Skip to content
Simple token authentication
Branch: master
Clone or download
Rachel Killackey
Rachel Killackey Merge pull request #28 from LaunchPadLab/default-config
Default config options
Latest commit 6462af2 Jun 18, 2018
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
lib require error file Jun 18, 2018
test rename find_resource to find_lp_resource Nov 27, 2017
.gitignore update gemfile.lock Jun 9, 2017
.ruby-version update ruby version Jun 9, 2017
.travis.yml add buttons to readme, add travis ci Jun 9, 2017
.yardopts add yardopts May 24, 2017
Gemfile
Gemfile.lock fix jwt version Jun 18, 2018
LICENSE.txt initial commit Feb 7, 2017
README.md update readme to include dependence on active record May 29, 2018
Rakefile initial commit Feb 7, 2017
lp_token_auth.gemspec bundle, update ruby version Jun 9, 2017

README.md

Documentation Build Status Test Coverage Code Climate

LP Token Auth

Simple token authentication logic with JWTs for Rails apps. No baked in routing, just the barebones logic you need to implement token authentication with JWTs.

Installation

Add this line to your application's Gemfile:

gem 'lp_token_auth'

And then execute:

$ bundle

Or install it yourself as:

$ gem install lp_token_auth

Usage

  1. Run bundle exec rails generate lp_token_auth:install to generate an initializer at ../config/initalizers/lp_token_auth.rb. See the initializer for more details about what is configurable.
  2. In the most senior controller that you want to authenticate, add include LpTokenAuth::Controller. This gives you 4 methods that are available in this and all child controllers:
  • login(user) - Given a valid user, this will generate a JWT and return it. The token should be sent to the client and passed in the 'Authorization' header in all subsequent requests to the server.
  • authenticate_request! - This is a before_action to use in your controllers that will extract the token from the header and authenticate it before proceeding. If the resource class that you're using is not the default User, you may override the authenticate_request! method by creating a custom before_action, in which you may pass in the resource class name.
  class AuthenticationController < ApplicationController
    include LpTokenAuth::Controller

    before_action :authenticate_request

    protected

    def authenticate_request
      authenticate_request!('AdminUser')
    end 
  end
  • authenticate!(token) - This is called by authenticate_request! but is available to use if you ever need to manually authenticate a token.
  • current_user - This returns the current user identified by authenticate!. It is available after logging in the user or authenticating.
  1. All errors will return an instance of LpTokenAuth::Error

Examples

Controller

class AuthenticatingController < ApplicationController
  include LpTokenAuth::Controller

  before_action :authenticate_request!

  rescue_from LpTokenAuth::Error, with: :unauthorized

  protected

  def unauthorized(error)
    render json: { data: error.message }, status: :unauthorized
  end
end

Api Request

// Using fetch api
const jwt = '...'
fetch('localhost:3000/authenticated-route', {
  headers: {
    'Authorization': `Bearer ${jwt}`
    ...
  }
  ...
})

Development

  • git clone git@github.com:LaunchPadLab/lp_token_auth.git
  • bundle install

Testing

  • Run tests with rake

FAQ

Can I use this without ActiveRecord?

Almost! There is a slight dependence on the ActiveRecord method find, which is used in order to decode a token based on the resource's id. The current workaround is to make sure the resource class you're using implements find, and has either a column id or implements a method called id.

Authenticate away!

You can’t perform that action at this time.