Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Stateless authentication w/ JSON Web Tokens

Stateless authentication w/ JSON Web Tokens

DamirSvrtan

October 06, 2017
Tweet

More Decks by DamirSvrtan

Other Decks in Programming

Transcript

  1. GENERATE A RANDOM AUTH TOKEN class User before_save :generate_auth_token def

    generate_auth_token loop do self.auth_token = Devise.friendly_token break if User.find_by_auth_token(auth_token).nil? end end end
  2. • easy to change • auto-generated, random, unique • not

    used across several services AUTH TOKENS
  3. BROWSER SERVER EM AIL=DAM IR@ EXAM PLE.COM &PASSW ORD=PASS123 AUTH_TOKEN=RAND0M

    $TR1N6 EM AIL=DAM IR@ EXAM PLE.COM &PASSW ORD=PASS123 MOBILE AUTH_TOKEN=ANOTHER-RAND0M $TR1N6
  4. JSON Web Tokens are an open standard that defines a

    compact and self-contained way to securely share information between parties as a JSON Object.
  5. iss: The issuer of the token sub: The subject of

    the token exp: This will define the expiration in NumericDate value. nbf: Defines the time before which the JWT MUST NOT be accepted for processing iat: The time the JWT was issued. Can be used to determine the age of the JWT BODY CLAIMS
  6. Damir Svrtan Rails Team Lead @ infinum.co Organizer @ Ruby

    Zagreb Hit me up on twitter @DamirSvrtan