Doorkeeper JWT adds JWT token support to the Doorkeeper OAuth library. Confirmed to work with Doorkeeper 2.2.x - 4.x. Untested with later versions of Doorkeeper.
gem 'doorkeeper'
Add this line to your application's Gemfile:
gem 'doorkeeper-jwt'
And then execute:
$ bundle
Or install it yourself as:
$ gem install doorkeeper-jwt
In your doorkeeper.rb
initializer add the follow to the Doorkeeper.configure
block:
access_token_generator '::Doorkeeper::JWT'
Then add a Doorkeeper::JWT.configure
block below the Doorkeeper.configure
block to set your JWT preferences.
Doorkeeper::JWT.configure do
# Set the payload for the JWT token. This should contain unique information
# about the user. Defaults to a randomly generated token in a hash:
# { token: "RANDOM-TOKEN" }
token_payload do |opts|
user = User.find(opts[:resource_owner_id])
{
iss: 'My App',
iat: Time.current.utc.to_i,
aud: opts[:application][:uid],
# @see JWT reserved claims - https://tools.ietf.org/html/draft-jones-json-web-token-07#page-7
jti: SecureRandom.uuid,
sub: user.id,
user: {
id: user.id,
email: user.email
}
}
end
# Optionally set additional headers for the JWT. See
# https://tools.ietf.org/html/rfc7515#section-4.1
# JWK can be used to automatically verify RS* tokens client-side if token's kid matches a public kid in /oauth/discovery/keys
# token_headers do |_opts|
# key = OpenSSL::PKey::RSA.new(File.read(File.join('path', 'to', 'file.pem')))
# { kid: JWT::JWK.new(key)[:kid] }
# end
# Use the application secret specified in the access grant token. Defaults to
# `false`. If you specify `use_application_secret true`, both `secret_key` and
# `secret_key_path` will be ignored.
use_application_secret false
# Set the signing secret. This would be shared with any other applications
# that should be able to verify the authenticity of the token. Defaults to "secret".
secret_key ENV['JWT_SECRET']
# If you want to use RS* algorithms specify the path to the RSA key to use for
# signing. If you specify a `secret_key_path` it will be used instead of
# `secret_key`.
secret_key_path File.join('path', 'to', 'file.pem')
# Specify cryptographic signing algorithm type (https://github.com/progrium/ruby-jwt). Defaults to
# `nil`.
signing_method :hs512
end
After checking out the repo, run bin/setup
to install dependencies. Then, run bin/console
for an interactive prompt
that will allow you to experiment.
To install this gem onto your local machine, run bundle exec rake install
. To release a new version, update the
version number in version.rb
, and then run bundle exec rake release
to create a git tag for the version, push git
commits and tags, and push the .gem
file to rubygems.org.
- Fork it (https://github.com/[my-github-username]/doorkeeper-jwt/fork)
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Add some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create a new Pull Request