Token Based Authentication API in Rails with the help of JWT and Knock
If you want to create Rails Application dependent on API only and you have a requirement to provide Token based authentication in your application. So you can use JWT+ KNOCK token based Authentication solution.
Knock is an authentication solution for Rails API-only application based on JSON Web Tokens.
JWT is JSON based web tokens.
Advantages of using JWT and Knock in Ruby on Rails Application:
-
JWT:
1. It is lightweight
2. It is easy to use
3. It is stateless
-
Knock:
1. Seamless JWT authentication for Rails API
2. It is easy to implement and maintain.
3. It allows customization.
Step 1: Create Rails API Project
rails new project_name --api -d mysql
where
# --api specifies the rails application is API based
# -d mysql specifies that we use mysql database in this application
Step 2 : Add gem
Add following gem into project_name/Gemfile
gem 'knock'
gem 'jwt'
gem file looks like
Figure 1: Gemfile for JWT and Knock
Next to run command on terminal for installing gem in application.
bundle install
Step 3. Setup a basic Knock structure.
Run following command
rails generate knock:install
rails generate knock:token_controller user
Now run the following commands to setup your Rails application.
rails generate model users
rails generate controller users
rails generate controller home
If you add custom model so you can do it
File Location: project_name/db/migrate/:random_number_create_users.rb
Figure 2: Migration File
Run following command to create User table
rake db:migrate
Step 4 . Authorization/Knock Setup:
File Location: project_name/config/initializers/knock.rb
Figure 3: Knock.rb file
Step 5. Setup your User model with some basic validation.
File Location: project_name/app/model/user.rb
Your user model look like this.
Figure 4: User.rb file
Now you can setup controller to access the Authentication.
Add include Knock::Authenticable
File Location: project_name/app/controller/application_controller.rb
Figure 4: Application Controller
Also each and every method call pass though knock authentication.
Add before_action :authentication_user, only[:auth]
Here auth is a method to check client is authorized.
In home controller there is index method and auth method for login.
File Location: project_name/app/controller/api/v1/home_controller.rb
Figure 6: Home Controller
File Location: project_name/app/controller/api/v1/users_controller.rb
In user controller there is index, current method for current user data and create method for creating new user. Also you can add update and delete method.
Add authentication on required method with help of authentication_user , authorize_as_admin, and authorize method.
Figure 7: User Controller
Final Step: Test API
We test API with help of Postman.
1. User creation API: API endpoint is http://localhost:3000/api/v1/users/create
We send parameter in body for user creation so that API method type POST. After calling API we get successful response with status 200 and and message “User was created ”.
After user creation we go to login API, but for application login we need a token so we need to call token API.
rails new project_name --api -d mysql
Figure 8: User create API
2. API Endpoint: http://localhost:3000/api/v1/user_token
For user token we need to send email id and password in body of method type POST.
If email id and password is valid to API we get jwt token from knock in response.
Great we now got token. With help of this we access knock authorized method.
Figure 9: User_token API
3. Login API:
API Endpoint: http://localhost:3000/api/vi1/auth
we sent jwt token in header of API and content type is applicationJson.
Authentication: Bearer jwt token
content type: : applicationJson.
If everything is OK, then we get successful response.
Figure 10: Login with jwt token
These two gems Knock + JWT can help us to develop token based API in Rails 5 very easily and will save the overall time required in Ruby on Rails development.
