{"id":24345942,"url":"https://github.com/authrocket/authrocket-ruby","last_synced_at":"2025-12-24T22:46:58.462Z","repository":{"id":19257423,"uuid":"22493229","full_name":"authrocket/authrocket-ruby","owner":"authrocket","description":"AuthRocket client for Ruby","archived":false,"fork":false,"pushed_at":"2024-03-27T19:13:14.000Z","size":109,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-03T00:03:21.100Z","etag":null,"topics":["authentication","authrocket","rails","ruby"],"latest_commit_sha":null,"homepage":"","language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/authrocket.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2014-08-01T02:51:25.000Z","updated_at":"2022-01-24T19:32:14.000Z","dependencies_parsed_at":"2023-11-27T00:25:22.401Z","dependency_job_id":"1ecf217a-1d9b-4aa5-a546-1208f4603e6b","html_url":"https://github.com/authrocket/authrocket-ruby","commit_stats":{"total_commits":69,"total_committers":1,"mean_commits":69.0,"dds":0.0,"last_synced_commit":"0a71a1d6aa03b3066c3ae87ca0fcf3d3cec35eeb"},"previous_names":[],"tags_count":32,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authrocket%2Fauthrocket-ruby","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authrocket%2Fauthrocket-ruby/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authrocket%2Fauthrocket-ruby/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/authrocket%2Fauthrocket-ruby/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/authrocket","download_url":"https://codeload.github.com/authrocket/authrocket-ruby/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243132195,"owners_count":20241359,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","authrocket","rails","ruby"],"created_at":"2025-01-18T10:21:16.740Z","updated_at":"2025-11-11T18:32:40.363Z","avatar_url":"https://github.com/authrocket.png","language":"Ruby","funding_links":[],"categories":[],"sub_categories":[],"readme":"# AuthRocket\n\n[AuthRocket](https://authrocket.com/) provides Auth as a Service, making it quick and easy to add signups, logins, social auth, a full user management UI, and much more to your app.\n\nThis gem works with both Rails and plain Ruby. It will auto-detect Rails and enable Rails-specific features as appropriate.\n\n\n\n## Usage - Rails\n\nAuthRocket includes a streamlined Rails integration that automatically handles logins and logouts. For a new app, we highly recommend this.\n\nNote: The streamlined integration requires Rails 4.2+.\n\nTo your Gemfile, add:\n\n    gem 'authrocket', require: 'authrocket/rails'\n\nThen ensure the following environment variable is set:\n\n    LOGINROCKET_URL    = https://sample.e2.loginrocket.com/\n\nIf you've changed the default JWT key type to HS256, you'll also need this variable:\n\n    AUTHROCKET_JWT_KEY = jsk_SAMPLE\n\nIf you plan to access the AuthRocket API as well, you'll need these variables too:\n\n    AUTHROCKET_API_KEY = ks_SAMPLE\n    AUTHROCKET_URL     = https://api-e2.authrocket.com/v2\n    AUTHROCKET_REALM   = rl_SAMPLE   # optional\n    \nFinally, add a `before_action` command to any/all controllers or actions that should require a login.\n\nFor example, to protect your entire app:\n\n    class ApplicationController \u003c ActionController::Base\n      before_action :require_login\n    end\n\nSelectively exempt certain actions or controllers using the standard `skip_before_action` method:\n\n    class ContactUsController \u003c ApplicationController\n      skip_before_action :require_login, only: [:new, :create]\n    end\n\nHelpers are provided to create login, signup, and logout links, as well as for users to manage their profile:\n\n    \u003c%= link_to 'Login', ar_login_url %\u003e\n    \u003c%= link_to 'Signup', ar_signup_url %\u003e\n    \u003c%= link_to 'Logout', logout_path %\u003e\n    \u003c%= link_to 'Manage Profile', ar_profile_url %\u003e\n\nBoth the current Session and User are available to your controllers and views:\n\n    current_session # =\u003e AuthRocket::Session\n    current_user    # =\u003e AuthRocket::User\n\nThe current Membership and Org (account) are accessible through those helpers as well.\n\n    current_membership\n    current_org\n\nIf a user is a member of more than one org (account), `current_membership` and `current_org` will be reflect the currently selected account. Additional helpers are available to provide appropriate links to your users:\n\n    \u003c%= link_to 'Manage current account', ar_account_url %\u003e\n    \u003c%= link_to 'Switch accounts', ar_accounts_url %\u003e\n\nSee below for customization details.\n\n\n\n## Usage - everywhere else\n\nIf you aren't using Rails, or if the streamlined integration above is too opinionated, use the gem without the extra Rails integration.