Devise Authentication

In this post I’ll be dipping into Devise, the most popular authentication gem for Rails. I’ll talk about what authentication is, how Devise works and why it is a good solution for authentication.

What is Authentication

The process of identifying an individual, usually based on a username and password. In security systems, authentication is distinct from authorization, which is the process of giving individuals access to system objects based on their identity. Authentication merely ensures that the individual is who he or she claims to be, but says nothing about the access rights of the individual.


In essence, when you sign in to an application you are authenticating yourself. When you try to access a restricted area of an application, the application with check your authorization.

Before using a gem to manage your authentication you should understand how to implement a simple authentication solution. This will give you a basic understanding of how authentication works. I recommend watching this excellent Railscast episode to give you that grounding, it will only take 10 minutes :).

Devise for Authentication

Now that we understand what authentication is and why it is required. The question is, why use Devise? There are many authentication gems that are more simple and lightweight. If you want something lightweight then you should not use Devise. The reason that Devise is the most popular authentication gem is because of it’s flexibility and power.

When your application is small you may not need to use all of Devise’s features but as your requirements grow Devise will likely be able to handle all of your authentication needs. Lots of developers will add Devise to their projects, even if they don’t need all of the features right away.

Devise also has great documentation and is well supported. Devise has a good readme, wiki and rdocs.

If you work as a Rails developer I would highly recommend that you learn Devise. It’s likely that you’ll end up working on a project that uses Devise, at some point.

Installing Devise

  1. gem 'devise'
  2. bundle install
  3. rails generate devise:install

Next, you need to choose which model will represent the ‘users’ in your system. In this example I’ve gone with User. This is the model that Devise will authenticate against. The generator command below will setup the User model for authentication. If you haven’t already defined the model (in this case User) this command will generate the model for you.

$ rails generate devise User

Running this will create a migration to add a number of fields to your User model that Devise needs for authentication (encrypted_password, reset_password_token, sign_in_count, last_sign_in_at etc).

Lastly, you can run the migration with rake db:migrate.

Adding Authentication

At this point you can add authentication by adding the following before action to any controller:

before_action :authenticate_user!

When a user hits a controller that has this before action, devise will check whether the user has an existing session. If not, the user will be redirected to the login page. If the user does have an existing session, they will be able the view the page as normal.

Customise Devise

If you want to customise any of the Devise’s default view templates then you need to copy the templates from devise into your project. You can do that using the following generator:

$ rails generate devise:views

This will copy Devise’s templates into app/views/devise. For example, if you want to modify the ‘Sign In’ page then you should modify app/views/devise/sessions/new.html.erb.


This post covers the basics of how to install Devise, how to add authentication and how to customise views. This post will provide the foundation for my next blog post which will be about the various Devise modules.

You can checkout the source code for this blog post on Github. You can also watch the screencast about this topic.

Further Reading