Skip to content

Instantly share code, notes, and snippets.

@bswinnerton
Last active September 3, 2015 21:16
Embed
What would you like to do?
################################################################################
# On Authorization Server #
################################################################################
require 'openssl'
require 'jwt'
SIGNING_ALGORITHM = 'RS256'
KEY = OpenSSL::PKey::RSA.generate(2048)
# To be stored in ChurchKey (and ChurchKey only)
PRIVATE_KEY = KEY
# To be stored in any consumers of JWT
PUBLIC_KEY = KEY.public_key
# User has authenticated: we know who they are
authenticating_user = User.find_by(email: 'brooks@generalassemb.ly')
# Authorizatin Server (doorkeeper) signs a JWT
key = JWT.encode(
{user_guid: authenticating_user.id},
PRIVATE_KEY,
SIGNING_ALGORITHM
)
################################################################################
# On Resource Server #
################################################################################
require 'openssl'
require 'jwt'
exported_key = '' # Stolen from above
PUBLIC_KEY = OpenSSL::PKey::RSA.new(exported_key)
jwt = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2d1aWQiOjcxMDA0fQ.3mLlVd_CI4MsPAWSYLtr8u3k7ve658intaBg4kJzMVQ'
deserialized_jwt = JWT.decode(jwt, PUBLIC_KEY)
#=> [{"user_guid"=>71004}, {"typ"=>"JWT", "alg"=>"HS256"}]
current_user = deserialized_jwt.first.fetch('user_guid')
#=> profit.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment