devise-jwt-cookie
is a devise extension based on devise-jwt. It should be used alongside devise-jwt
.
Add this line to your application's Gemfile:
gem 'devise-jwt-cookie', '~> 0.4.0'
And then execute:
$ bundle
First you need to setup up and configure devise and devise-jwt. This gem hooks into devise-jwt to add an httpOnly cookie with the JWT.
You have to update the user model to be able to use the cookie method. For example:
class User < ApplicationRecord
devise :database_authenticatable,
:jwt_cookie_authenticatable,
:jwt_authenticatable, jwt_revocation_strategy: Blacklist
end
This library can be configured by calling jwt_cookie
on the devise config object:
Devise.setup do |config|
config.jwt do |jwt|
# config for devise-jwt goes here
end
config.jwt_cookie do |jwt_cookie|
# ...
jwt_cookie.secure = false if Rails.env.development?
end
end
The name of the cookie. Defaults to access_token
.
The domain the cookie should be issued to. Will be omitted if not set.
If a secure cookie should be set, this means the cookie must be sent over a secure connection. Defaults to true.