RAILS 6 & 7 API Authentication with JWT (Token-based authentication)
What is JWT?
JSON Web Token authentication (also known as Token-based authentication) is a new way to manage user authentication in applications. It is an alternative method of session-based authentication.
In this blog, you will learn how to implement JSON web token (JWT) authentication, which is the most optimal solution for user authentication in the Ruby on Rails development company.
The most notable difference between session-based authentication and token-based authentication are:-
Token-based authentication is stateless we do not store any information about the user logged into the server (which also means we do not need a model or table for our user sessions).
Session-based authentication relies heavily on the server. The record is made for each logged-in user.
Dissimilar to session-based authentication, the token method will not associate the user with login information but with a unique token used to manage client host transactions.
JSON Web Token Structure?
A JWT is easy to identify. It is three strings separated by (.)
1) Header
2) Payload
3) Signature
Header
The header carries two parts:
● The type of token
● The hashing algorithm to use, such as HMAC SHA256 or RSA
Payload
The payload contains information about the user and his or her role. For example, a paid token load may contain an email and password.
Signature
A signature is a unique key that identifies a service that creates a header. In this case, the token signature will be the base-64 encoded version with the secret code of the Rails application (Rails.application.secrets.secret_key_base). Because each app has a unique basic key, this secret key acts as a token signature.
Workflow of Token-based Authentication?
The token-based verification method works simply. The user enters his details and sends the request to the server. If the information is correct, the server creates a unique HMACSHA256 encoded token, also known as the JSON (JWT) web token. The client maintains JWT and executes all the following requests on the server with the attached token. The server verifies the user by comparing the JWT sent with the request to the one it has stored in the database. Here is a simple diagram of the process.
Let's code
Enough theory, it's time to practice. The first step in building a new Rails API-only program:
$ rails new backend_authentication --api --database=postgresql
Add JSON Web Token (JWT) and bcrypt gem
and then install dependencies by typing this on your terminal
$ bundle install
$ rails db:create
Creating User Model
$ rails g model user name:string username:string email:string
password_digest:string
'$ rails db:migrate'
Create User Controller
$ rails g controller users
Create JsonWebToken concerns
Create authenticate_request function
Create authentication controller
$ rails g controller authentication
Implementations of Login feature
Update routes
You can now check your application response with the postman
Create User
Response
Login
Response
Conclusion: At this point, you have covered these points related to JWT and its implementations in Ruby On Rails:-
1) JSON Web Token Structure
2) Difference between Token-based authentication and Session-based authentication.
3) Basic knowledge related to Token-based Authentication
4) Workflow of Token-based Authentication.
Happy Learning