Token Based Authentication API in Rails with the help of JWT and Knock

20 Sep 2018
1
Comments

  

If you want to create Rails Application dependent on API only and you have a requirement to provide Token based authentication in your application. So you can use JWT+ KNOCK token based Authentication solution.

 

Knock is an authentication solution for Rails API-only application based on JSON Web Tokens.

JWT is JSON based web tokens.

 

Advantages of using JWT and Knock in Ruby on Rails Application:

 

  • JWT:

 

1. It is lightweight

2. It is easy to use

3. It is stateless

 

  • Knock:

 

1. Seamless JWT authentication for Rails API

2. It is easy to implement and maintain.

3. It allows customization.

 

Step 1: Create Rails API Project

 

rails new project_name --api -d mysql 

 

where

# --api specifies the rails application is API based

# -d mysql specifies that we use mysql database in this application

 

Step 2 : Add gem

 

Add following gem into project_name/Gemfile

 

gem 'knock' 

gem 'jwt'

 

gem file looks like

 

Token Authentication in Rails Application

Figure 1: Gemfile for JWT and Knock

 

Next to run command on terminal for installing gem in application.

bundle install 

 

Step 3. Setup a basic Knock structure.

 

Run following command

 

rails generate knock:install 

rails generate knock:token_controller user

 

Now run the following commands to setup your Rails application.

 

rails generate model users 

rails generate controller users 

rails generate controller home

 

 

If you add custom model so you can do it

 

File Location: project_name/db/migrate/:random_number_create_users.rb

 

Migration file in Ruby on Rails Application

Figure 2: Migration File

 

Run following command to create User table

 

rake db:migrate 

 

Step 4 . Authorization/Knock Setup:

 

File Location: project_name/config/initializers/knock.rb

 

Knock Setup in Rails Application

Figure 3: Knock.rb file

 

Step 5. Setup your User model with some basic validation.

 

 

File Location: project_name/app/model/user.rb

 

 

Your user model look like this.

 

Knock and JWT in Rails Application

Figure 4: User.rb file

 

Now you can setup controller to access the Authentication.

 

Add include Knock::Authenticable 

 

File Location: project_name/app/controller/application_controller.rb

 

Application Controller in Rails Application

Figure 4: Application Controller
 

Also each and every method call pass though knock authentication.

 

Add before_action :authentication_user, only[:auth]

 

Here auth is a method to check client is authorized.

 

In home controller there is index method and auth method for login.

 

File Location: project_name/app/controller/api/v1/home_controller.rb

 

Home Controller | Ruby on Rails Developer

Figure 6: Home Controller

 

File Location: project_name/app/controller/api/v1/users_controller.rb

In user controller there is index, current method for current user data and create method for creating new user. Also you can add update and delete method.

 

Add authentication on required method with help of authentication_user , authorize_as_admin, and authorize method.

 

User Controller in Ruby on Rails Application

Figure 7: User Controller

Final Step: Test API

 

We test API with help of Postman.

 

1. User creation API: API endpoint is http://localhost:3000/api/v1/users/create

 

We send parameter in body for user creation so that API method type POST. After calling API we get successful response with status 200 and and message “User was created ”.

 

After user creation we go to login API, but for application login we need a token so we need to call token API.

 

User Create API - Rails Application | Token Authentication

 

Figure 8: User create API

 

 

2. API Endpoint: http://localhost:3000/api/v1/user_token

 

For user token we need to send email id and password in body of method type POST.

 

If email id and password is valid to API we get jwt token from knock in response.

 

Great we now got token. With help of this we access knock authorized method.

 

User Token API - Rails Application Development

Figure 9: User_token API

 

3. Login API:

 

API Endpoint: http://localhost:3000/api/vi1/auth

 

we sent jwt token in header of API and content type is applicationJson.

 

Authentication: Bearer jwt token

content type: : applicationJson.

 

If everything is OK, then we get successful response.

 

Rails Application - Token Based Authentication API

Figure 10: Login with jwt token

 

These two gems Knock + JWT can help us to develop token based API in Rails 5 very easily and will save the overall time required in Ruby on Rails development.



Comments

Name: poojagarg

Message: thanks for sharing this type of useful information. I am a ruby on rails developer India and I like to learn more about the API and rails.

Reply:


Leave a comment:

Recent Blogs
Contact-Us Contact-Us
Newsletter Newsletter