JSON web marker with design

Question

JSON web marker with design

Hope this is not considered a stubborn issue. I just have to be directed in the right direction.

I am modifying the Devise gem to work only with JSON . So far I have not had problems with registration , confirmation , re-confirmation , locking .

However, working with the sign, I dig deeper and understand that the default Devise strategy uses Warden because it is associated with sessions and Rack authentication.

I understand that JWT contains all the information in itself and does not need sessions.

So, if I delete the default Devise strategy of everything and just return the JWT to success and error on error, would that be the right approach?

Am I missing something?

+6

ruby ruby-on-rails rack devise jwt

Noman ur rehman Mar 21 '16 at 17:04

source share

4 answers

Waiting for Dev ... · Answer 1 · 2017-03-02T14:30:23+0000

To use JWT with development, I recommend not developing the monkey patch and instead use a tool that others can test and test.

For this reason, I developed devise-jwt . It performs a zero patch of monkeys and uses the warden, which is the authentication library below. You can also read about this in this post, I wrote: Implementing JWT Secure Authentication for Rack and Rails

Hope this helps

januszm · Answer 2 · 2016-10-05T09:47:12+0000

I would not use devise_token_auth , as it seems that this is too much trouble and ... you save the tokens in db: /. Why do we want to do this if JWT is available.

I would rather add a new strategy for the Warden / Devise pair and let them work the way they should.

Here is an example: https://medium.com/@goncalvesjoao/rails-devise-jwt-and-the-forgotten-warden-67cfcf8a0b73 . One note: JWTWrapper does not really apply to app/helpers/ . You need to enter the JWTWrapper.encode({ user_id: current_user.id }) call JWTWrapper.encode({ user_id: current_user.id }) somewhere after your users successfully sign up with their email address / password. Perhaps in a Devise SessionsController?

 def create self.resource = warden.authenticate!(auth_options) sign_in(resource_name, resource) yield resource if block_given? render json: JWTWrapper.encode({user_id:current_user.id}) end

You might want to do this only for xhr or json (format) requests

Sacwebdeveloper · Answer 3 · 2016-03-21T18:38:36+0000

You probably shouldn't hack into the source of gems in Devise. I suggest just using Devise Token Auth to handle tokens instead.

https://github.com/lynndylanhurley/devise_token_auth

It will generate and authenticate valid RFC 6750 Media Signs .

According to their README.

Full integration with the venerable ng-token-auth module for angular.js and the outstanding jToker plugin for jQuery.
Authentication Oauth2 using OmniAuth.
Email authentication using the Development program, including:
- User registration
- Password reset
- Account Updates
- Delete account
Support for multiple user models.
safe .

Benjamin scharbau · Answer 4 · 2016-08-24T01:40:07+0000

Sorry for the late reply, but I am really working on the same issue and want to share my opinion on this.

Firstly, I would like to emphasize that I’m not changing the sources of Davise, this is likely to lead to further problems, especially when changing the Devise code.

On the other hand, since I came across devess-token-auth, this may not be suitable for your needs, especially in distributed systems (SOA). I may be mistaken, but since I see dev-token-auth, you cannot add Subjects to restrict user access exclusively to the token. If you do not need this function, you really need to try dev-token-auth.

If you want to store additional information in a token, you can try to authenticate according to the usual design or dev-token-auth, and then encode your information using the JWT pearl.

An example can be found here: https://www.sitepoint.com/introduction-to-using-jwt-in-rails/

JSON web marker with design

More articles: