Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/bookofgreg/doorkeeper-jwt-test
Doorkeeper + Devise + JWT
https://github.com/bookofgreg/doorkeeper-jwt-test
devise doorkeeper jwt oauth2 oauth2-server
Last synced: 2 days ago
JSON representation
Doorkeeper + Devise + JWT
- Host: GitHub
- URL: https://github.com/bookofgreg/doorkeeper-jwt-test
- Owner: BookOfGreg
- Created: 2018-05-23T23:16:44.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2023-03-08T19:50:40.000Z (almost 2 years ago)
- Last Synced: 2024-12-11T14:08:35.398Z (12 days ago)
- Topics: devise, doorkeeper, jwt, oauth2, oauth2-server
- Language: Ruby
- Homepage:
- Size: 77.1 KB
- Stars: 3
- Watchers: 2
- Forks: 0
- Open Issues: 6
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Doorkeeper-JWT-Test
## What?
This is an example repo combining Rails API with the Doorkeeper admin UI, making use of Devise for login pages, admin auth, and password flows. The Doorkeeper tokens issued are JWTs with a payload + header that looks like this:
```JSON
[{"iss": "account_service",
"iat": 1527438897,
"exp": 1527440097,
"jti": "add3ef92-a512-429b-a834-3a3523866cdd",
"sub": "account_service|1",
"expires_at": "2018-05-27T16:54:57Z",
"user": {"id": 1, "email": "[email protected]"}},
{"typ": "JWT", "alg": "HS512"}]
```## Why?
Firstly I wanted to understand what was needed for SSO/OAuth2/JWT combo to work in the modern age, secondly everything else had some shortcomings either in usability or flexibility.https://github.com/doorkeeper-gem/doorkeeper-devise-client
- Using old versions, no JWT
https://github.com/digivizer/warden-jwt
- Uses password flow strategyhttps://github.com/waiting-for-dev/warden-jwt_auth
- Is good but limits the JWT decode optionshttps://github.com/mbleigh/omniauth-jwt
- Expects HTTP based on redirects for flowhttps://github.com/betterup/devise-doorkeeper
- No JWT support## How?
I cobbled together examples from all the above + the JWT spec + Auth0 articles.
This is not a complete application and you shouldn't just drop it into your production env! YMMV, this is for reference only.