Ruby On Rails Authentication

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
okay we can start now first of all thank you for joining us today in our ruby on rails webinar my name is mariel i am from wiseline academy i work i proudly work at whiteline academy and today we have mariel nilo hermann omar and marc sanchez and they will be the lecturers and speakers today we're very very excited to have you here and before beginning i want to give up a quick introduction on what what is wise and what we do at weissen and whiteline academy maybe some of you already know maybe some of you work here maybe some of you want to work here someday but if if you don't know this is what wiseline does we are a software development company we design services first first it was a product company now it is a services company as well as a product company and we have engineering disciplines like sre qa ai mobile and more engineering disciplines and well we work with different brands all over the world right now i'm going to show you a map but we work with different brands and companies such as national fox washington post amongst others so we are a really big company growing each time more and more and we are looking for for more people out there to join this is our global presence mostly in mexico spain thailand vietnam colombia australia and in in more more in other places soon so we hope that that you can someday join us and and be interested in working with us or collaborating some other way and at wiseline academy what we want to do is help you guys to to get more prepared in whichever area you want if it's a soft skill if it's a technical skill if it's a language uh a type of engineering program that you wanna that you wanna get better at so that's what we focus at what weizen academy we wanna we wanna explore your skills and that's why we're here today and we're really really happy to host you so if you can follow us in our social media follow us you know in our website to stay tuned for the other courses that we're gonna have we're gonna have more boot camps courses webinars workshops and and get guest speakers so it gets really exciting we do a lot of events so don't forget to follow us and before starting i wanna leave you with some really important notes first of all please have your names available so we can refer to you if we have any questions if you have any questions so we can answer your questions keep your microphones in mute so that we don't get any interruptions we will have all the questions in the chat and at the end we will have a q a section or the lecturers might respond some of the questions during the webinar and please keep all the questions and the comments focused on this topic on ruby and on the webinar and if you want to have your cameras on or off however you feel more comfortable and well i'm gonna leave you with our experts thank you for being here today and enjoy very muted good afternoon everyone i'm sorry it took me a while to to to find my my my screen thank you everyone to be for being here my name is um as you can see in my name below is herman dominguez i'm a solutions architect here at wise line uh i'm about to be two years in wise line now uh joining me and let me let me go back to the next join me join me is mark sanchez mark is a devops or site rely reliability engineer it's a tough word for spanish-speaking people and omar madrid who is also a software engineering in wise line um they are we are together trying to teach you a little bit about our journey into ruby and rails it's it's it's it's a it was a crazy journey and let me go through all of it in like uh one hour i will tell you everything about it so once upon a time there was a a a company named wiseline that did foster innovation as part of the culture and as part of the of the ideas uh um in this in innovation of culture um we have this innovation camp every every year we have at least once a year an innovation event in was in which all of the all of us as wise liners are able to participate into solving complex problems either problems for the industry problems for our own business different types of problems you can see you will have this presentation you will have the recording at the end and you will be able to see the blog post that we have for the for the innovation camp in the live advise line in that innovation camp there was this project that is called white space this white space project is a project that was participating in with omar and mark in which we are trying to coordinate in a better way when we go back to the offices to have all the health and security relations regulations in at hand in a streamlined process in which we will be able to attend the office in an orderly manner by asking by having a spaces uh in a healthy way and we also have as a health questionnaire to do this so this project uh in a in a in broadly speaking uh helped us trying to leverage a current project that we had advice line that is called maps this project was built on ruby on rails it's an amazing project that we are leveraging for doing this um this solution for for the white space uh project and then we realized it wasn't rubbing rails and guess what nobody knew ruby on rails at this time so we have to to improvise and to try to to to understand as much as we can of the of the whole process in order to leverage it and to provide the right solution to our internal teams and to our internal stakeholders but we had to we had to face different thoughts different uh phases of the problem and we started by working with the the maps the maps uh solution did a authentication via google maps and we advise line have octa as part of this authentication process that we have for a single sign on and for different uh solutions in the in the in the in the in the patterns so we had to solve this and we had to integrate our current robin rest application with the octa uh octa provider and we had to understand different things before going into the code and that's why i'm here as a solutions architect trying to explain the complex parts of this of the solution i might fail and i'm sorry every time i fail not ex not being able to explain complicated stuff and making it more complicated so here i go i will make your life more complicated so the user authentication provides different complexities different anti-patterns and it's all based on trying to authenticate and authorize the user that's very clear so now that we are in the same page i will i will go to the next slide it's just a kidding it's just a joke i'm sorry um the the the password anti-pattern is a security concern for um for secure authentication in which a user uses their current password to authenticate their current username and password and credentials to authenticate into another uh into another social network in the case that we are seeing we are seeing that i am using my twitter account to authenticate and to create a user into my linkedin social network that represents an anti-pattern because i don't have separate accounts i have all my accounts into into consolidated into a singles into a single um connection and if i lose my twitter account i am not able to connect to my to my linkedin so probably some of you have happened this when you lose one your hotmail account probably somebody loves you lose their hotmail account and you are not able to get into your other social networks so that is something that all out paradigm is trying to solve as we go but before going into that i want to to to make a statement on what is the difference between authentication and authorization does anyone want to take a shot and what's the difference between authentication and authorization let's see how active is the audience today of their sleep before the after the independence day do we have a volunteer somebody who wants to or oh i get to pick hey i get to pick i i would like to give it a shot come on come on let's give it a try what is the difference between authentication and authorization you can you can use the faces of the lady below to inspire yourself all right well i believe that authentication is to to reveal or to confirmate that you are who you say you are so it is the identity and the authorization is when you have the rights or the premises to currencies to access what you want to access so that's that's the main difference that is right thank you very much thank you very much actually for those who don't know si nue he's part of my team i know i'm just kidding thank you thank you very much you are you are very very right at authentication is answers the who are you question it's a method to out to to provide proof that you are who you claim you to be and the authorization as you are saying correctly is the right to do something on a resource because you have the right to do it it's um it's a precondition it's a authorization should be preconditioned by authentication that they only mean that you can be authorized to do something on a resource is by proving that you are whoever you say you are i hope i have make everything confusing now so i will go to more complex problems so we found out that there are several technologies and several stacks around what we call security and to provide these authentication authorizations methods so we have loud we have an open id and we have saml probably you have heard at least one of these ones in in in working with security with authentication and with passwords and and and usernames the first one i'm going to go into is the all out one well it doesn't it it's funny because all out it doesn't do authorization i i i the the name can be confusing a little bit but all out is actually a delegation protocol a delegation protocol in which uh this of this protocol would delegate the the authentication and the validation of the username of the password to other platform for example google for example facebook if you have seen some some applications sometimes you get into an application and you say okay how are you going to authenticate how are you going to prove that you are who you are and we choose a previously existing social networks such as linkedin github um twitter etc so we use out to delegate into twitter into linkedin into github the process of authenticate and validate that we are who we are does that make sense am i and i'm making myself clear um it's just a part of the technology stack and it's very very used in the in in this era in this time when we have a platforms which are high level of security such as i'm saying facebook and and twitter on the other hand we have open id open id is an open standard that some organizations use to authenticate users openid is based specifically on websites to be able to to create sign-in accounts and logins in order to be able to authenticate it doesn't rely on other platforms to generate the the the validation of the password the validation of the hash or any other or any other capabilities that provides nevertheless they can work together they can work together to provide the authentication on one side for all out which is outside of the platform and on the other hand with open id we can um authenticate using actual usernames and passwords in an old platform um open open id is a as i was saying is an a an open standard and every every everything that has this i this open id icon is based on the same standard does that make sense i mean there's one is local the open id is local for you to manage your own passwords and your own username and how you give that management to other platforms and finally saml saml is an xml based standard for exchange for doing this exchange of authentication and credentials as you may suppose this credentials when i press a commit a continue or i press login if they don't fly on on unencrypted they are encrypted and you have to provide a right way of exchanging these credentials for no one to be able to steal them entering saml saml relies on open id on on on on out in order to be able to authenticate enterprise level so we can exchange the exchange credentials have different sources of passwords and of emails and hence having everything integrated into a single place to be able to provide the same level of of confidence for once and on the other the same rights to access the same resources to the same people having a a we call it idempotent standards so it important means every time i do something the result will be the same if i authenticate without i should be able to to access the same resource when i am authenticated with open id as well so that's called either important and on the other hand is the integration of all these technologies into a single solution i hope it it it makes sense and i will go now to talk a little bit about what our tech stack at this time is looking at it's looking like we have this this tech stack has been evolving from for different parts of the white space uh uh life cycle the the project life cycle has been evolving and right now for this demo for this webinar we have implemented heroku as part of the solution to be able to put it into the cloud we have uh we have different different approaches mark will talk about we'll talk about the different approaches that we took and the and the challenges that is represented because as you may know technology is not about all uh it's not it's not all about the happy path there are different things that happen a lot and we have to suffer because we are technical guys and programmers so we are using ruby and rails rails version 6 on this um on the solution we are also versioning our code with github as many of you my might know and finally when deploying to heroku heroku is a cloud provider is uh my in my personal point of view is the simplest of the cloud providers it's also a very way a very good way of learning the cloud as a platform as a service or a little bit of a software as a service you can use heroku to create your own uh applications and it's a very good way to learn about the cloud if you don't know it at this time so without further a and finally i i almost forgot my most important and most valuable slide of all we at wise line always solve everything by collaborating by having multi-disciplinary teams in and exchanging ideas to be able to solve the different kind of problems or customers face and or internal projects face as well we are wise line and we try to solve everything in an agile way trying to uh have different people with different points of view to improve or diversity and inclusion to be able to have different views of our problem and to solve it every time that we have to to to deliver results so that's why we have a software engineer and a devops engineer also as part of this team actually the team of whitespace is like 20 people but uh we couldn't put a webinar of 20 people so we have to put it for three only and that's it uh now i'm i'm going to to pass the hand to my dear friend omar who is going to talk to talk about a little bit of the code he will show you show us his probably his thought process on how he learned uh ruby rails probably and see let's see how it goes and thank you mr i will stop sharing so you can or you want me to share these two slides first no no it's okay okay okay i can share so hello everyone oscar mann said uh i am omar uh i am a software engineer here at wasteland and uh like one month ago i really really really really uh don't know any anything about ruby on rails uh this was a journey for me and right now i i'm i am learning uh with this webinar so this is very exciting for me exciting for me sorry and i am kind of nervous because this is my first webinar so if you uh see me like nervous you can clap me like you can do it man okay so her ask her man say no thank you you you're really right guys um well so as hermione was saying we have to learn how we will implement the outflow uh this is why this is because uh weizen maps use another authorization from google and we need to integrate octa because this is our institutional uh strategy of uh our authentication so the way that oauth works is that it's like this uh i use a resource to use and click mobile mobile or cloud app as a client and go to the uh [Music] and go to the oil strategy to get the information of the user um the first thing that the oil question to the user is the username and password that in this case will send or the octa form so we use or credentials from octa and to to authenticate and all out is the way that that we will know if we have access of we are who we say that we are so if if if all that's good uh out we'll say yeah come on let's let's uh let's play so if we want to uh to be more clear we we are going to see the code the essential part of the implementation in ruby uh and let's start this starts with the gems we need uh at least five gems to implement this strategy uh we need the opening out octa out that this is the strategy that octa uses uh the active record session stored to persist the session uh figaro uh like the song to create the application in general that will store the secrets device that is the scaffolding of the applications and helps to create the model uh of the of the database and all of that and the of the opening out rails see us srf protection that is a symbol [Music] ability that octahe has uh have had in the in the past so this so these gems have that okay let's see the code at first we have to uh to put the gems on our gem file and execute a bundle instead so these gems will be used in the project i will initialize the project it's a sample project that helped us to to mate yeah with his documentation uh i only go to the top page and see what the recommendation of octa so if we go to my local host i am already logging sorry well i will open a new incognito mode because i have my credentials already so can we see your password just to have it yeah yeah yeah no we don't have to see your password remember it's security but it's a fake password that we are in the in the in a local host environment so i will not use my real password that is actually password123 [Music] but it's a joke so can you zoom a little bit so we can see better the the code omar please uh oh yeah yeah just a second um it's like how about now you can see well so we have this application sample application now the only thing that it does is uh segmenting via out using our octa credentials in this case i use my my wasteland account and a fake password as you see so the the other thing that do this application is give me my uh username of octet and