{"id":13878764,"url":"https://github.com/Gokul595/api_guard","last_synced_at":"2025-07-16T14:32:56.395Z","repository":{"id":34230190,"uuid":"124639853","full_name":"Gokul595/api_guard","owner":"Gokul595","description":"JWT authentication solution for Rails APIs","archived":false,"fork":false,"pushed_at":"2023-09-14T07:34:48.000Z","size":306,"stargazers_count":276,"open_issues_count":10,"forks_count":27,"subscribers_count":7,"default_branch":"master","last_synced_at":"2024-11-20T14:51:59.079Z","etag":null,"topics":["api","api-auth","api-authentication","api-guard","authentication","jwt","rails","rails-api","rails-auth","rails-authentication","rails-gem","rails-plugins","ruby","ruby-jwt","ruby-on-rails"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Gokul595.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":".github/FUNDING.yml","license":"MIT-LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null},"funding":{"custom":["https://www.paypal.me/gokul595"]}},"created_at":"2018-03-10T09:11:58.000Z","updated_at":"2024-11-13T14:59:47.000Z","dependencies_parsed_at":"2024-01-05T21:58:28.061Z","dependency_job_id":null,"html_url":"https://github.com/Gokul595/api_guard","commit_stats":{"total_commits":178,"total_committers":7,"mean_commits":"25.428571428571427","dds":0.0561797752808989,"last_synced_commit":"120328a09646410f806790a2cc1855ee6859a0a8"},"previous_names":[],"tags_count":13,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Gokul595%2Fapi_guard","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Gokul595%2Fapi_guard/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Gokul595%2Fapi_guard/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Gokul595%2Fapi_guard/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Gokul595","download_url":"https://codeload.github.com/Gokul595/api_guard/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":226138849,"owners_count":17579496,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","api-auth","api-authentication","api-guard","authentication","jwt","rails","rails-api","rails-auth","rails-authentication","rails-gem","rails-plugins","ruby","ruby-jwt","ruby-on-rails"],"created_at":"2024-08-06T08:01:59.208Z","updated_at":"2024-11-24T07:31:18.143Z","avatar_url":"https://github.com/Gokul595.png","language":"Ruby","readme":"# API Guard\n\n[![Version](https://img.shields.io/gem/v/api_guard.svg?color=green)](https://rubygems.org/gems/api_guard)\n[![Build Status](https://github.com/Gokul595/api_guard/workflows/build-master/badge.svg?branch=master)](https://github.com/Gokul595/api_guard/actions?query=workflow%3Abuild-master)\n[![Maintainability](https://api.codeclimate.com/v1/badges/ced3e74a26a66ed915cb/maintainability)](https://codeclimate.com/github/Gokul595/api_guard/maintainability)\n\n\n[JSON Web Token (JWT)](https://jwt.io/) based authentication solution with token refreshing \u0026 blacklisting for APIs \nbuilt on Rails.\n\nThis is built using [Ruby JWT](https://github.com/jwt/ruby-jwt) gem. Currently API Guard supports only HS256 algorithm \nfor cryptographic signing.\n\n## Table of Contents\n\n* [Installation](#installation)\n* [Getting Started](#getting-started)\n    * [Creating User model](#creating-user-model)\n    * [Configuring Routes](#configuring-routes)\n    * [Registration](#registration)\n    * [Sign In (Getting JWT access token)](#sign-in-getting-jwt-access-token)\n    * [Authenticate API Request](#authenticate-api-request)\n    * [Refresh access token](#refresh-access-token)\n    * [Change password](#change-password)\n    * [Sign out](#sign-out)\n    * [Delete Account](#delete-account)\n* [Configuration](#configuration)\n    * [Default configuration](#default-configuration)\n    * [Access token validity](#access-token-validity)\n    * [Access token signing secret](#access-token-signing-secret)\n    * [Invalidate tokens on password change](#invalidate-tokens-on-password-change)\n    * [Token refreshing](#token-refreshing)\n    * [Token blacklisting](#token-blacklisting)\n* [Overriding defaults](#overriding-defaults)\n    * [Controllers](#controllers)\n    * [Routes](#routes)\n    * [Adding custom data in JWT token payload](#adding-custom-data-in-jwt-token-payload)\n    * [Override finding resource](#override-finding-resource)\n    * [Customizing / translating response messages using I18n](#customizing--translating-response-messages-using-i18n)\n* [Testing](#testing)\n* [Wiki](https://github.com/Gokul595/api_guard/wiki)\n    * [Using API Guard with Devise](https://github.com/Gokul595/api_guard/wiki/Using-API-Guard-with-Devise)\n* [Contributing](#contributing)\n* [License](#license)\n\n\n## Installation\nAdd this line to your application's Gemfile:\n\n```ruby\ngem 'api_guard'\n```\n\nAnd then execute in your terminal:\n```bash\n$ bundle install\n```\n\nOr install it yourself as:\n```bash\n$ gem install api_guard\n```\n\n## Getting Started\n\nBelow steps are provided assuming the model in `User`.\n\n### Creating User model\n\nCreate a model for User with below command.\n\n```bash\n$ rails generate model user name:string email:string:uniq password_digest:string\n```\n\nThen, run migration to create the `users` table.\n\n```bash\n$ rails db:migrate\n```\n\nAdd [has_secure_password](https://api.rubyonrails.org/classes/ActiveModel/SecurePassword/ClassMethods.html#method-i-has_secure_password) \nin `User` model for password authentication. \n\n\u003e Refer [this Wiki](https://github.com/Gokul595/api_guard/wiki/Using-API-Guard-with-Devise#authentication) for configuring API Guard authentication to work with Devise instead of using `has_secure_password`.\n\n```ruby\nclass User \u003c ApplicationRecord\n  has_secure_password\nend\n```\n\nThen, add `bcrypt` gem in your Gemfile which is used by \n[has_secure_password](https://api.rubyonrails.org/classes/ActiveModel/SecurePassword/ClassMethods.html#method-i-has_secure_password)\nfor encrypting password and authentication.\n\n```ruby\ngem 'bcrypt', '~\u003e 3.1.7'\n```\n\nAnd then execute in your terminal:\n\n```bash\n$ bundle install\n```\n\n### Configuring Routes\n\nAdd this line to the application routes (`config/routes.rb`) file:\n\n```ruby\napi_guard_routes for: 'users'\n``` \n\nThis will generate default routes such as sign up, sign in, sign out, token refresh, password change for User.\n\n\u003e Refer [this Wiki](https://github.com/Gokul595/api_guard/wiki/Using-API-Guard-with-Devise#routes) for configuring API Guard routes to work with Devise.\n\n### Registration\n\nThis will create an user and responds with access token, refresh token and access token expiry in the response header.\n\nExample request:\n\n```\n# URL\nPOST \"/users/sign_up\"\n\n# Request body\n{\n    \"email\": \"user@apiguard.com\",\n    \"password\": \"api_password\",\n    \"password_confirmation\": \"api_password\"\n}\n```\n\nExample response body:\n\n```json\n{\n    \"status\": \"success\",\n    \"message\": \"Signed up successfully\"\n}\n```\n\nExample response headers:\n\n```\nAccess-Token: eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE1NDY3MDgwMjAsImlhdCI6MTU0NjcwNjIyMH0.F_JM7fUcKEAq9ZxXMxNb3Os-WeY-tuRYQnKXr_bWo5E\nRefresh-Token: Iy9s0S4Lf7Xh9MbFFBdxkw\nExpire-At: 1546708020\n```\n\nThe access token will only be valid till the expiry time. After the expiry you need to \n[refresh the token](#refresh-access-token) and get new access token and refresh token.\n\nYou can customize the parameters of this API by [overriding the controller](#controllers) code if needed.\n\n### Sign In (Getting JWT access token)\n\nThis will authenticate the user with email and password and respond with access token, refresh token and access token \nexpiry in the response header.\n\n\u003eTo make this work, the resource model (User) should have an `authenticate` method as available in \n[has_secure_password](https://api.rubyonrails.org/classes/ActiveModel/SecurePassword/ClassMethods.html#method-i-has_secure_password). \nYou can use [has_secure_password](https://api.rubyonrails.org/classes/ActiveModel/SecurePassword/ClassMethods.html#method-i-has_secure_password) \nor your own logic to authenticate the user in `authenticate` method.\n\nExample request:\n\n```\n# URL\nPOST \"/users/sign_in\"\n\n# Request body\n{\n    \"email\": \"user@apiguard.com\",\n    \"password\": \"api_password\"\n}\n```\n\nExample response body:\n\n```json\n{\n    \"status\": \"success\",\n    \"message\": \"Signed in successfully\"\n}\n```\n\nExample response headers:\n\nThe response headers for this request will be same as [registration API](#registration).