authentication -- Devise or Sorcery
Sorcery--https://github.com/Sorcery
Devise--https://github.com/plataformatec/devise/
Seems like general consensus is that Devise is easier to set up, while Sorcery offers more flexibility when developing APIs. A lot of people on reddit hate Devise because apparently once your app is up and running it becomes super hard to actually do custom work with it. Also bcrypt seems to be vulnerable to a session fixation attack because it doesn't clear the session upon sucessful login so we probably shouldn't just use brcypt.
Roles-- Rolify
https://github.com/RolifyCommunity/rolify
this library gives concrete roles -- but we can also use cancancan and we can integrate this into cancancan or pundit
authentication -- Devise or Sorcery Sorcery--https://github.com/Sorcery Devise--https://github.com/plataformatec/devise/ Seems like general consensus is that Devise is easier to set up, while Sorcery offers more flexibility when developing APIs. A lot of people on reddit hate Devise because apparently once your app is up and running it becomes super hard to actually do custom work with it. Also bcrypt seems to be vulnerable to a session fixation attack because it doesn't clear the session upon sucessful login so we probably shouldn't just use brcypt.
Roles-- Rolify https://github.com/RolifyCommunity/rolify this library gives concrete roles -- but we can also use cancancan and we can integrate this into cancancan or pundit
authorization -- Pundit/cancancan https://github.com/varvet/pundit https://github.com/CanCanCommunity/cancancan good authorization systems, i think pundit might be industry standard but i'm not sure
jack's libraries -- redis memcache