curriculum icon indicating copy to clipboard operation
curriculum copied to clipboard
verified publisher icon TheOdinProject

Rails Course: Replace Devise with Rails Authentication Generator

Open RolandStuder opened this issue 11 months ago • 3 comments

Checks

Describe your suggestion

The member only lesson is a great introduction. It uses Devise which is basically an industry standard, however Rails 8 now comes with a generator for handling authentication. I believe we should stick to Rails defaults as much as possible, so I suggest reworking that lesson to use the authentication generator.

Here's a good article on the generator: https://www.bigbinary.com/blog/rails-8-introduces-a-basic-authentication-generator

Path

Ruby / Rails

Lesson Url

https://www.theodinproject.com/lessons/ruby-on-rails-members-only

(Optional) Discord Name

roli_on_rails

(Optional) Additional Comments

Happy to help out, by taking the lead on this, or to support someone else doing it.

RolandStuder avatar Jan 23 '25 16:01 RolandStuder

Thank you for making this issue @RolandStuder. I'd be in favor of this I think, though before I give the full go ahead, I'll reach out to other Rails maintainers and see what they think. Devise is still a very common solution, and I think will remain so in spite of the Rails 8 generator. It could be argued that there's value in learning it.

I think the details around using the Authentication Generator should occur in the previous lesson to the Members Only project though: The Sessons, Cookies, and Authentication lesson. I think a lot of this lesson could be reworked with the goal of using the new generator, and then the Members Only instructions can be streamlined to just talking about building a project while setting up auth through the generator.

Also will have to make sure other mentions of using Devise are cleaned up. One example would be in the Final Project assignment.

But anyways, I'll talk to the team about it some and get back to you.

JoshDevHub avatar Jan 23 '25 17:01 JoshDevHub

Are you still interested in submitting a PR for this @RolandStuder ?

JoshDevHub avatar Sep 27 '25 16:09 JoshDevHub

@JoshDevHub Yeah, I still am, thank you for reminding me. I took your message as a trigger to look a the rails authenticator. I think it is very readable code, and the session, cookies and authentication lesson probably don't even need a lot of altering, since the "build it yourself" section basically is so close to what the generator does.

The one challenge I see, is that that that lesson introduces the session object available in Rails, and the authentication generator will create a Sessions table and thoroughly use the term session as a parameter.

So the lessons explains the session object and then would go on to tell them to use a generator that is full of the term session, but it actually has little to do with what the lesson just explained as the session object.

This makes me think, one might need to restructure things a bit. And maybe make divide this up somehow. I am not sure if this is not gonna be completely confusing, even if we explicitely call out the different between controller_instance.session and Session.find(…) / Current.session

RolandStuder avatar Sep 27 '25 22:09 RolandStuder