Modular resource-based authentication and authorization for Rails/Rack designed to support microservice authentication and claims-based identity.
Rails::Auth is a flexible library designed for both authentication (AuthN) and authorization (AuthZ) using Rack Middleware. It splits AuthN and AuthZ steps into separate middleware classes, using AuthN middleware to first verify credentials (such as X.509 certificates or cookies), then authorizing the request via separate AuthZ middleware that consumes these credentials, e.g. access control lists (ACLs).
Rails::Auth can be used to authenticate and authorize end users using browser cookies, service-to-service requests using X.509 client certificates, or any other clients with credentials that have proper authenticating middleware.
Despite what the name may lead you to believe, Rails::Auth also works well with other Rack-based frameworks like Sinatra.
Add this line to your application's Gemfile:
gem 'rails-auth'
And then execute:
$ bundle
Or install it yourself as:
$ gem install rails-auth
For a comparison of Rails::Auth to other Rails auth libraries, including complimentary libraries and those that Rails::Auth overlaps/competes with, please see this page on the Wiki:
Comparison With Other Libraries
Documentation can be found on the Wiki at: https://github.com/square/rails-auth/wiki
YARD documentation is also available: http://www.rubydoc.info/github/square/rails-auth/master
Please see the following page for how to add Rails::Auth to a Rails app:
Any contributors to the master rails-auth repository must sign the Individual Contributor License Agreement (CLA). It's a short form that covers our bases and makes sure you're eligible to contribute.
When you have a change you'd like to see in the master repository, send a pull request. Before we merge your request, we'll make sure you're in the list of people who have signed a CLA.
Copyright (c) 2016 Square Inc. Distributed under the Apache 2.0 License. See LICENSE file for further details.
FAQs
Unknown package
We found that rails-auth demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.
Research
Security News
A threat actor's playbook for exploiting the npm ecosystem was exposed on the dark web, detailing how to build a blockchain-powered botnet.
Security News
NVD’s backlog surpasses 20,000 CVEs as analysis slows and NIST announces new system updates to address ongoing delays.