DEV Community

Amereen
Amereen

Posted on

Implementing JWT Authentication in Ruby on Rails

#rails #jwt #webdev

User authentication is a pivotal component of web development, ensuring that only authorized individuals can access your application's resources. In this guide, we'll delve into the implementation of JWT (JSON Web Tokens) authentication in a Ruby on Rails project. This method offers stateless and secure authentication and is widely embraced in modern web development.

JWT Authentication Unveiled
JSON Web Tokens (JWTs) are the building blocks of secure authentication. They are self-contained tokens that convey user identity and are an excellent choice for authenticating users in your Ruby on Rails application. A JWT consists of three parts: a header, a payload, and a signature.

Header: This part contains metadata, including the token's type and the signing algorithm used.

Payload: Here, you'll find claims or statements about the user's identity and additional data.

Signature: This part ensures the token's integrity by verifying that it hasn't been tampered with during transmission.

Why JWT Authentication in Ruby on Rails?

JWT authentication provides several advantages when applied in a Ruby on Rails project:

1.Stateless Authentication: By design, JWT authentication is stateless, meaning that you don't need to store session data on the server. This promotes scalability and efficiency.
2.Security: JWTs can be cryptographically signed, rendering them tamper-proof. Your application's security is significantly enhanced.
3.Cross-Origin Compatibility: JWTs can be sent as HTTP headers, cookies, or query parameters, making them suitable for Single Page Applications (SPAs) and mobile apps.
4.Simplified Front-end Integration: Integrating JWTs into front-end frameworks like React, Angular, or Vue.js is straightforward, allowing for seamless user authentication.

Integrating JWT Authentication in Ruby on Rails

Now, let's walk through the process of implementing JWT authentication in your Ruby on Rails application.

Step 1: Adding Dependencies
To get started, you need to add the necessary gems to your Gemfile and run bundle install:

gem 'jwt'
gem 'bcrypt'

These gems are essential for working with JWT and securely storing passwords.

Step 3: User Model
Your existing User model plays a pivotal role. The model is the representation of users in your application, featuring attributes like email, password, and associations with other models.

_class User < ApplicationRecord
has_secure_password

# Additional attributes, associations, and validations can be defined here.
end_

The has_secure_password method in the User model is responsible for securely storing and validating user passwords.

*Step 4: Authentication in ApplicationController
*

The ApplicationController is the heart of your JWT authentication. It oversees the process of authenticating users using JWT.

_class ApplicationController < ActionController::API
before_action :authenticate_user

private

def authenticate_user
token = request.headers['Authorization'].to_s.split('Bearer ').last
if token.present?
decoded_token = JWT.decode(token, JWT_SECRET, true, algorithm: JWT_ALGORITHM)
user_id = decoded_token[0]['user_id']
@current_user = User.find(user_id)
else
@current_user = nil
end
end

def current_user
@current_user
end
end_

In the ApplicationController, the before_action ensures that the authenticate_user method is executed before any controller action. The authenticate_user method is responsible for validating JWT tokens and setting the @current_user instance variable.

Step 5: Users Controller
The Api::V1::UsersController takes care of user-related actions, such as user registration, login, and logout.

_class Api::V1::UsersController < ApplicationController
# User registration logic
def create
# User registration logic
end

# User login logic
def login
# User login logic
end

# User logout logic
def logout
# User logout logic
end

private

def user_params
params.require(:user).permit(:email, :password, :password_confirmation)
end
end
_

In this controller, the create method handles user registration, login manages user login, and logout can be used for user logout functionality.

Conclusion

JWT authentication offers a robust and secure solution for user authentication in Ruby on Rails applications. By following the steps outlined in this guide, you can establish a secure user registration and login process. JWTs, being stateless and efficient, have become the choice of many developers for ensuring secure user access in modern web applications.

profile
Hostinger
 Promoted

Hostinger image

Get n8n VPS hosting 3x cheaper than a cloud solution

Get fast, easy, secure n8n VPS hosting from $4.99/mo at Hostinger. Automate any workflow using a pre-installed n8n application and no-code customization.

Start now

Top comments (0)

profile
Cloudinary
 Promoted

Cloudinary image

Optimize, customize, deliver, manage and analyze your images.

Remove background in all your web images at the same time, use outpainting to expand images with matching content, remove objects via open-set object detection and fill, recolor, crop, resize... Discover these and hundreds more ways to manage your web images and videos on a scale.

Learn more

Read next

rajajaganathan profile image

An Alternative to filter().map(): Using flatMap()

Raja Jaganathan -

urbanisierung profile image

Stay ahead in web development: latest news, tools, and insights #73

Adam -

sinedied profile image

Using DeepSeek-R1 on Azure with JavaScript

Yohan Lasorsa -

km-js profile image

30 Creative Projects created with HTML, CSS and JavaScript- Part 2 #30days30projects

Km-js -

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay