SolidusJwt

This gem gives Solidus stores the ability to authenticate API requests with JSON Web Tokens.

To use this gem, you should have a sound understanding of JSON web tokens. For more information you can visit the Offical JWT Website. It may also be useful to look at ruby-jwt, the library required by this gem.

Installation

Add solidus_jwt to your Gemfile:

gem 'solidus'
gem 'solidus_jwt'

Bundle your dependencies and run the installation generator:

bundle
bundle exec rails g solidus_jwt:install

Configuration

# config/initializers/solidus_jwt.rb

SolidusJwt::Config.configure do |config|
  config.jwt_secret           = 'secret'
  config.allow_spree_api_key  = true
  config.jwt_algorithm        = 'HS256'
  config.jwt_expiration       = 3600
  config.jwt_options          = { only: %i[email first_name id last_name] }
end

jwt_secret:

Defaults to Rails.application.secret_key_base. The encryption key, should be kept secret and secure.

allow_spree_api_key:

Defaults to true. When true, the spree_api_key is still accepted as an authentication token along with json web tokens.

jwt_algorithm:

Defaults to HS256. See: https://github.com/jwt/ruby-jwt#algorithms-and-usage for more information on accepted algorithms.

jwt_expiration:

Defaults to 3600 (1 hour). The amount of time in seconds that the token should last for.

jwt_options

Defaults to { only: %i[email first_name id last_name] }. These options are passed into Spree::User#as_json when serializing the token's payload. Keep in mind that the more information included, the larger the token will be. It may be in your best interest to keep it short and simple.

Usage

Generating and decoding a token:

SolidusJwt::Config.configure do |config|
  config.jwt_secret = 'secret'
end

user = Spree::User.new email: '[email protected]', id: 1
token = user.generate_jwt_token(expires_in: 1.hour.to_i) # Expiration is time in seconds
# eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1NDA1MzIzNjcsImlhdCI6IjIwMTgtMTAtMjYgMDQ6Mzk6MjcgVVRDIiwiaWQiOjEsImVtYWlsIjoiZW1haWxAZXhhbXBsZS5jb20ifQ.LWqf_cfsMwB995AqN9wj5IseJqEZYaIHHIhf8Ej7WIc

SolidusJwt.decode(token)
# [{"exp"=>1540532367, "iat"=>"2018-10-26 04:39:27 UTC", "id"=>1, "email"=>"[email protected]"}, {"alg"=>"HS256"}]

Distributing a Token Using 'solidus_auth_devise':

To have the solidus_auth_devise gem distribute a token back to the client you can do the following:

# app/controllers/application_controller.rb
include SolidusJwt::Distributor::Devise

When a user logs in, the redirect will contain the header X-SPREE-TOKEN.

Testing

First bundle your dependencies, then run rake. rake will default to building the dummy app if it does not exist, then it will run specs, and Rubocop static code analysis. The dummy app can be regenerated by using rake test_app.

bundle
bundle exec rake

When testing your applications integration with this extension you may use it's factories. Simply add this require statement to your spec_helper:

require 'solidus_jwt/factories'

Copyright (c) 2018 [name of extension creator], released under the New BSD License