\n\nYou can customize the parameters of this API by [overriding the controller](#controllers) code if needed.\n\n### Authenticate API Request\n\nTo authenticate the API request just add this before_action in the controller:\n\n```ruby\nbefore_action :authenticate_and_set_user\n```\n\n\u003e**Note:** It is possible to authenticate with more than one resource, e.g. `authenticate_and_set_user_or_admin` will permit tokens issued for users or admins.\n\nSend the access token got in sign in API in the Authorization header in the API request as below. \nAlso, make sure you add \"Bearer\" before the access token in the header value.\n\n```\nAuthorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE1NDY3MDgwMjAsImlhdCI6MTU0NjcwNjIyMH0.F_JM7fUcKEAq9ZxXMxNb3Os-WeY-tuRYQnKXr_bWo5E\n```\n\nThen, you can get the current authenticated user using below method:\n\n```ruby\ncurrent_user\n```\n\nand also, using below instance variable:\n\n```ruby\n@current_user\n```\n\n\u003e**Note:** Replace `_user` with your model name if your model is not User.\n\n### Refresh access token\n\nThis will work only if token refreshing configured for the resource.\nPlease see [token refreshing](#token-refreshing) for details about configuring token refreshing.\n\nOnce the access token expires it won't work and the `authenticate_and_set_user` method used in before_action in \ncontroller will respond with 401 (Unauthenticated). \n\nTo refresh the expired access token and get new access and refresh token you can use this request \nwith both access token and request token (which you got in sign in API) in the request header. \n\nExample request:\n\n```\n# URL\nPOST \"/users/tokens\"\n\n# Request header\nAuthorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE1NDY3MDgwMjAsImlhdCI6MTU0NjcwNjIyMH0.F_JM7fUcKEAq9ZxXMxNb3Os-WeY-tuRYQnKXr_bWo5E\nRefresh-Token: Iy9s0S4Lf7Xh9MbFFBdxkw\n```\n\nExample response body:\n\n```json\n{\n    \"status\": \"success\",\n    \"message\": \"Token refreshed successfully\"\n}\n```\n\nExample response headers:\n\nThe response headers for this request will be same as [registration API](#registration).\n\n### Change password\n\nTo change password of an user you can use this request with the access token in the header and new \npassword in the body.\n\nBy default, changing password will invalidate all old access tokens and refresh tokens generated for this user and \nresponds with new access token and refresh token. \n\nExample request:\n\n```\n# URL\nPATCH \"/users/passwords\"\n\n# Request header\nAuthorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE1NDY3MDgwMjAsImlhdCI6MTU0NjcwNjIyMH0.F_JM7fUcKEAq9ZxXMxNb3Os-WeY-tuRYQnKXr_bWo5E\n\n# Request body\n{\n    \"password\": \"api_password_new\",\n    \"password_confirmation\": \"api_password_new\"\n}\n```\n\nExample response body:\n\n```json\n{\n    \"status\": \"success\",\n    \"message\": \"Password changed successfully\"\n}\n```\n\nExample response headers:\n\nThe response headers for this request will be same as [registration API](#registration).\n\n### Sign out\n\nYou can use this request to sign out an user. This will blacklist the current access token from future use if \n[token blacklisting](#token-blacklisting) configured.\n\nExample request:\n\n```\n# URL\nDELETE \"/users/sign_out\"\n\n# Request header\nAuthorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE1NDY3MDgwMjAsImlhdCI6MTU0NjcwNjIyMH0.F_JM7fUcKEAq9ZxXMxNb3Os-WeY-tuRYQnKXr_bWo5E\n```\n\nExample response:\n\n```json\n{\n    \"status\": \"success\",\n    \"message\": \"Signed out successfully\"\n}\n```\n\n### Delete account\n\nYou can use this request to delete an user. This will delete the user and its associated refresh tokens.\n\nExample request:\n\n```\n# URL\nDELETE \"/users/delete\"\n\n# Request header\nAuthorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxLCJleHAiOjE1NDY3MDgwMjAsImlhdCI6MTU0NjcwNjIyMH0.F_JM7fUcKEAq9ZxXMxNb3Os-WeY-tuRYQnKXr_bWo5E\n```\n\nExample response:\n\n```json\n{\n    \"status\": \"success\",\n    \"message\": \"Account deleted successfully\"\n}\n```\n\n## Configuration\n\nTo configure the API Guard you need to first create an initializer using\n\n```bash\n$ rails generate api_guard:initializer\n```\n\nThis will generate an initializer named **api_guard.rb** in your app **config/initializers** directory with default \nconfigurations.\n\n### Default configuration\n\n**config/initializers/api_guard.rb**\n\n```ruby\nApiGuard.setup do |config|\n  # Validity of the JWT access token\n  # Default: 1 day\n  # config.token_validity = 1.day\n\n  # Validity of the refresh token\n  # Default: 2 weeks\n  # config.refresh_token_validity = 2.weeks\n\n  # Secret key for signing (encoding \u0026 decoding) the JWT access token\n  # Default: 'secret_key_base' from Rails secrets \n  # config.token_signing_secret = 'my_signing_secret'\n\n  # Invalidate old tokens on changing the password\n  # Default: false\n  # config.invalidate_old_tokens_on_password_change = false\n\n  # Blacklist JWT access token after refreshing\n  # Default: false\n  # config.blacklist_token_after_refreshing = false\nend\n```\n\n### Access token validity\n\nBy default, the validity of the JWT access token is 1 day from the creation. Override this by configuring `token_validity`\n\n```ruby\nconfig.token_validity = 1.hour # Set one hour validity for access tokens\n```\n\nOn accessing the authenticated API with expired access token, API Guard will respond 401 (Unauthenticated) with message \n\"Access token expired\".\n\n\n### Refresh token validity\n\nBy default, the validity of the refresh token is 2 weeks from the creation. Override this by configuring `refresh_token_validity`\n\n```ruby\nconfig.refresh_token_validity = 6.hours # Set six hours validity for refresh tokens\n```\n\nOn accessing the refresh token API with expired refresh token, API Guard will respond 401 (Unauthenticated) with message \n\"Invalid refresh token\".\n\n### Access token signing secret\n\nBy default, the `secret_key_base` from the Rails secrets will be used for signing (encoding \u0026 decoding) the JWT access token.\nOverride this by configuring `token_signing_secret`\n\n```ruby\nconfig.token_signing_secret = 'my_signing_secret'\n```\n\n\u003e**Note:** Avoid committing this token signing secret in your version control (GIT) and always keep this secure. As,\n\u003eexposing this allow anyone to generate JWT access token and give full access to APIs. Better way is storing this value\n\u003ein environment variable or in encrypted secrets (Rails 5.2+)\n\n### Invalidate tokens on password change\n\nBy default, API Guard will not invalidate old JWT access tokens on changing password. If you need, you can enable it by \nconfiguring `invalidate_old_tokens_on_password_change` to `true`.\n\n\u003e**Note:** To make this work, a column named `token_issued_at` with datatype `datetime` is needed in the resource table.\n\n```ruby\nconfig.invalidate_old_tokens_on_password_change = true\n```\n\nIf your app allows multiple logins then, you must set this value to `true` so that, this prevent access for all logins \n(access tokens) on changing the password.\n\n### Token refreshing\n\nTo include token refreshing in your application you need to create a table to store the refresh tokens.\n\nUse below command to create a model `RefeshToken` with columns to store the token and the user reference\n\n```bash\n$ rails generate model refresh_token token:string:uniq user:references expire_at:datetime\n```\n\nThen, run migration to create the `refresh_tokens` table\n\n```bash\n$ rails db:migrate\n```\n\n\u003e**Note:** Replace `user` in the above command with your model name if your model is not User.\n\nAfter creating model and table for refresh token configure the association in the resource model using\n`api_guard_associations` method\n\n```ruby\nclass User \u003c ApplicationRecord\n  api_guard_associations refresh_token: 'refresh_tokens'\n  has_many :refresh_tokens, dependent: :delete_all\nend\n```\n\nIf you also have token blacklisting enabled you need to specify both associations as below\n\n```ruby\napi_guard_associations refresh_token: 'refresh_tokens', blacklisted_token: 'blacklisted_tokens'\n```\n\n### Token blacklisting\n\nTo include token blacklisting in your application you need to create a table to store the blacklisted tokens. This will be \nused to blacklist a JWT access token from future use. The access token will be blacklisted on successful sign out of the \nresource.\n\nUse below command to create a model `BlacklistedToken` with columns to store the token and the user reference\n\n```bash\n$ rails generate model blacklisted_token token:string user:references expire_at:datetime\n```\n\nThen, run migration to create the `blacklisted_tokens` table\n\n```bash\n$ rails db:migrate\n```\n\n\u003e**Note:** Replace `user` in the above command with your model name if your model is not User.\n\nAfter creating model and table for blacklisted token configure the association in the resource model using \n`api_guard_associations` method\n\n```ruby\nclass User \u003c ApplicationRecord\n  api_guard_associations blacklisted_token: 'blacklisted_tokens'\n  has_many :blacklisted_tokens, dependent: :delete_all\nend\n```\n\nIf you also have token refreshing enabled you need to specify both associations as below\n\n```ruby\napi_guard_associations refresh_token: 'refresh_tokens', blacklisted_token: 'blacklisted_tokens'\n```\n\nAnd, as this creates rows in `blacklisted_tokens` table you need to have a mechanism to delete the expired blacklisted \ntokens to prevent this table from growing. One option is to have a CRON job to run a task daily that deletes the \nblacklisted tokens that are expired i.e. `expire_at \u003c DateTime.now`.\n\n**Blacklisting after refreshing token**\n\nBy default, the JWT access token will not be blacklisted on refreshing the JWT access token. To enable this, you can \nconfigure it in API Guard initializer as below,\n\n```ruby\nconfig.blacklist_token_after_refreshing = true\n```\n\n## Overriding defaults\n\n### Controllers\n\nYou can override the default API Guard controllers and customize the code as your need by generating the controllers in \nyour app\n\n```bash\n$ rails generate api_guard:controllers users\n```\n\nIn above command `users` is the scope of the controllers. If needed, you can replace `users` with your own scope.\n\nThis will generate all default controllers for `users` in the directory **app/controllers/users**.\n\nThen, configure this controller in the routes\n\n```ruby\napi_guard_routes for: 'users', controller: {\n  registration: 'users/registration',\n  authentication: 'users/authentication',\n  passwords: 'users/passwords',\n  tokens: 'users/tokens'\n}\n```\n\nYou can also specify the controllers that you need to generate using `-c` or `--controllers` option.\n\n```bash\n$ rails generate api_guard:controllers users -c registration authentication\n```\n\n\u003e**Available controllers:** registration, authentication, tokens, passwords\n\n### Routes\n\nYou can skip specific controller routes generated by API Guard\n\n```ruby\napi_guard_routes for: 'users', except: [:registration]\n```\n\nAbove config will skip registration related API Guard controller routes for the resource user.\n\n\nYou can also specify only the controller routes you need,\n\n```ruby\napi_guard_routes for: 'users', only: [:authentication]\n```\n\n\u003e**Available controllers:** registration, authentication, tokens, passwords\n\n**Customizing the route path:**\n\nYou can customize the path of the default routes of the API Guard using the `api_guard_scope` as below,\n\n```ruby\napi_guard_routes for: 'users', except: [:registration]\n\napi_guard_scope 'users' do\n  post 'account/create' =\u003e 'api_guard/registration#create'\n  delete 'account/delete' =\u003e 'api_guard/registration#destroy'\nend\n```\n\nAbove configuration will replace default registration routes `users/sign_up` \u0026 `users/delete` with `account/create` \u0026 \n`account/delete`\n\n### Adding custom data in JWT token payload\n\nYou can add custom data in the JWT token payload in the format of Hash and use the data after decoding the token on \nevery request.