DEV Community

loading...

Easy has_secure_password Rails API Authentication

scottrobertson profile image Scott Robertson ・2 min read

I had a very simple API I needed to build, to be consumed by a Nuxt.js application. This sent me down a path of trying to find a simple way to authenticate against an API, using an email/password.

However, as I tried more gems and libraries, I quickly found that they were one of the following:

  • Way over complex
  • Broken
  • And/or unmaintained

After speaking with @marcqualie about this, I discovered that he needed something similar. So we decided to quickly put together a library that we could use in our projects.

Introducing Tokenable:

GitHub logo tokenable / tokenable-ruby

Tokenable is a Rails gem that allows API-only applications a way to authenticate users. This can be helpful when building Single Page Applications, or Mobile Applications. Works with Devise, Sorcery, has_secure_password, and any other auth system you may want to use.

Tokenable

Gem Version Tests codecov contributions welcome Project Status: WIP – Development is in progress

Tokenable is a Rails gem that allows API-only applications a way to authenticate users. This can be helpful when building Single Page Applications, or Mobile Applications. It's designed to work with the auth system you are already using, such as Devise, Sorcery and has_secure_password. You can also use it with any custom auth systems.

Simply send a login request to the authentication endpoint, and Tokenable will return a token. This token can then be used to access your API, and any authenticated endpoints.

Installation

Add this line to your application's Gemfile:

gem 'tokenable-ruby'
Enter fullscreen mode Exit fullscreen mode

And then execute:

bundle install

Usage

Once you have the gem installed, lets get it setup:

rails generate tokenable:install User --strategy=devise
Enter fullscreen mode Exit fullscreen mode

We make it easier for you, by adding out of the box support for some auth libraries. You can pick from the following options for --strategy, or leave it empty for a custom

Tokenable is a Rails gem that allows API-only applications a way to authenticate users. This can be helpful when building Single Page Applications, or Mobile Applications.

Setting it up with your existing auth system is simple, and using it from a JavaScript application, or mobile application is even more simple.

Once it's set up, all you need to do is send an email/password to the endpoint we provide you, and it will return a JWT token. This token can then be used to authenticate all future API calls.

Here is an example in Axios:

const { data } = await axios.post("https://example.com/api/auth", {
  email: "email@example.com",
  password: "coolpassword123",
});

const token = data.data.token;
const user_id = data.data.user_id;
Enter fullscreen mode Exit fullscreen mode

You then use this token in all future API requests:

const { data } = await axios.get(`https://example.com/api/user/${user_id}`, {
  headers: { Authorization: `Bearer ${token}` },
});
Enter fullscreen mode Exit fullscreen mode

Tokenable also supports Devise and Sorcery out of the box, but it can work with any auth system (or no auth system at all).

Let us know any feedback you have, and feel free to submit any issues you face.

Discussion (0)

pic
Editor guide