I played with Authlogic, but I ended up switching back to restful_authentication. I know using generators is a bit more "dirty" but I just couldn't get behind Authlogic. It seemed too mysterious to trust for such a core piece of a web application. Especially considering a minimal amount of good old Ruby code will suffice, as opposed to learning your way around this new tool and DSL.
What really made me decide to drop Authlogic was when I realized it was silently adding validations to my model. I had to dig into the source to find the documentation about that, which really turned me off.
I'm glad people are finding it useful, and I think it's a worthwhile project. I just found that it wasn't my cup of tea. So, I'd encourage people to take some extra time to play with it in a branch before really committing to it. You might consider using the options to make it act like restful_authentication in case you decide to make a change later.
We switched to authlogic for our newest project. We even have a Rails project template that generates everything needed for authlogic (including mailer). If you're interested, check out the template here: https://svn.cubus.ro/svn/trunk/cubus-utils/rails/templates/c... . Feedback is welcome.
This looks really interesting. I've been building a Rails app with Restful Authentication, and while it's a lot better than writing everything myself, it's pretty kludgy in a lot of ways, the most obvious of which is that the whole thing is a big generator. Which means that, as near as I can tell, once you've written your application with Restful Authentication, there's no easy way to upgrade your application to later versions of Restful Authentication.
restful_auth is actually a bit of a hybrid. So, there are some shared libraries that do a lot of the heavy lifting, and then a bunch (too much?) generated code that gets put into your project directly.
Lately, I've found myself pulling the restful_auth plugin out of my app and seeing what breaks. Then, I'll grab the stuff that's necessary and put it into my lib directory. This helped me figure out exactly what was going on and why. Finally, I trimmed out the stuff that I didn't want. I feel better about knowing what's going on that way, because it is a bit confusing.
I'd certainly say neither solution is perfect, but I still prefer restful_auth approach because it seems more... I don't know... straightforward? Still, the situation could stand for further improvement :)
What really made me decide to drop Authlogic was when I realized it was silently adding validations to my model. I had to dig into the source to find the documentation about that, which really turned me off.
I'm glad people are finding it useful, and I think it's a worthwhile project. I just found that it wasn't my cup of tea. So, I'd encourage people to take some extra time to play with it in a branch before really committing to it. You might consider using the options to make it act like restful_authentication in case you decide to make a change later.