\n\nTo add custom data, you need to create an instance method `jwt_token_payload` in the resource model as below which \nshould return a Hash,\n\n```ruby\nclass User \u003c ApplicationRecord\n  def jwt_token_payload\n    { custom_key: 'value' }\n  end\nend\n```\n\nAPI Guard will add the hash returned by this method to the JWT token payload in addition to the default payload values. \nThis data (including default payload values) will be available in the instance variable `@decoded_token` on each request \nif the token has been successfully decoded. You can access the values as below,\n\n```ruby\n@decoded_token[:custom_key]\n```\n\n### Override finding resource\n\nBy default, API Guard will try to find the resource by it's `id`. If you wish to override this default behavior, you can\ndo it by creating a method `find_resource_from_token` in the specific controller or in `ApplicationController` as you \nneed.\n\n**Adding custom logic in addition to the default logic:**\n```ruby\ndef find_resource_from_token(resource_class)\n  user = super # This will call the actual method defined in API Guard\n  user if user\u0026.active?\nend\n```\n\n**Using custom query to find the user from the token:**\n```ruby\ndef find_resource_from_token(resource_class)\n  resource_id = @decoded_token[:\"#{@resource_name}_id\"]\n  resource_class.find_by(id: resource_id, status: 'active') if resource_id\nend\n```\n\nThis method has an argument `resource_class` which is the class (model) of the current resource (`User`).\nThis method should return a resource object to successfully authenticate the request or `nil` to respond with 401.\n\nYou can also use the [custom data](#adding-custom-data-in-jwt-token-payload) added in the JWT token payload using \n`@decoded_token` instance variable and customize the logic as you need.\n\n### Customizing / translating response messages using I18n\n\nAPI Guard uses [I18n](https://guides.rubyonrails.org/i18n.html) for success and error messages. You can create your own \nlocale file and customize the messages for any language.\n\n```yaml\nen:\n  api_guard:\n    authentication:\n      signed_in: 'Signed in successfully'\n      signed_out: 'Signed out successfully'\n```\n\nYou can find the complete list of available keys in this file:\nhttps://github.com/Gokul595/api_guard/blob/master/config/locales/en.yml\n\n## Testing\n\nAPI Guard comes with helper for creating JWT access token and refresh token for the resource which you can use it for \ntesting the controllers of your application.\n\nFor using it, just include the helper in your test framework.\n\n**RSpec**\n\nIf you're using RSpec as your test framework then include the helper in **spec/rails_helper.rb** file\n\n```ruby\nRSpec.configure do |config|\n  config.include ApiGuard::Test::ControllerHelper\nend\n```\n\n**Minitest**\n\nIf you're using Minitest as your test framework then include the helper in your test file\n\n```ruby\ninclude ApiGuard::Test::ControllerHelper\n```\n\nAfter including the helper, you can use this method to create the JWT access token and refresh token for the resource\n\n```ruby\njwt_and_refresh_token(user, 'user')\n```\n\nWhere the first argument is the resource(User) object and the second argument is the resource name which is `user`. \n\nThis method will return two values which is access token and refresh token.\n\nIf you need expired JWT access token for testing you can pass the third optional argument value as `true`\n\n```ruby\njwt_and_refresh_token(user, 'user', true)\n```\n\nThen, you can set the access token and refresh token in appropriate request header on each test request.\n\n## Contributing\n\nBug reports and pull requests are welcome on GitHub at https://github.com/Gokul595/api_guard. \nThis project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to \nthe [Contributor Covenant](http://contributor-covenant.org) code of conduct.\n\n## License\n\nThe gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).\n\n","funding_links":["https://www.paypal.me/gokul595"],"categories":["Ruby","Authentication and OAuth"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FGokul595%2Fapi_guard","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FGokul595%2Fapi_guard","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FGokul595%2Fapi_guard/lists"}