Provides a simple devise authentication strategy for authenticating by JSON Web Tokens (JWTs) passed either as a GET parameter or as an Authorization header.
Designed to be used with our JWT Server package which provides a central server to authenticate users behind CoSign or similar service that provides a JWT to be used for authentication with other services.
Add this line to your application's Gemfile:
gem 'devise_lulibrary_jwt'
And then execute:
$ bundle
Or install it yourself as:
$ gem install devise_lulibrary_jwt
After installing the gem add the following to the model you wish to use for authentication.
devise :jwt_authenticatable, :authentication_keys => [:username], :jwt_create_user => true
The options of authentication_keys
and jwt_create_user
allow for multiple models to be used with different configuration options, be this using different authentication keys or changed whether the strategy only looks up a user compared to creating the user if they don't exist.
Within the global devise config the following options can be configured, the only required values are jwt_secret
, jwt_issuer
and jwt_audience
.
Parameter | Description |
---|---|
jwt_secret | The secret used to verify the integrity of the JWT (required) |
jwt_issuer | The issuer of the JWT (required) |
jwt_audience | The audience for the JWT (required) |
verify_aud | Boolean for whether to verify the token audience (false allows for jwt_audience to be nil) |
verify_iss | Boolean for whether to verify the token issuer (false allows for jwt_issuer to be nil) |
verify_iat | Boolean for whether to verify the issued at timestamp of the token |
jwt_create_user | Boolean - Global option for whether to create a user if they don't exist (true) or to just find existing users (false). Can be overridden by setting :jwt_create_user on the devise config line of the model. |
Bug reports and pull requests are welcome on GitHub at https://github.com/lulibrary/devise_lulibrary_jwt.
The gem is available as open source under the terms of the MIT License.