Skip to content
This repository has been archived by the owner on Apr 21, 2019. It is now read-only.

Latest commit

 

History

History
64 lines (39 loc) · 2.57 KB

README.md

File metadata and controls

64 lines (39 loc) · 2.57 KB

DMAO-WardenJWT

Warden Strategy for DMA Online JWT Authentication. Checks for a JWT (JSON Web Token) in either the Authorization header as a Bearer token or the get parameters of the request.

On successful authentication it returns an instance of DMAO::WardenJWT::User which has attributes and methods for checking the users institution as well as authenticated roles.

Installation

Add this line to your application's Gemfile:

gem 'DMAO-WardenJWT'

And then execute:

$ bundle

Or install it yourself as:

$ gem install Bundle-WardenJWT

Usage

DMAO-WardenJWT requires the following environment variables to be set, this can be done using the dotenv gem.

Environment Variable Description
JWT_VERIFY_ISS Boolean for whether to verify the token issuer (false allows for jwt_issuer to be nil)
JWT_VERIFY_AUD Boolean for whether to verify the token audience (false allows for jwt_audience to be nil)
JWT_VERIFY_IAT Boolean for whether to verify the issued at timestamp of the token
JWT_SECRET The secret used to verify the integrity of the JWT (required)
JWT_ISSUER The issuer of the JWT (required)
JWT_AUDIENCE The audience for the JWT (required)
JWT_CUSTOM_CLAIMS_ATTRIBUTE The name of the claim within the JWT to extract as the DMA Online custom claims (dmao is a sensible default)

Failure App

DMAO-WardenJWT does not define a failure app. Handling authentication failure should be handled within the service/application using this.

Rails Usage

After including the gem add the following to config/application.rb. This is correct for using with Rails 5 when in API mode.

config.middleware.insert_after Rack::ETag, Warden::Manager do |manager|
  manager.default_strategies :jwt
end

Development

After checking out the repo, run bin/setup to install dependencies. Then, run rake test to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/lulibrary/DMAO-WardenJWT.

License

The gem is available as open source under the terms of the MIT License.