Revise Auth and Podcasting Plans

Remote Ruby1h 9mJune 5, 2026
AI-Generated Summary

The host of Remote Ruby, Chris, reflects on a recent workshop in Minneapolis where he taught a Rails course for Front-End Masters, now expanding beyond front-end topics. He shares the technical challenges of live-streamed teaching, including screen real estate limitations and the difficulty of keeping in-person attendees synced. A major focus emerges around authentication systems: he details a seamless migration strategy from AuthLogic to Devise using a custom password validation method that preserves user passwords during transition. This leads into a deep dive on his open-source gem, Revise Auth, which aims to modernize Rails' built-in authentication generator by adding Devise-like features—registration, email confirmation, two-factor auth, OAuth—while avoiding Devise's complexity and Warden middleware. He argues for a 'secure by default' approach and discusses the trade-offs of backward compatibility, customization, and technical debt. The episode concludes with a major announcement: Chris is reviving the long-dormant Ruby on Rails podcast, taking over from Elise Schaefer, with a new cadence of two episodes per month and plans to feature conference organizers like Travis Doctor and Jeremy Smith, aiming to capture the community spirit of Ruby events. He also humorously explores a mystery around a missing episode number 259, turning it into a Patreon joke.

Key Takeaways
1

Migrate from AuthLogic to Devise seamlessly by overriding the valid password method to check both old and new password hashes during login.

2

Use Rails' built-in authentication generator as a secure-by-default foundation and extend it with a gem like Revise Auth for missing features.

3

Implement a custom password algorithm in Rails using the new has_secure_password hook to support legacy migrations and modern security.

4

Revise Auth should avoid Warden and instead use Rails' session model to enable true logout and better controller flow.

5

Build a clean, modular authentication system that defaults to one user model and avoids the complexity of multiple login scopes.

…and 3 more takeaways available in PodZeus

Chapters
0:34
3 min

Tired but Productive: A Workshop in Minneapolis

Chris shares his exhaustion after a recent workshop in Minneapolis, reflecting on the physical and mental toll of teaching live, especially with limited screen real estate and the challenge of keeping in-person attendees engaged.

3:26
3 min

The Challenge of Live-Streamed Teaching

Chris details the technical and pedagogical difficulties of live-streaming a workshop, including poor visibility on a single screen, the need for large fonts, and the frustration of not being able to see the full code context.

6:46
6 min

AuthLogic to Devise Migration: A Seamless Transition

So it makes it a seamless transition because you're checking, hey, if they're already on devised, let's just use the bcrypt thing and be done with it. But if they're not, then we can go follow the old logic, use the old password hash, and then upgrade it when the user logs in successfully with that.

Highlight
13:06
11 min

The Birth of Revise Auth: Bridging the Rails Gap

I always gravitate to let's have one user model, sort of the same way that Rails sets up authentication is like you actually don't log in as the user. You log in with a session and you happen to use the user's password to authenticate.

Highlight
23:59
15 min

The Complexity of Customization and Backward Compatibility

Chris weighs the pros and cons of adding features like OAuth, two-factor auth, and customizable fields, acknowledging the technical debt and maintenance burden of supporting every possible configuration.

High-Impact Quotes
So it makes it a seamless transition because you're checking, hey, if they're already on devised, let's just use the bcrypt thing and be done with it. But if they're not, then we can go follow the old logic, use the old password hash, and then upgrade it when the user logs in successfully with that.
Chris12:09
And so I always gravitate to let's have one user model, sort of the same way that Rails sets up. authentication is like you actually don't log in as the user. You log in with a session and you happen to use the user's password to authenticate.
Chris21:18
So yeah, I'm really looking forward to having the Ruby on Rails podcast back even though I'm going to be the one running it now. That'll be weird.
Chris58:37
Speakers

Host

Chris

Guests

Elise SchaeferTravis DoctorJeremy Smith
Topics Discussed
authentication migration95%rails authentication generator90%devise vs rails auth88%open source gem development85%podcast revival80%community building75%session management70%password security65%
People & Brands

Devise

product

15xMixed

Revise Auth

product

12xPositive

Ruby on Rails Podcast

media

10xPositive

Elise Schaefer

person

6xPositive

AuthLogic

product

6xNeutral

Front-End Masters

organization

5xNeutral

Minibar

organization

4xPositive

Travis Doctor

person

2xPositive

RailsConf

other

2xPositive

Sessionizer

product

2xNeutral

Start discovering podcast insights today

Start with a 7-day trial and explore a growing catalog of popular podcasts. No credit card required.

No credit card required • 7-day trial • Cancel anytime