Skip to content

Instantly share code, notes, and snippets.

@bswinnerton

bswinnerton/jwt_with_shared_secret.rb

Last active September 3, 2015 21:16
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save bswinnerton/6b30d03e7a9e7ff04aea to your computer and use it in GitHub Desktop.
Save bswinnerton/6b30d03e7a9e7ff04aea to your computer and use it in GitHub Desktop.
Download ZIP
Raw
jwt_with_shared_secret.rb
################################################################################
# On Authorization Server #
################################################################################
require 'jwt'
SHARED_SECRET = 'kittens'
SIGNING_ALGORITHM = 'HS256'
# User has authenticated: we know who they are
authenticating_user = User.find_by(email: 'brooks@generalassemb.ly')
# Authorizatin Server (doorkeeper) signs a JWT
key = JWT.encode(
{user_guid: authenticating_user.id},
SHARED_SECRET,
SIGNING_ALGORITHM
)
#=> "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2d1aWQiOjcxMDA0fQ.3mLlVd_CI4MsPAWSYLtr8u3k7ve658intaBg4kJzMVQ"
################################################################################
# On Resource Server #
################################################################################
require 'jwt'
SHARED_SECRET = 'kittens'
jwt = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2d1aWQiOjcxMDA0fQ.3mLlVd_CI4MsPAWSYLtr8u3k7ve658intaBg4kJzMVQ'
deserialized_jwt = JWT.decode(jwt, SHARED_SECRET)
#=> [{"user_guid"=>71004}, {"typ"=>"JWT", "alg"=>"HS256"}]
current_user = User.find_by(user_guid: deserialized_jwt.first.fetch('user_guid'))
#=> profit.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment