Rails Authentication Plugin: simplest_auth

Tony Pitale, Former Viget

Article Category: #Code

Posted on


simplest_auth is a plugin for Rails applications where RESTful Authentication is overkill – it handles authentication and nothing else. By "nothing else" we mean: no password resets, no cookies set to remember a user, etc. We chose to design simplest_auth in this manner because we didn't need those features. However, we did want to use the most secure hash algorithm, provide a familiar API, and we wanted to be able to have an authenticated user wherever one was needed (more on that in a minute). Lastly, we did not want to intrude too much into the decisions of the user of the plugin.


Given the goals, we came up with simplest_auth. There are essentially two files to be mixed in: one for the model, and one for the controller.

Generate the Model

$ ./script/generate model User email:string crypted_password:string 

Mix Lightly

class User < ActiveRecord::Base include SimplestAuth::Model before_create :hash_password end 

And the Application Controller

class ApplicationController < ActionController::Base include SimplestAuth::Controller def user_class; User; end end 

Note: the model skips any validation. Also note: the model could just as easily be Account instead of User, simply change:

def user_class; Account; end

Check out the documentation on github.

More to Come

In the future, we plan to add new features only as they are required and only as long as they fit the original goals. As we work with the plugin, we'll be adding a few things; but, because the plugin is available on Github, we encourage forking and adding as you see fit. If you think you've added something everyone could use, please feel free to send us a pull request.

Learn More

simplest_auth (link to github)

Updates to simplest_auth

Related Articles