Is there some gem for goliath like devise for rails?

[Jinpu Hu]

Who can give a example about basic auth, like sign up and login?

I want to know the best pratice for web application develop based on goliath.

Thanks.

[Ilya Grigorik]

Hi Jinpu. 

If you're literally looking for "basic auth" then its just a matter of checking and setting the right HTTP headers. For more involved cases like OAuth, etc, you can just lookup any rack-related tutorial.. Goliath is a fairly low level framework, so you'll have to dive in and implement the details.

ig

[Eric Marden]

We ended up implementing a simple token system that is sent as a param (header or request). The token links to and validates the account. We pair that with other values as necessary to increase the security, even though its not super super secure. We needed to do something lightweight since our main api client is a backbone.js powered app. There's a bit more too it, but is not quite OAuth.

I also wrote a little HMAC signature middleware for goliath, which 'fingerprints' the request by hashing the request (method, url, params, etc) in a particular way. Which would have been more secure than our simple token method, but there wasn't an easy way to keep the private key/salt value secret with a js heavy app. I'll try to clean that up and put it on github this weekend, if you'd like to check it out.

With all that said, if/when we officially make our API public, we will likely fully implement OAuth instead.

--
Eric Marden
http://ericmarden.com

On Wednesday, March 28, 2012 at 10:14 AM, Ilya Grigorik wrote:

> Hi Jinpu.
>
> If you're literally looking for "basic auth" then its just a matter of checking and setting the right HTTP headers. For more involved cases like OAuth, etc, you can just lookup any rack-related tutorial.. Goliath is a fairly low level framework, so you'll have to dive in and implement the details.
>
> ig
>

[Jinpu Hu]

Thanks LLya.