Thursday, September 29, 2016

Authenticate Your Rails API with JWT from Scratch

Authentication is one of the vital parts of any web application. There are innumerable libraries and frameworks that provide various options to perform authentication one way or another. These libraries take away much of the groundwork required to setup an authentication system, providing "magic" with what's happening behind the scenes. For Rails, we have a number of authentication systems, the prominent one being Devise.

Devise is an authentication engine that runs as part of our application and does all the heavy lifting when it comes to authentication. However, often times we don't need many of the parts it provides. For example, Devise doesn't work very well with API-based systems, which is why we have the devisetokenauth gem. devisetokenauth is a library that does what Devise does, but with tokens instead of sessions.

Today we're going to explore building our own custom JWT-based authentication system from scratch. Let's get started.

NOTE: This Tutorial is aimed for API-based authentication.

Why JWT

JWT (JSON Web Token, pronounced "jot") is a self-contained authentication standard designed for securely exchanging data between systems. Since it's self-contained, it doesn't need any backing storage to work. Also, the JWT approach is very reliable and flexible, allowing it to be used with any client. It doesn't have any overhead to get started and almost all languages have libraries that make working with JWTs a breeze.

Continue reading %Authenticate Your Rails API with JWT from Scratch%


by Vinoth via SitePoint

No comments:

Post a Comment