Toktok

JWT Authentication for Ruby

Add this line to your application's Gemfile:

gem 'toktok'

And then execute:

$ bundle

Or install it yourself as:

$ gem install toktok

Configuration

# 'none' | 'HS256' | 'RS256' | 'ES256'
Toktok.algorithm = 'HS256'

# REQUIRED unless algorithm = 'none'
Toktok.secret_key = ENV['SECRET_KEY_BASE']

# OPTIONAL – in seconds
Toktok.lifetime = nil

Encode/Decode

token = Toktok::Token.new(identity: 'guzart', payload: { message: 'Hola' })
puts token.jwt # 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1...'

token = Toktok::Token.new(jwt: 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1...')
puts token.identity # 'guzart'
puts token.payload # { sub: 'guzart', message: 'Hola' }

Toktok uses the required identity argument as the payload sub attribute defined by the JWT Subject Claim.

Toktok automatically calculates the token expiration using the Toktok.lifetime configuration value and sets the exp attribute defined by the JWT Expiration Time Claim

After checking out the repo, run bin/setup to install dependencies. Then, run rake test to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

Bug reports and pull requests are welcome on GitHub at https://github.com/guzart/toktok.

The gem is available as open source under the terms of the MIT License.