I had a very simple API I needed to build, to be consumed by a Nuxt.js application. This sent me down a path of trying to find a simple way to authenticate against an API, using an email/password.
Scott Robertson@scottymeuk
I really wish @rails would take a page out of the Laravel book, and start building a lot more first party gems. For example, I just need some simple API auth, and there is seemingly nothing that actually works.
Laravel: laravel.com/docs/8.x/sanctβ¦12:39 PM - 16 Jan 2021
However, as I tried more gems and libraries, I quickly found that they were one of the following:
- Way over complex
- Broken
- And/or unmaintained
After speaking with @marcqualie about this, I discovered that he needed something similar. So we decided to quickly put together a library that we could use in our projects.
Introducing Tokenable:
tokenable
/
tokenable-ruby
Tokenable is a Rails gem that allows API-only applications a way to authenticate users. This can be helpful when building Single Page Applications, or Mobile Applications. Works with Devise, Sorcery, has_secure_password, and any other auth system you may want to use.
Tokenable
Tokenable is a Rails gem that allows API-only applications a way to authenticate users. This can be helpful when building Single Page Applications, or Mobile Applications. It's designed to work with the auth system you are already using, such as Devise, Sorcery and has_secure_password. You can also use it with any custom auth systems.
Simply send a login request to the authentication endpoint, and Tokenable will return a token. This token can then be used to access your API, and any authenticated endpoints.
Installation
Add this line to your application's Gemfile:
gem 'tokenable-ruby'
And then execute:
bundle install
Usage
Once you have the gem installed, lets get it setup:
rails generate tokenable:install User --strategy=devise
We make it easier for you, by adding out of the box support for some auth libraries. You can pick from the following options for --strategy, or leave it empty for a customβ¦
Tokenable is a Rails gem that allows API-only applications a way to authenticate users. This can be helpful when building Single Page Applications, or Mobile Applications.
Setting it up with your existing auth system is simple, and using it from a JavaScript application, or mobile application is even more simple.
Once it's set up, all you need to do is send an email/password to the endpoint we provide you, and it will return a JWT token. This token can then be used to authenticate all future API calls.
Here is an example in Axios:
const { data } = await axios.post("https://example.com/api/auth", {
email: "email@example.com",
password: "coolpassword123",
});
const token = data.data.token;
const user_id = data.data.user_id;
You then use this token in all future API requests:
const { data } = await axios.get(`https://example.com/api/user/${user_id}`, {
headers: { Authorization: `Bearer ${token}` },
});
Tokenable also supports Devise and Sorcery out of the box, but it can work with any auth system (or no auth system at all).
Let us know any feedback you have, and feel free to submit any issues you face.
Top comments (0)