Update Jan 2010: Now includes Warden/Devise

There are several new, but viable, auth plugins. I’ve used all of them in larger apps, but here is a quick comparison of how they work in the first 5 minutes.

I created a rails 2.3 app that was just a scaffold of products. The goal was simply to have a signup page and a login page. For auth, the products page requires login.

I setup the plugin using the docs on github, or whatever tutorial they linked to.

I’ve included the total app lines of code, plus a subjective measure of the ease of use for each plugin. I realize that lines of code is subjective as well, since I just followed the instructions, and there are perhaps places where I could cut stuff. However, the idea is to just give an idea of what it is like for each plugin if you simply follow the directions that they give.

I also haven’t tried to test any of this stuff, nor have I done anything complex with auth, so it’s possible that some of the plugins didn’t get a chance to shine. I will include more complex stuff in a later post.

Trend

The main trend, as you can see from the lines of code below, is to greatly reduce the impact that auth has on your app. Restful auth creates a ton of code, while all of the newer plugins mostly let you include just one line in your model, and then inherit or include stuff in your controllers as well.

This can be a drawback in that if the plugin’s code isn’t well documented, you often end up having to look in the source. This is because the code is sitting in the plugin/gem, rather than in your app. This is usually fine, though, since it’s ruby. However it can be a pain.

Overview

You can checkout the app I made on github. Each plugin has its own branch.

Again, lines of code is the total number of lines that my app ended up being when using the plugin, not the total number of lines that the plugin itself is, which I didn’t check.

Clearance

Lines of code: 120
Ease of setup: 7
Confusion: 4

Notes:
Clearance generates application.rb, which is no longer used in rails 2.3, so you will have to remove it.
Clearance comes with password reset stuff already setup.
Clearance comes with the best views of any of the plugins here.
Clearance requires looking in the source, it seems.
Clearance automatically does requred e-mail verification, it was not immediatly obvious how to not do that using options.

Simplest Auth

Lines of code: 115
Ease of setup: 8
Confusion: 2

Notes:
Is indeed very simple to setup.
Simplest Auth required 0 thought from me to setup. Was v. fast.

Authlogic

Lines of code: 166
Ease of setup: 9
Confusion: 2

Notes:
The tutorial linked to from the readme for Authlogic makes setup take a .5 – 2 minutes total.
The documentation is good, and does a good job of explaining customization options.
There are a lot of lines of code here b/c the tutorial recommends adding a lot of controller methods to application_controller.rb

Restful Authentication

Lines of code: 280
Ease of setup: 8
Confusion: 3
Notes:
Restful Authentication is nice b/c it’s been around so long, which means that it’s well tested / used.
However, the amount of code that it sticks in your app is a bit of a pain.

Devise/Warden

Lines of code: 120
Ease of setup: 9
Confusion: 0

Notes:
The next new app I make, I’m probably going to use this combo. It does things like password reset very cleanly and easily. Furthermore, it’s based on rack, which means it’s easier to work with in cases where you’re not just on Rails.

Conclusion so far

Authlogic is probably the best option of the 4 surveyed here. It provides good, clear customization, while at the same time adding v. few lines of code to maintain.

Update: I might go with devise/warden over authlogic now. Check it out!

Coming next: ease of testing in Cucumber, ease of using with a User model named something other than User, ease of customization.