RubyJwk
Authenticate JWT with JWKs.
Usage
How to use my plugin.
Installation
Add this line to your application's Gemfile:
gem 'ruby_jwk'
And then execute:
$ bundle
Or install it yourself as:
$ gem install ruby_jwk
Getting started
Authentication system exposes a JWKS endpoint for each tenant, which looks like https://YOUR_DOMAIN/.well-known/jwks.json
. This endpoint will contain the JWK used to verify all Authentication JWTs for this tenant. This endpoint has to be configured like below in initializer file.
RubyJwk.jwk_url = 'https://YOUR_DOMAIN/.well-known/jwks.json'
RubyJwk.skip_issuers = [] # to skip authentication for certain issuers
Suppose each tenant has different endpoint then configure it as below. Here :tenant_name
gets replaced by tenant
attribute in JWT payload.
RubyJwk.jwk_url = 'https://:tenant_name/.well-known/jwks.json'
To set up a controller with tenant authentication, just add this before_action
class ApplicationController < ActionController::API
include RubyJwk::Authenticate
before_action :authenticate_tenant!
end
To get the JWT payload, use the following helper:
jwt_payload
To get tenant name from JWT, use the following helper:
jwt_tenant_name
Token verification
Currently, we support below verifications
- Signature
- Token expiry
- nbf
Reference
https://blog.unathichonco.com/verifying-jwts-with-jwks-in-ruby
Contributing
Contribution directions go here.
License
The gem is available as open source under the terms of the MIT License.