This repository is private.
All pages are served over SSL and all pushing and pulling is done over SSH.
No one may fork, clone, or view it unless they are added as a member.
Every repository with this icon (
) is private.
Every repository with this icon (
) is private.
This repository is public.
Anyone may fork, clone, or view it.
Every repository with this icon () is public.
Every repository with this icon (
) is public.
commit eeb44bb412183772afcd3f52415ddb0df2f20b65
tree 8801c50a6f278968a41d16a9911d3cf0915f4a34
parent ee3c153c4d7a8fc054ba726b19ebb21bb77090be
tree 8801c50a6f278968a41d16a9911d3cf0915f4a34
parent ee3c153c4d7a8fc054ba726b19ebb21bb77090be
merb-plugins / merb_auth
| name | age | message | |
|---|---|---|---|
| .. | |||
 |
.gitignore | Thu Oct 02 04:27:56 -0700 2008 | [hassox] |
| |
README.textile | Thu Oct 02 04:27:56 -0700 2008 | [hassox] |
 |
examples/ | Thu Oct 02 04:27:56 -0700 2008 | [hassox] |
| |
merb_auth-core/ | Thu Oct 02 07:11:32 -0700 2008 | [hassox] |
| |
merb_auth-more/ | Thu Oct 02 07:11:32 -0700 2008 | [hassox] |
| |
slices/ | Thu Oct 02 16:02:50 -0700 2008 | [hassox] |
README.textile
MerbAuth – Merb Authentication
An extensible architecture for authentication
- Stupidly Simple
- Speaks fluent HTTP, even the errors
- Pluggable Architecture (so that you can use any authentication algorithms you like)
- Cascading Authentication (if one method fails, another is attempted, then another. When no methods succeed, authentication fails)
Principles
- Sessions are authenticated, not users.
- Just because one method of authentication fails doesn’t mean the session, can’t be authenticated another way. This is especially true if your application has an external API as well as a public interface.
- HTTP has built-in Errors which every web-browser (should) know how to speak. If you’re application speaks in HTTP Verbs (GET, POST, PUT, DELETE), it should also serve the correct HTTP Errors when things go wrong.
