your Courses Plus account or enroll in your free 7-day trial. Sign In Enroll

Design and Development

Well done!

You have completed Design and Development!

Sign up for Treehouse Back to Library

How to Choose Libraries for Authentication

4:21 with Jim Hoskins

In this video, we learn about what authentication and authorization are and choose a library to handle authorization. Download the Beginning of the Project or the Completed Project

This video doesn't have any notes.

Related Discussions

Have questions about this video? Start a discussion with the community and Treehouse staff.

Sign up

    Related Discussions

    Have questions about this video? Start a discussion with the community and Treehouse staff.

    Sign up

    [Master Class] [Designer and Developer Workflow] [Choosing Libraries] 0:00
    So, now I have the latest and greatest version of Easy Jobs 0:05
    with Nick's basic layout sort of set up right now. 0:08
    There's still a lot more visual design to work on, but while he's working on that, 0:12
    what I want to work on is adding some sort of authentication to our system. 0:16
    Basically, right now, anybody can just go to the site, click "new job" and go back. 0:21
    They could edit any job that's already there, 0:26
    and that's not really what we want, obviously. 0:29
    So, what we need to do is have a way that people can sign up for Easy Jobs 0:32
    in order to post jobs as well as edit and remove the jobs that they post. 0:35
    So, that's actually two separate systems that we need to handle. 0:41
    The first is authentication, and authentication is just handling the ability to authenticate 0:44
    or prove who someone is, so we're going to be able to register and then 0:50
    they'll be able to sign in with maybe an email address and password. 0:54
    But the second layer to that is authorization, and authorization is the system 0:58
    that defines what a person who is logged in can or cannot do. 1:02
    For instance, somebody who's logged in could create a new job 1:06
    or edit any job that belongs to them, 1:10
    but they shouldn't be able to delete another job that they didn't create. 1:13
    So, what we're going to work on first is the authentication system. 1:16
    Now, there are a lot of different ways we could go to implement this. 1:20
    We could pretty much create our own authentication system, 1:23
    create a user, create some sort of system where they log in 1:26
    and we could check their email address and password and then keep that in the system. 1:30
    Now, there are a lot of different tools we could use for authentication in Rails, 1:34
    and really in any category of thing that we may want to do there are a lot of prebuilt tools. 1:38
    One site that I like to look at when trying to search for a prebuilt solution 1:43
    is a site called "Ruby Toolbox" 1:47
    and Ruby Toolbox is at ruby-toolbox.com, and what it does is it gathers and categorizes 1:51
    a lot of open-source code into the different tasks and problems that it solves. 1:58
    So, it's grouped into things like managing ActiveRecord encryption to 2:07
    all sorts of different ActiveRecord plug-ins, APIs, backups, integration testing, 2:10
    CSS frameworks, so many different things. 2:15
    But what we're looking for is Ruby on Rails authentication. 2:18
    So actually, down here we can see that there is a category called "Rails Authentication." 2:22
    So, if we click on that we'll get a list of different tools that we could use 2:28
    for handling Rails authentication. 2:31
    Now, the way that the tools are organized on this page are by a score 2:34
    that is calculated by the GitHub followers and GitHub forks. 2:38
    So, it's sort of a popularity ranking. 2:42
    So, right now, sort of the top three are devise, authlogic and restful authentication. 2:44
    There are several more, and many of these are very quality options, 2:52
    but the top ones are really devise and authlogic right now. 2:57
    A while back, restful authentication really used to be the go-to solution, 3:01
    and then authlogic really gained popularity, 3:05
    and right now it seems that devise is really sort of taking the lead role. 3:08
    I'm actually going to go with authlogic. 3:13
    It's a tool I like. 3:15
    It has about the right level of abstraction and flexibility, 3:17
    but devise is a great choice that you could use too. 3:20
    This is just my personal choice on this project. 3:23
    So, we'll be going through how to set up an authlogic system 3:26
    for managing our authentication. 3:29
    Now, we can go to the code on the GitHub page and it's at binarylogic/authlogic, 3:33
    and there's a little bit of documentation here giving you an overview of how it works. 3:39
    Basically, we'll create our own user model, and what authologic does 3:43
    is it uses the idea of a model called a "session," and to log in 3:48
    we create a new session, and to log out we delete one. 3:53
    And what authlogic provides is the logic for creating this sort of session, 3:57
    and we can create a new one by passing it an email address and password, 4:02
    and based on the configuration, it'll look for a user with matching credentials 4:07
    and create a session based on that. 4:12
    So, what we're going to do is basically go through the steps 4:15
    of creating a basic authlogic system. 4:19

    You need to sign up for Treehouse in order to download course files.

    Sign up

      You need to sign up for Treehouse in order to set up Workspace

      Sign up