Congratulations! You now know how to build a basic authentication and authorization system.
We would like to recap the Authentication and Authorization section by restating the definitions for the fundamental concepts and provide a list of gems commonly used to implement Authentication and Authorization.
- Identification: Obtaining an identity claim from the user. (e.g., my email is, my name is)
- Authentication: The process of verifying the identity claim of a user.
- Access Policy: A policy for what the user can and cannot see or do based on the identity and attributes of the resource being accessed and of the user requesting access.
- Authorization: Access privileges granted to a user or the act of granting those privileges.
You can browse the Ruby Toolbox for more Authentication and Authorization gem options.
- Supplemental material: Building your own Authorization with Metaprogramming