\n\nIn your Gemfile, add:\n\n    gem 'authrocket'\n\nThen set the following environment variables:\n\n    # If accessing the AuthRocket API:\n    AUTHROCKET_API_KEY = ks_SAMPLE\n    AUTHROCKET_URL     = https://api-e2.authrocket.com/v2 # must match your account's provisioned cluster\n    AUTHROCKET_REALM   = rl_SAMPLE   # optional\n    #\n    # If using JWT-verification of AuthRocket's login tokens:\n    AUTHROCKET_JWT_KEY = SAMPLE\n\n\n\n\n## Configuration\n\nBy default, AuthRocket automatically loads credentials from environment variables. This is optimal for any 12-factor deployment. Supported variables are:\n\n`AUTHROCKET_API_KEY = ks_SAMPLE`\nYour AuthRocket API key. Required to use the API (but not if only performing JWT verification of login tokens).\n\n`AUTHROCKET_JWT_KEY = SAMPLE`\nUsed to perform JWT signing verification of login tokens. Not required if validating all tokens using the API instead. Also not required if LOGINROCKET_URL is set and RS256 keys are being used, as public keys will be auto-retrieved. This is a realm-specific value, so like `AUTHROCKET_REALM`, set it on a per-use basis if using multiple realms.\n\n`AUTHROCKET_REALM = rl_SAMPLE`\nSets an application-wide default realm ID. If you're using a single realm, this is definitely easiest. Certain multi-tenant apps might use multiple realms. In this case, don't set this globally, but include it as part of the `:credentials` set for each API method.\n\n`AUTHROCKET_URL = https://api-e2.authrocket.com/v2`\nThe URL of the AuthRocket API server. This may vary depending on which cluster your service is provisioned on.\n\n`LOGINROCKET_URL = https://SAMPLE.e2.loginrocket.com/`\nThe LoginRocket URL for your Connected App. Used by the streamlined Rails integration (for redirects) and for auto-retrieval of RS256 JWT keys (if AUTHROCKET_JWT_KEY is not set). If your app uses multiple realms, you'll need to handle this on your own. If you're using a custom domain, this will be that domain and will not contain 'loginrocket.com'.\n\n\nIt's also possible to configure AuthRocket using a Rails initializer (or other initialization code). \n\n    AuthRocket::Api.credentials = {\n      api_key: 'ks_SAMPLE',\n      jwt_key: 'SAMPLE',\n      loginrocket_url: 'https://sample.e2.loginrocket.com/',\n      realm: 'rl_SAMPLE',\n      url: 'https://api-e2.authrocket.com/v2'\n    }\n\n\n\n## Customizing the Rails integration\n\nThe built-in Rails integration tries to handle as much for you as possible. However, there may be times when you wish to modify the default behavior.\n\n\n#### Logins\n\nThe Rails integration handles logins on any path by detecting the presence of `?token=...`. It will process the login and then immediately redirect back to the same path without `?token=`. This helps prevent browsers and bookmarks from accidentally saving or caching the login token.\n\nLikewise, the built-in handler for `before_action :require_login` will automatically redirect to LoginRocket when the user is not currently logged in. `?redirect_uri=\u003ccurrent_path\u003e` will be automatically included so that the user returns to the same place post-login. You can override this behavior by replacing `before_login`.\n\n    # For example, to force the user to always return to \"/manage\":\n    def require_login\n      unless current_session\n        redirect_to ar_login_url(redirect_uri: \"/manage\"), allow_other_host: true\n      end\n    end\n\nAuthRocket will verify the domain + path to redirect to. You can configure this at Realm -\u003e Settings -\u003e Connected Apps -\u003e (edit) -\u003e Login URLs. The first URL listed will be the default, so it should generally match your \"just logged in\" path.\n\nPaths are validated as \"equal or more specific\". That is, if Login URLs contains \"https://my.app/manage\", then any path starting with \"/manage\" will be allowed, but \"/other\" will not be allowed. If you want to allow any path at your domain, add \"https://my.app/\" (since \"/\" will match any path).\n\n\n#### Logouts\n\n##### The default post-logout path\n\nUpon logout, the user will be returned to the root path (\"/\").\n\nThis default path may be changed using an initializer. Create/edit `config/initializers/authrocket.rb` and add:\n\n    AuthRocket::Api.post_logout_path = '/other'\n\n\n##### /logout route\n\nThe default route for logout is `/logout`. To override it, add an initializer for AuthRocket (eg: `config/initializers/authrocket.rb`) and add:\n\n    AuthRocket::Api.use_default_routes = false\n\nThen add your own route to `config/routes.rb`:\n\n    get 'mylogout' =\u003e 'logins#logout'\n\n\n##### The logout action\n\nAuthRocket's default login controller automatically sets a logout message using `flash`.\n\nYou may customize this, or other logout behavior, by creating your own LoginsController and inheriting from AuthRocket's controller:\n\n    class LoginsController \u003c AuthRocket::ArController\n      def logout\n        super\n        flash[:notice] = 'You have been logged out.'\n      end\n    end\n\nIf you wish to replace all of the login logic, create a new controller that doesn't inherit from `AuthRocket::ArController` (and also override the routes, as per above). You may wish to look at `ArController` as a reference.\n\n\n\n## Verifying login tokens\n\nIf you're not using the streamlined Rails integration, you'll need to verify login tokens on your own (unless you're using the API to authenticate directly).