if ci_badges.map(&:color).detect { it != "green"} ☝️ let me know, as I may have missed the discord notification.

if ci_badges.map(&:color).all? { it == "green"} 👇️ send money so I can do more of this. FLOSS maintenance is now my full-time job.

omniauth-jwt2 is the maintained OmniAuth JWT strategy package. It provides the OmniAuth::Strategies::JWT strategy and keeps the public require path as require "omniauth/jwt" while the gem name remains omniauth-jwt2.

The strategy is useful when an application needs to accept JWT-based SSO from another trusted application. The provider redirects back to /auth/jwt/callback with a signed JWT, and the strategy maps configured claims into OmniAuth's auth hash.

Tokens to Remember
Works with JRuby
Works with Truffle Ruby
Works with MRI Ruby 4
Works with MRI Ruby 3
Works with MRI Ruby 2
Support & Community
Source
Documentation
Compliance
Style
Maintainer 🎖️
... 💖	🧊 🐙 🛖 🧪

Compatible with MRI Ruby 2.2+, and concordant releases of JRuby, and TruffleRuby. CI workflows and Appraisals are generated for MRI Ruby 2.4+. This test floor is configured by ruby.test_minimum in .kettle-jem.yml and may be higher than the gem's runtime compatibility floor when legacy Rubies are not practical for the current toolchain.

Find this repo on federated forges (Coming soon!)

Federated DVCS Repository	Status	Issues	PRs	Wiki	CI	Discussions
🧪 omniauth/omniauth-jwt2 on GitLab	The Truth	💚	💚	💚	🐭 Tiny Matrix	➖
🧊 omniauth/omniauth-jwt2 on CodeBerg	An Ethical Mirror (Donate)	💚	💚	➖	⭕️ No Matrix	➖
🐙 omniauth/omniauth-jwt2 on GitHub	Another Mirror	💚	💚	💚	💯 Full Matrix	💚
🎮️ Discord Server		Let's	talk	about	this	library!

Available as part of the Tidelift Subscription.

Install the gem and add to the application's Gemfile by executing:

bundle add omniauth-jwt2

If bundler is not being used to manage dependencies, install the gem by executing:

gem install omniauth-jwt2

You use OmniAuth::JWT just like you do any other OmniAuth strategy:

use OmniAuth::JWT, "SHAREDSECRET", auth_url: "http://example.com/login"

The first parameter is the shared secret that will be used by the external authenticator to verify that. You must also specify the auth_url option to tell the strategy where to redirect to log in. Other available options are:

• algorithm: the algorithm to use to decode the JWT token. This is HS256 by default but can be set to anything supported by ruby-jwt
• uid_claim: this determines which claim will be used to uniquely identify the user. Defaults to email
• required_claims: array of claims that are required to make this a valid authentication call. Defaults to ['name', 'email']
• info_map: array mapping claim values to info hash values. Defaults to mapping name and email to the same in the info hash.
• valid_within: integer of how many seconds of time skew you will allow. Defaults to nil. If this is set, the iat claim becomes required and must be within the specified number of seconds of the current time. This helps to prevent replay attacks.

When you authenticate through this strategy you can send users to /auth/jwt and it will redirect them to the URL specified in the auth_url option. From there, the provider must generate a JWT and send it to the /auth/jwt/callback URL as a "jwt" parameter:

/auth/jwt/callback?jwt=ENCODEDJWTGOESHERE

An example of how to do that in Sinatra:

require "jwt"

get "/login/sso/other-app" do
  # assuming the user is already logged in and this is available as current_user
  claims = {
    id: current_user.id,
    name: current_user.name,
    email: current_user.email,
    iat: Time.now.to_i
  }

  payload = JWT.encode(claims, ENV["SSO_SECRET"])
  redirect "http://other-app.com/auth/jwt/callback?jwt=#{payload}"
end

While omniauth tools are free software and will always be, the project would benefit immensely from some funding. Raising a monthly budget of... "dollars" would make the project more sustainable.

We welcome both individual and corporate sponsors! We also offer a wide array of funding channels to account for your preferences. Currently, Open Collective is our preferred funding platform.

If you're working in a company that's making significant use of omniauth tools we'd appreciate it if you suggest to your company to become a omniauth sponsor.

You can support the development of omniauth tools via GitHub Sponsors, Liberapay, PayPal, Open Collective and Tidelift.

Support us with a monthly donation and help us continue our activities. [Become a backer]

NOTE: kettle-readme-backers updates this list every day, automatically.

No backers yet. Be the first!

Become a sponsor and get your logo on our README on GitHub with a link to your site. [Become a sponsor]

NOTE: kettle-readme-backers updates this list every day, automatically.

No sponsors yet. Be the first!

I’m driven by a passion to foster a thriving open-source community – a space where people can tackle complex problems, no matter how small. Revitalizing libraries that have fallen into disrepair, and building new libraries focused on solving real-world challenges, are my passions. I was recently affected by layoffs, and the tech jobs market is unwelcoming. I’m reaching out here because your support would significantly aid my efforts to provide for my family, and my farm (11 🐔 chickens, 2 🐶 dogs, 3 🐰 rabbits, 8 🐈‍ cats).

If you work at a company that uses my work, please encourage them to support me as a corporate sponsor. My work on gems you use might show up in bundle fund.

I’m developing a new library, floss_funding, designed to empower open-source developers like myself to get paid for the work we do, in a sustainable way. Please give it a look.

Floss-Funding.dev: 👉️ No network calls. 👉️ No tracking. 👉️ No oversight. 👉️ Minimal crypto hashing. 💡 Easily disabled nags

See SECURITY.md.

If you need some ideas of where to help, you could work on adding more code coverage, or if it is already 💯 (see below) check issues or PRs, or use the gem and think about how it could be better.

We so if you make changes, remember to update it.

See CONTRIBUTING.md for more detailed instructions.

See CONTRIBUTING.md.

Everyone interacting with this project's codebases, issue trackers, chat rooms and mailing lists agrees to follow the .

Made with contributors-img.

Also see GitLab Contributors: https://gitlab.com/omniauth/omniauth-jwt2/-/graphs/main

⭐️ Star History

This library follows for its public API where practical. For most applications, prefer the Pessimistic Version Constraint with two digits of precision.

For example:

spec.add_dependency("omniauth-jwt2", "~> 0.0")

See CHANGELOG.md for a list of releases.

The gem is available as open source under the terms of the MIT .

See LICENSE.md for the official copyright notice.

Maintainers have teeth and need to pay their dentists. After getting laid off in an RIF in March, and encountering difficulty finding a new one, I began spending most of my time building open source tools. I'm hoping to be able to pay for my kids' health insurance this month, so if you value the work I am doing, I need your support. Please consider sponsoring me or the project.

To join the community or get help 👇️ Join the Discord.

To say "thanks!" ☝️ Join the Discord or 👇️ send money.

💌 💌 💌

Many parts of this project are actively managed by a kettle-jem smart template utilizing StructuredMerge.org merge contracts.

Thanks for RTFM. ☺️