I've seen the RESTful Authentication plugin that Rick Olsen has, and was wondering if anyone has used it, or can answer my questions: 1. What does RESTful Authentication really mean? How does CRUD fit into this? Create - Create new user Read - What does it mean to 'read' a user? Update - Change the user name, etc? Destroy - Remove user account Seems like you would have to have a session id anyways, otherwise how do you authorize? 2. How do sessions fit into CRUD? Is the session the object of the CRUD, as opposed to a user? 3. What's the benefit of this over acts_as_authenticated? Thanks!
on 2007-03-02 05:53
on 2007-03-02 06:21
I'm still a newb but I'll answer to the best of my ability. Authorization is enforced using a before_filter set to certain controller's and actions of your choice. The advantage over acts_as_authenticated, that I see as a newb, is your getting rid of the admin controller. Less code for the same function is always better.
on 2007-03-02 16:27
On Mar 1, 2007, at 11:48 PM, Yottameter wrote: > > Seems like you would have to have a session id anyways, otherwise > how do you authorize? The restful_authentication plugin adds a couple of things over acts_as_authenticated. One is refactoring users and sessions to follow CRUD conventions. Your list above is about right. 'Read' isn't enabled by default, but could be used, for example, to show a user's profile page. The other thing that it adds is support for HTTP authentication of web service requests, which is the most standard way to do authentication for RESTful APIs. That's the real benefit of this plugin over acts_as_authenticated imho -- the same code will now handle both your standard login page and your API. > 2. How do sessions fit into CRUD? Is the session the object of the > CRUD, as opposed to a user? You can create/destroy sessions just as you would any other resource. In restful_authentication for standard web pages (ie. not using the API) that will usually create a cookie which is used to store your session ID just like in acts_as_authenticated. James. -- James Stewart Play: http://james.anthropiccollective.org Work: http://jystewart.net/process/