\n\n\n#### JWT verification\n\nAuthRocket's login tokens use the JWT standard and are cryptographically signed. Verifying the signature is extremely fast. Here's an example:\n\n    def current_user\n      @_current_user ||= AuthRocket::Session.from_token(session[:ar_token])\u0026.user\n    end\n\n`from_token` returns `nil` if the token is missing, expired, or otherwise invalid.\n\n\n#### API verification\n\nAuthRocket also supports Managed Sessions, which enables you to enforce logouts, even across apps (single sign-out!). In this instance, the session is regularly verified using the AuthRocket API.\n\n    def current_user\n      @_current_user ||= AuthRocket::Session.retrieve(session[:ar_token], cache: {expires_in: 15.minutes})\u0026.user\n    end\n\nFor better performance (and to avoid API rate limits), you will want to cache the results of the API call for 3-15 minutes.\n\nIf using Rails, `Rails.cache` is used by default. Otherwise, you must configure a cache store for AuthRocket. In either case, see Caching below.\n\n\n#### Initial login\n\nEach of the above are designed for ongoing use. The initial login isn't going to be much different though. Here's an example login action:\n\n    def login\n      if params[:token]\n        if AuthRocket::Session.from_token(params[:token])\n          session[:ar_token] = params[:token]\n          redirect_to '/'\n          return\n        end\n      end\n      redirect_to AuthRocket::Api.credentials[:loginrocket_url], allow_other_host: true\n    end\n\n\n\n## Changing locales\n\nThe AuthRocket Core API supports multi-locale access. See the AuthRocket docs for the currently supported locales.\n\nIf you are using the streamlined Rails integration alongside LoginRocket, it may not be necessary to set the locale for API access. The locale is primarily used for generating localized error messages. This is only useful for API operations that might generate errors. When handling logins and signups via LoginRocket, LoginRocket will handle all of this for you.\n\nWhen the Accept-Language header is not sent, the AuthRocket Core API uses English.\n\n\n#### Global locale\n\nTo set a global locale for your app, add this to your AuthRocket initializer:\n\n    AuthRocket::Api.default_headers.merge!(\n      accept_language: 'en'\n    )\n\n\n#### Per-request locale\n\nIf your app supports multiple locales, then you'll likely want to set the locale on a per-request basis. Add a `headers: {accept_language: 'en'}` argument to relevant API calls:\n\n    AuthRocket::User.create(\n      email: 'jdoe@example.com',\n      password: 'secret!',\n      headers: {accept_language: 'en'}\n    )\n\n\n\n## Caching\n\nThe AuthRocket gem is capable of caching the results of GET requests. Since authentication and user data generally needs to be timely, this is opt-in on a per-request basis. The most common use is when validating sessions via the API.\n\nTo enable caching, a cache store must be configured. On Rails, `authrocket` automatically uses Rails.cache, so simply ensure that's setup appropriately.\n\nIf not using Rails (or if you wish to use a different cache store even when using Rails), add this to your AuthRocket initializer:\n\n    cache_options = {} # app specific\n    AuthRocket::Api.cache_store = RedisCacheStore.new(cache_options)\n\nAny Rails-compatible cache store should work.\n\nNext, enable the cache for specific API calls:\n\n    # To avoid caching for too long, it's recommended to set a specific expiration time.\n    AuthRocket::Session.retrieve(token, cache: {expires_in: 5.minutes})\n\n    # However, it's possible to leave out :expires_in and use the cache store's default.\n    # Warning: Ensure the cache store has a default expiration, otherwise cache entries\n    # will last forever!\n    AuthRocket::Session.retrieve(token, cache: {})   # These are identical\n    AuthRocket::Session.retrieve(token, cache: true)\n\n    # All options in cache: {...} are passed directly to the cache store, so anything\n    # supported by your cache store is valid.\n    AuthRocket::Session.retrieve(token, cache: {expires_in: 15.minutes, force: true})\n\n\n\n## Usage\n\nDocumentation is provided on our site:\n\n* [Rails Integration Guide](https://authrocket.com/docs/integration/rails)\n* [Ruby Integration Guide](https://authrocket.com/docs/integration/ruby)\n* [Ruby SDK Docs](https://authrocket.com/docs/sdks/ruby) (Expands on this README)\n* [API Docs with Ruby examples](https://authrocket.com/docs/api#core-api)\n\n\n\n## Contributing\n\n1. Fork it\n2. Create your feature branch (`git checkout -b my-new-feature`)\n3. Commit your changes (`git commit -am 'Add some feature'`)\n4. Push to the branch (`git push origin my-new-feature`)\n5. Create new Pull Request\n\n\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fauthrocket%2Fauthrocket-ruby","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fauthrocket%2Fauthrocket-ruby","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fauthrocket%2Fauthrocket-ruby/lists"}