42

I have always used Authlogic in Rails 2.3 but now that I am using Rails 3 I think I might try out a new authentication solution.

How does Devise compare with Authlogic? What are their differences?

amaseuk
  • 2,147
  • 4
  • 24
  • 43
  • 3
    I've just started working with Rails and am only using Devise right now. I did stumble upon Prologue (https://github.com/quickleft/prologue) yesterday; if you just setup a Rails 3 project with it uses Devise and creates and admin UI. You can probably perform some comparisons from your own experience with Authlogic by looking at the output. – cfeduke Nov 09 '10 at 16:45
  • 1
    I went for Devise in the end and I am very impressed. – amaseuk Dec 02 '10 at 12:14

6 Answers6

31

I've used them both, but not extensively. In my last project, I gave Devise a shot. I ended up using Rails-Warden instead.

  • Devise is a full authentication framework built on top of Warden. To customize its looks, you use generators, then edit the resulting views. Its routes, and view logic are hard coded. For example, successful login will always take you to /session/new? This was a dealbreaker or me, I wanted my users to end up on "welcome/index". Devise is not as well documented, or intuitive as authlogic.

  • Warden is a middleware framework Devise is based upon. It has plugins for many web authentication schemes (fb, openid, oauth), and it is easy to build a plugin for your own authentication back end. It comes with no UI, and docs are not as good as authlogic.

  • I ended up using rails-warden because I needed to plugin multiple custom authentication schemes.

  • Also, see OmniAuth answer below, that's what I am using in 2012.
    • Aleksandar Totic
    • 2,557
    • 25
    • 27
    • 3
      You can easily customize how to redirect after sign in: http://rubydoc.info/github/plataformatec/devise/master/Devise/Controllers/Helpers:after_sign_in_path_for We also have a bunch of "How to" in the wiki: https://github.com/plataformatec/devise/wiki/_pages – José Valim Jul 06 '12 at 18:35
    • 2
      Devise is a real PITA if you want to do anything except the defaults. The flexibility is there in the framework for customisation but the docs are weak and you'll spend longer bending devise to your plan that it would to just build it in authlogic. The result is much simpler with authlogic as well, you can build it up as you need rather than having to twist something into shape. I should say this comes from bitter experience, I've used devise on several projects(it's very tempting when you need oauth or something that it comes with out of the box) and every time I've regretted it. – opsb Oct 31 '12 at 12:58
    31

    for devise, if you want to send successful login to "welcome/index" you add to routes.rb 

    namespace :user do
    root :to => "welcome#index"
end

    as documented https://github.com/plataformatec/devise/wiki/How-To:-Redirect-to-a-specific-page-on-successful-sign-in

    personally, i like devise. it think it's great and i guess you can call it "opinionated" but those opinions can be easily overwritten.

    skilleo
    • 2,451
    • 1
    • 27
    • 34
    11

    I found Devise too opinionated for me. If you just want to accept the way it does things out of the box it is good and easy to get going. I had some specific requirements and found myself writing things to get round Devise so ended up ripping it out and updating Authlogic to Rails3 instead.

    james2m
    • 1,562
    • 12
    • 15
    • Agreed, Devise does practice convention over configuration quite strictly, as per Rails. Although I have not had any problem personally in configuration (yet). – amaseuk Dec 14 '10 at 12:17
    • I hit a problem in configuration, where it does not play nicely with attr_accessible. You have to either override the controllers down to the create/ update methods, or just add all fields to attr_accessible and monkey patch filters around it to remove sensitive attributes from params hash if they exist. – jpgeek Aug 21 '12 at 08:05
    10

    Like the original questioner, I too had always used AuthLogic in the Rails 2.3 days but made the choice to use Devise when AuthLogic wasn't ready for Rails 3.1 (when it was at the RC stage). Overall I've made Devise do what I want but I'm unhappy and wish I hadn't made the change.

    User Authentication seems simple on the surface and an ideal thing to "componentize" but so many times you want to let a user engage with your site fully before requiring login and Devise makes this harder.

    Yes features like putting after_sign_in_path_for / after_sign_up_path_for into Application Controller work but these functions are really intended to do nothing more than return a path and if you're using Devise you'll find yourself sticking big blocks of code into them. It works but having your own users controller to handle user related actions is, to me, more elegant.

    fuzzygroup
    • 1,109
    • 12
    • 12
    7

    If you need multiple OAuth authentication to Twitter, Facebook, LinkedIn and Google, you can use the OmniAuth gem along with Authlogic. Easy to figure out and gives you complete control over what happens as users authenticate from different social sites, which you do in authorizations_controller.rb.

    Adrien Lamothe
    • 1,477
    • 1
    • 11
    • 14
    3

    I like Devise. You can use OmniAuth with Devise too. I think that the Devise project is very active, and it has a big support on the internet.

    amaseuk
    • 2,147
    • 4
    • 24
    • 43
    Leandro Andrade
    • 993
    • 6
    • 9