Chris congratulations, gorgeous video! As a Ruby on Rails programmer with 10 years of experience, I believe that this video will be used as a demonstration of the power of Ruby on Rails!
Great video Chris. Please make another one but in this case the rails would serve as the backend and a react application would communicate with the backend. With all authentication implementation.
Thanks for the very concise and clear example of setting up a login system! It has been way too many years since I had to do it and needed the refresher. Do you also have videos explaining how to effectively test the log in flow and controllers requiring an authenticated user?
We still recommend Devise so the community can provide you security updates. However you might need to build authentication from scratch if you need custom authentication.
It's because he's trying to teach us how authentication works under the hood. It may also be beneficial to be able to build authentication systems yourself as well. Just out of interest, is there a way of deleting a specific Rails version?
Awesome tutorial!! Some really nice new features too - what a great time to be a Rails developer. Thanks Chris :) Quick question if you get chance... do you see any advantages for using this over Devise? Obviously Devise is more established and is quicker to implement, but is this any more secure or is there a particular use case for building ourselves? Thanks again!
Definitely still recommend using Devise. It will get security updates and is battle tested. Your own custom auth will not be unless you hire a security team to audit your code.
Great video. Thank you Chris! What do you recommend for stateless authentication using Rails 7.1.x ? I'm looking for a JWT gem that works with the latest Rails
Thanks for a great video. I missed one thing. How are those tokens one-time? You use it at least twice (to find user for edit and update actions). At which moment rails revokes them? Or is it only relies on ttl?
At a high level, you'd swap email for phone number (or in addition) and you'd probably need to send an SMS with a random code the user confirms to ensure they are the owner just like you would do with 2FA.
hello frens I'm learning Rails and I heard about the gem called Devise, and the question is whether this autentication from scratch can replace Devise or I still should learn and use Devise? thanks
Very resourceful video! Can you do the same to authenticate multiple users with different roles using one login to access the system? Let me know if it's possible.
Chris congratulations, gorgeous video! As a Ruby on Rails programmer with 10 years of experience, I believe that this video will be used as a demonstration of the power of Ruby on Rails!
I hope so! It's time that Rails becomes cool again!
Chris you surely are a master of the game!
Wow, it blows my mind. Need some time to digest. Thank you Chris.
Super useful video! 🔥 I just didn't include devise gem to my new project for the first time.
Great video Chris. Please make another one but in this case the rails would serve as the backend and a react application would communicate with the backend. With all authentication implementation.
Thanks for the very concise and clear example of setting up a login system! It has been way too many years since I had to do it and needed the refresher. Do you also have videos explaining how to effectively test the log in flow and controllers requiring an authenticated user?
That was great! Thank you for such useful explanation.
Excelente mister chris. muchas gracias
Thank you for the video, I was wondering why don't you use Devise for this?
We still recommend Devise so the community can provide you security updates. However you might need to build authentication from scratch if you need custom authentication.
@@GorailsTV Understand, Thank you :)
It's because he's trying to teach us how authentication works under the hood. It may also be beneficial to be able to build authentication systems yourself as well. Just out of interest, is there a way of deleting a specific Rails version?
Hey Chris, thanks for the video. Would request you to please create videos on rspec and selenium. Thanks
will definitely check this
Thanks a lot! It's easier than I thought it would be...❤
Awesome tutorial!! Some really nice new features too - what a great time to be a Rails developer. Thanks Chris :)
Quick question if you get chance... do you see any advantages for using this over Devise? Obviously Devise is more established and is quicker to implement, but is this any more secure or is there a particular use case for building ourselves?
Thanks again!
Definitely still recommend using Devise. It will get security updates and is battle tested.
Your own custom auth will not be unless you hire a security team to audit your code.
Great tutorial. Do you have the code for it somewhere? Will be useful to go through it since the video was filled with new-to-me rails concepts
How this will be in Rails 8? I have heard is there an in-house implementation ready to be used
We will be covering that very soon
Great video. Thank you Chris! What do you recommend for stateless authentication using Rails 7.1.x ? I'm looking for a JWT gem that works with the latest Rails
We did a pro episode on JWTs here gorails.com/episodes/jwt-authentication-from-scratch-with-rails
@@GorailsTV Ok, I'll check it out. Thanks!
Great video, but I have a question: where the reset_session method comes from?
From Rails
Thank you, it is a great update
Agreed! Some wonderful quality of life improvements in Rails 7.1!
Thanks for a great video. I missed one thing. How are those tokens one-time? You use it at least twice (to find user for edit and update actions). At which moment rails revokes them? Or is it only relies on ttl?
The content returned by the block is embedded in it. When the value changes the token is no longer valid.
Could you explain how to do the Auth using the phone number instead of Email ?
At a high level, you'd swap email for phone number (or in addition) and you'd probably need to send an SMS with a random code the user confirms to ensure they are the owner just like you would do with 2FA.
hello frens I'm learning Rails and I heard about the gem called Devise, and the question is whether this autentication from scratch can replace Devise or I still should learn and use Devise? thanks
We recommend building it yourself to learn and then using devise for the automatic security updates
@@GorailsTV thanks frend
Very resourceful video! Can you do the same to authenticate multiple users with different roles using one login to access the system? Let me know if it's possible.
I would add roles to the User model (or AccountUser if a user can be part of multiple accounts).
that "generate token for" can be used for a rails api auth? like a jwt
You'd want to use something else so it can be revoked.
WOW