Token Based Authentication API in Rails with the help of JWT and Knock

If you want to create Rails Application dependent on API only and you have a requirement to provide Token based authentication in your application. So you can use JWT+ KNOCK token based Authentication solution.

Knock is an authentication solution for Rails API-only application based on JSON Web Tokens.

JWT is JSON based web tokens.

Advantages of using JWT and Knock in Ruby on Rails Application:

  • JWT:

1. It is lightweight

2. It is easy to use

3. It is stateless

  • Knock:

1. Seamless JWT authentication for Rails API

2. It is easy to implement and maintain.

3. It allows customization.

Step 1: Create Rails API Project

rails new project_name --api -d mysql

where

# — api specifies the rails application is API based

# -d mysql specifies that we use mysql database in this application

Step 2 : Add gem

Add following gem into project_name/Gemfile

gem 'knock' 
gem 'jwt'

gem file looks like

Figure 1: Gemfile for JWT and Knock

Next to run command on terminal for installing gem in application.

bundle install

Step 3. Setup a basic Knock structure.

Run following command

rails generate knock:install 
rails generate knock:token_controller user

Now run the following commands to setup your Rails application.

rails generate model users 
rails generate controller users 
rails generate controller home

If you add custom model so you can do it

File Location: project_name/db/migrate/:random_number_create_users.rb

Figure 2: Migration File

Run following command to create User table

rake db:migrate

Step 4 . Authorization/Knock Setup:

File Location: project_name/config/initializers/knock.rb

Figure 3: Knock.rb file

Step 5. Setup your User model with some basic validation.

File Location: project_name/app/model/user.rb

Your user model look like this.

Figure 4: User.rb file

Now you can setup controller to access the Authentication.

Add include Knock::Authenticable

File Location: project_name/app/controller/application_controller.rb

Figure 4: Application Controller

Also each and every method call pass though knock authentication.

Add before_action :authentication_user, only[:auth]

Here auth is a method to check client is authorized.

In home controller there is index method and auth method for login.

File Location: project_name/app/controller/api/v1/home_controller.rb

Figure 6: Home Controller

File Location: project_name/app/controller/api/v1/users_controller.rb

In user controller there is index, current method for current user data and create method for creating new user. Also you can add update and delete method.

Add authentication on required method with help of authentication_user , authorize_as_admin, and authorize method.

Figure 7: User Controller

Final Step: Test API

We test API with help of Postman.

1. User creation API: API endpoint is http://localhost:3000/api/v1/users/create

We send parameter in body for user creation so that API method type POST. After calling API we get successful response with status 200 and and message “User was created ”.

After user creation we go to login API, but for application login we need a token so we need to call token API.

Figure 8: User create API

2. API Endpoint: http://localhost:3000/api/v1/user_token

For user token we need to send email id and password in body of method type POST.

If email id and password is valid to API we get jwt token from knock in response.

Great we now got token. With help of this we access knock authorized method.

Figure 9: User_token API

3. Login API:

API Endpoint: http://localhost:3000/api/vi1/auth

we sent jwt token in header of API and content type is applicationJson.

Authentication: Bearer jwt token

content type: : applicationJson.

If everything is OK, then we get successful response.

Figure 10: Login with jwt token

These two gems Knock + JWT can help us to develop token based API in Rails 5 very easily and will save the overall time required in Ruby on Rails development.