Low commit activity in last 3 years
No release in over a year
Cookie-based JWT authentication for devise with configurable token revocation strategies
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

Runtime

 Project Readme

Devise::JWT::Cookie

devise-jwt-cookie is a devise extension based on devise-jwt. It should be used alongside devise-jwt.

Installation

Add this line to your application's Gemfile:

gem 'devise-jwt-cookie', '~> 0.4.0'

And then execute:

$ bundle

Usage

First you need to setup up and configure devise and devise-jwt. This gem hooks into devise-jwt to add an httpOnly cookie with the JWT.

Model configuration

You have to update the user model to be able to use the cookie method. For example:

class User < ApplicationRecord
  devise :database_authenticatable,
         :jwt_cookie_authenticatable,
         :jwt_authenticatable, jwt_revocation_strategy: Blacklist
end

Configuration reference

This library can be configured by calling jwt_cookie on the devise config object:

Devise.setup do |config|
  config.jwt do |jwt|
    # config for devise-jwt goes here
  end
  config.jwt_cookie do |jwt_cookie|
    # ...
    jwt_cookie.secure = false if Rails.env.development?
  end
end

name

The name of the cookie. Defaults to access_token.

domain

The domain the cookie should be issued to. Will be omitted if not set.

secure

If a secure cookie should be set, this means the cookie must be sent over a secure connection. Defaults to true.