I'd be surprised if anyone that has built a few significant rails applications with devise would continue to use it. Unless you're going to have the most vanilla session/user/authentication management ever, fighting against devise gets downright nasty.
Have had moderate success with https://github.com/NoamB/sorcery lately, however I'm not yet confident in calling this a solved problem.
edit: Devise is great for getting up and running quickly. For that matter though, so is Joomla.
I recently started a rather large Rails project and am using Devise. Currently with authentication being pretty low on the list of things to do, it has helped get something in place rather quickly. Can you expand on the disadvantages of using Devise over time (and maybe compare it to your experiences woth Sorcery)?
I haven't used sorcery, but I have just finished quite a large rails project in which I decided on Devise right at the start. It was great in the beginning, but as soon as I needed custom behavior, it became more of a liability than a help. Doing simple things like changing a redirect on sign up or sign in, and a few other customizations were chores, some of which required overriding core devise classes, and I am still not really happy with the fixes.
If I were doing an app with standard model authentication, a Forum for example, I would use devise again in a heart-beat, but for any other project where I expect to have any slightly customized behavior at all, Ill be rolling my own.
Devise is brilliant if you want something straight-forward, but it is big, complicated (internally), and not very flexible.
> I'd be surprised if anyone that has built a few significant rails applications with devise would continue to use it. Unless you're going to have the most vanilla session/user/authentication management ever, fighting against devise gets downright nasty.
Authentication can get downright nasty no matter which solution you use, but Devise does a lot of things well, is actively maintained, and well documented. In fact all of the gems from Jose Valim, including inherited_resources and simple_forms are such first rate plugins, it's difficult to imagine anyone throwing any of his work under the bus.
I've been using AuthLogic (https://github.com/binarylogic/authlogic) for a long time now and appreciate how it does what I need from the beginning but also grows with the application. There was a period where the author was not working on it but now he has committed to continue developing it.
It's true, if you want to modify anything important in devise you pretty much have to know it inside and out. There's no baby steps with devise. I use it anyway and just do things its way. I'm lazy, and if I have to write my own forgotten password again code I'll go crazy.
Is there any reason not to just roll your own auth, with something like http://railscasts.com/episodes/250-authentication-from-scrat... and add omniauth if you want to use OAuth? It's not much more work than getting devise running, and it gives you the flexibility to do pretty much whatever you want in terms of fitting auth into your app.
(Also, it works fine with CanCan, which is brilliant and does a good job at staying out of your way.)
Have had moderate success with https://github.com/NoamB/sorcery lately, however I'm not yet confident in calling this a solved problem.
edit: Devise is great for getting up and running quickly. For that matter though, so is Joomla.