ruwhan

Posted on Jan 18

[Part 2] Rails 8 Authentication but with JWT

#rails #jwt #authentication

Overview

In the previous part, we've already covered how to setup, and encode our user object. There are still some parts missing, how do we decode and send the token, and how it will affect our API endpoints to be faster and more efficient.

The functions already there, in app/controllers/concern/Authentication.rb, we already have, decode, current_user, get_token, we gonna use them here.

Authenticating the Requests

We will need to create a new endpoint, for the first case, let's create a GET /users/me API endpoint.

rails g controller v1/UsersController

It will create a ruby file, app/controllers/v1/users_controller.rb

module V1
  class UsersController < ApplicationController
    def me 
      if current_user
        render json: { user: current_user }, status: :ok
      else
        render json: { error: "Invalid token" }, status: :unauthorized
      end
    end
  end
end

Update the Routes Config

  namespace :v1 do
    resources :auth, only: [:create]
    resources :users, only: [] do 
      collection do
        get :me
      end
    end
  end

To recall, in the 1st part, we already create the current_user function in Authentication module, basically they just decode the token from the Authorization header, and will throw unauthenticated http error when token is not present or invalid.

Testing

Like we do in the first part of this article,

curl -X POST "http://localhost:5000/v1/auth" -H "Content-Type: application/json" -d "{\"email_address\": \"two@example.com\", \"password\": \"password\"}

If everything going right, we should get the token in the response body:

{"token":"<AUTH_TOKEN>"}

Get the current user object

Now, let's shoot the GET /users/me API endpoint, e.g, using curl:

curl "http://localhost:5000/v1/users/me" -H "Authorization: bearer <AUTH_TOKEN>"

Since we are logged in using two@example.com user email address, we should expect that from the response body:

{
  "user": {
    "id": 298486374,
    "email_address": "two@example.com"
  }
}

Of course, the user id can be different.

Source Code

The code available in the GitHub repository: https://github.com/ruwhan/rails_jwt, I also add a simple case how to use current authenticated user related with other models.

Conclusion

In this 2nd part of the article, we learn how JWT can eliminate database access to check authenticated user, while using some library that has token based authentication, we check database each time we want to get the current logged in user.

5 Playwright CLI Flags That Will Transform Your Testing Workflow

0:56 --last-failed: Zero in on just the tests that failed in your previous run
2:34 --only-changed: Test only the spec files you've modified in git
4:27 --repeat-each: Run tests multiple times to catch flaky behavior before it reaches production
5:15 --forbid-only: Prevent accidental test.only commits from breaking your CI pipeline
5:51 --ui --headed --workers 1: Debug visually with browser windows and sequential test execution

Learn how these powerful command-line options can save you time, strengthen your test suite, and streamline your Playwright testing experience. Click on any timestamp above to jump directly to that section in the tutorial!

Watch Full Video 📹️

DEV Community