we can log out and that's that's it it's only a simple application so uh for we can do this we have to be uh we have to create an organization into octa that we can see if we use the octa cli when we when we create this project we need the of the c cla that is and we have to log in if we do octa login uh if we have already an organization configure configured we will have the name but if we don't have this organization will send us to our register form to to do all the of that stuff to have one dashboard like this one yeah like this one here we have all our organization enough where we can manage the users the accesses and everything and every that stuff so we have to create an application to [Music] uh to connect to connect this without and we we here i have the application that i create that is obstetric uh and this is my plugin id and right here we can do a lot of uh we can set a lot of settings and get the client secret and some secrets that we will need in the process uh as they redirect urls and sign out urls that this is my localhost in this case if we have a production application we can set here the redirections and all that stuff so okay this is the first thing that we have to do is set these gems do a bundle install and then uh we we have to set a ready or local or or database this database open it to create some records in the database to identify they use the new users that login into our application so here we have uh the model the basic model of the of of the user with octa that we only have to set the provider the uid and the email and this these records will be automatically set with the opening out strategy so we only have to define the the model and create the control the opening out controllers to set out this uh this data uh here we have the opening out callback controller controller that will be hand will handle the session and the inserting the database uh so so when we uh get authenticated we can set the session as on as if we can say it like that and a half or credentials well not nor creatures or or data in the database so we have to set the the controller to destroy this session when we log out as we can see when we log in we will go to the root pad when we log out we will go back to the route these pads are set in the routes dot rb where we get we set the the callback of the opening out strategy and what what is our root page in this case is uh or home okay right on the application controller we will set the strategy if we are logging in where we are going to go and if we are we don't have a session uh an active session well we will have to do so this is the the the method that we use to do that um okay so as i said and that that i have my password so this is an error application uh but it's okay it's a it's a simple application uh here we have to put or secrets uh to to set uh the connection of uh without so this this is this will create an environment variables that the the octane bro the ruby environment will take and sent to to in the authentication flow uh so here we this is a git ignore file so we can test it in local if we deploy we have to set these variables whatever we we deploy so this will be or that end as we can say and yeah well so the if you can see here we have the redirectional right all right ri that we have the said in our application dashboard this is important because if we have different things although we will be like oh you are doing something wrong and uh we'll set on a lot of errors that will have us hours developing and reading documentation i think so uh with all only this configuration we can set all the of the strategy that is kind of easy and this is this is one of the things that i like most of learning ruby because uh set and uh always i have a problem setting the authentication protocols in a lot of different languages i mostly work with javascript in node i don't say that it's very difficult but it's always kind of confusing i think ruby and rails make this a lot of pc using device we have to we have a great scaffolding with a lot of models and we can initialize in the device rv all the all the strategy settings that we need and this is the way that we linked the application jamo and the and the strategy configurations so the first thing that the application do is go to the device rv and initialize all the things that we need as this we need the octa strategy and we can initialize all the all the values that we need and and we only create the model and we get we do rails s and we have already set up or octa authentication methods so the next thing is deployed deployed this solution to production and for that we have our expert mark that she did a great work always so she can explain better this thing so hi mark [Music] hi everyone can you see me yeah yeah we can see you nice so first of all contrary to omar i still don't know any ruby or rails so i i know enough to make the deployment work but that's it so bear with me please um well first i want to tell you a little sad story about this project well i was hoping to deploy this app with elastic me stock and terraform but just started i delete everything and instead of working in the fish in the finishing details of the project i had to work on how to recover all the stuff i was working the last two weeks so i decided to change the platform to heroku and why because some of my coworkers know heroku how to deploy to heroku so they can help me because i work once or twice a lot of years ago with heroku and it was kind of easy to deploy there so that's why i i changed from aws elastic being stock aws to heroku alright so i'm gonna share my screen oh my god you can see that okay so first thing we we learned with this project is we we can't use sqlite in any production platform um yeah this is the same in elastic being stock the same in here we can install a sql lite for production so we are using postgres sql in production sqlite in development as you can see here right and [Music] we are using postgres oh my god here is posters uh let me give me a moment i want to change the position of the zumba because it's kind of annoying [Music] this is the zoom the zumba actually has two names the first one is annoying and the second one is it's always in your in your pointer so yes yes i i don't know why some hasn't changed this already but [Music] is what it is so well with heroku if you don't know hiroku heroku is a platform as a service so we we have to do barely anything to deploy there unfortunately so first thing we need to do i'm gonna show you where where where where i'm gonna show you here and then i'm gonna oh my god yeah yeah as you can see there's nothing recorded everything is live she is going pair programming on you guys no no that that that could be horrible because always in a like programming session something can fail so no just i'm gonna show you the commands to create a a heroku app and to deploy there so first thing yeah is to create a heroku account and then yeah i have it so you can create it here in heroku dot heroku.com i think yeah dot com oh my god some just annoy me you sign up and that's it then you are gonna to be asked to install the cli and this can be done with homebrew brew installed there is well i think this is not showing okay but it is brewing style heroku and that's it then you have to login how with heroku login that's it this is gonna open a browser or a page in your browser and you have to log in if you are already logging just the the page is gonna tell you you are logging go back to the cla and then in the root of the your project if you can see here i'm in the root of this project this is the the material that we are going to share with with you guys after the the this webinar uh guys and girls well facts is it is better um okay so here you have to [Music] execute heroku create and this is gonna create another app i'm gonna do it because i i know this is not gonna change anything in my current application so that's it it's a new application created i can see it here i'm not going to use it this is the new one because i already have one so my application my actual application is i think is this one yeah is this one so how you can push to your new application in heroku if you see and this create a kind of uh another repo in heroku so when you check here your remotes in your uh repository you can see there is a new remote called heroku um basically that's it so when you want to deploy your code the only thing first of all you need to push your code name and after that you need to push to the other remote that here when you execute heroku create heroku creates for you yeah so once you do this um the heroku app is gonna be deployed and you can see all the stuff that is installing here ago for you and for your app to work so i'm going to show you i think there is something yeah for example here i still have it um this is what happened when i push to heroku they start to install the the gems needed for the project and then at the very end it shows your url your repo your application url so you can go there open it um oh my god it's a little slow my connection there is so this is the project or current application so i'm gonna try this and i think this should work i hope so i don't know if i can yeah i can wait can we see your password as well oh my god sorry i'm just messing with you oh my god you always do okay so i think i need to try to login with my okay i'm gonna because that is not my oh my god i think you need to be part of my organization to to log in successfully so that's why you don't have this well if i would be part of their omar's organization i could log in but um as you can see is pretty easy to kind of easy because we have even with keroku we had some niches a little but it was less and i don't know what else to say you folks um and you know do you have any questions maybe it could be a good moment for that yeah i guess i guess that we can start like uh this will be a very a very precise moment right to start a q a if you guys have any questions we have here the expert maruman in her man i'm sure they will be happy to answer any questions that you have so you can as you can see our final challenge was the the actual demonstration of the difference between the authorization authentication mark was out authenticate but she was not authorized because she knows what she was not part of the of the of a mars organization so i see diego with his hand raised thank you very much thank you very much i really like the i have really liked uh all this conversation here and i really liked as well the heroku deployment and i was wondering if it's possible to get some kind of tutorial or something because uh actually i i'm not so good with the raku i'm not good that's all with the rock better set and today in the morning i was talking pers exactly about that with a colleague of mine so i would be really interested in a tutorial or something thank you very much um yeah go ahead mark you you open your mic you could you answer the question okay okay so well we get uh we got a lot of health we joseph i think he's here joseph help us with the employment and he has a lot of experience working with hiroko and with lasting being stuck so maybe he is this actually and on the other hand there's a there's a maxima around automatization the first part is that you are to be able to understand the manual process first right so in terms of this challenge that we are seeing right now with ruby on rails my advice would be learn first the language that you are trying to program on like javascript or ruby whatever that's it and run the program first locally as omar was showing us that she did he did locally the the test when you go when you uh finish understanding the whole process locally try to move it into the cloud i would suggest going into the specific heroku tutorials for each of the languages and the different components that you are using in your technical stack for example i would go and first see how to deploy a ruby on rails um application then i will i will be able to connect as carlos is saying my uh or application is tightly coupled with the heroku with the hair with the github um with the giggle repo so yes in the in the implementation that heroku has that is the way and it's simpler because it interlaces the the version of the code with the actual deployment it understands several languages and is able to translate that so yeah i will go step by step understanding each of the components of the text stack and take advantage of them and eventually being able to automatize all the process from end to end in that matter also diego heroku has a great documentation i sent the devcenter.cool.com uh it had a lot a lot of implementations in different languages uh ruin rails java javascript node so i think you can get the tutorials that you need in that link thank you very much i understand very well thank you thank you it was very nice lecture thanks so we have another question from aros it says sounds like heroku is highly tied to your repository is there any specific access you need to give to heroku for it to have access to your repository content that mark that that question can be answered by mar you want to take sorry can you repeat it again i was enhanced answering yeah sure uh so it reads it sounds like heroku is highly tied to your repository oh you're getting a specific access you need to give to heroku for it to have access to your repository content no i i already gave to heroku access when i log in so that's it basically that's it you don't need to do anything just log in and after that here in your root repository execute heroku create and that's it you need to authenticate and have authorizations by github oh yeah of course you need to to be able to access to the repository yeah so it's a single it's a simple configuration yeah yeah it was pretty pretty straightforward i didn't have to do a lot cool thank you mark thank you aron for your question do we have another question in in the room i think everything was clear actually actually i was waiting for 10 seconds to people feel uncomfortable enough to ask questions so yeah it's it's like uh so we had another one he's asking also in the octa the new alliance for the holoku app should be added right yeah it's uh actually in heroku in heroku in octa we should create all the users that are going to be authenticated and then are registered so it can be a self-service a self-service feature or we can often has different capabilities and we can export and import a database of users into octa to do a mass a mass creation of the of the users [Music] do have any other questions so what do you eduardo is asking what do you recommend to a great rails knowledge i will go to the expert my expert anna i'm just kidding try uh try to to to practice as much as you can um you know um programming is is is an exercise or it's an exercise to we have to to keep on practicing in order to not to lose the muscle and and and ruby ruby i will take a sergio's question as well ruby is is created with the programmer in mind ruby is said to be the best friend for all programmers since it's very is very uh the syntax is very is very easy is very similar to other languages out in there in the market and also the the is very um is declarative so it helps you to have different ways of creating the app by the knowledge you already have and i i don't think it's a i i don't believe it's a difficult learning curve you'll be you come from another language and we also at westline academy have a ruby on rails book course that we can take and finally i wanted to say as well that one of the things that we use to practice languages is this innovation uh this innovation culture that we live in and we create actual problems to try to learn new things new technologies and new services we create this uh problematics in inside in-house to be able to solve them in a production manner way yeah a new ruby programmer as i said i was working with node and python and yeah the learning curve is isn't like very heavy i think the the most difficult thing that i i see is the to learn to use well rails because rails have a lot of comments and things but made made the life very very easy so i think it's a very cool programming language so finally to say goodbye and thank you to everyone this is us this is our um you can see below or github handlers and or names on the presentation and as you know wise line is always hiring we are growing as crazy uh there's a bunch of different roles open for everyone to apply uh we are looking for ruby on rails engineers ios etc etc etc so join us and i don't know if any of the materials have any message to share thank you so much and i think the important message is that we are a culture that contributes we are a culture that we believe in doing well while doing good and doing good but doing well so really you will find a community here you will find colleagues that will help you with all all they know they will try to share their knowledge and i think one of the things that really attracted me to westline is that we are a continuous learning culture we are a sharing knowledge culture and i think uh that's the best line for any success in the business right the community and feel that you belong to a fun place and you can grow while working and you can have fun while working so we are that so join us guys we are awesome we are so cool we just met uh omar in german in german so we are just like that hopefully we are just like that because they are really trucks first so thank you thank you for coming i'm really excited that we had that so what do you think mariel thank you all for coming too and i agree with with mariel maitocaya and we will be sending you an email with everything that we saw today with the presentation with some useful links and with a feedback form for us it's really important to keep getting better at these webinars so please fill out that feedback form and we will be reaching out for you guys soon thank you so much and if anyone has wants to say anything else from the lecturers if not we are set to go thank you everyone mark herman omar you're awesome rock stars he was really cool thank you so much i learned i learned i learned a lot today thank you thank you thank you thank you everyone you
Info
Channel: Wizeline Academy
Views: 84
Rating: 5 out of 5
Keywords:
Id: AQMSkviThDY
Channel Id: undefined
Length: 60min 33sec (3633 seconds)
Published: Tue Sep 21 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.