Step 1. Install Rails 5
gem install rails --version 5.0.0
Step 2. Create a new Rails 5 API and start it up
Now we're going to generate a new Rails app with the --api flag (see Using Rails for API-only Applications on the Rails Guides)
Step 3. Create a new /api route
Use the rails generator to create a new controller
in controllers/api_controller.rb add a method:
in config/routes.rb create a new route to hit that controller method
Step 4. Create a post route that creates a JWT
First, let's grab the ruby jwt gem:
gem 'jwt' in your Gemfile, kill your server, run
bundle install and restart your server
Edit your api_controller.rb to include the jwt gem:
Now, similar to the node.js / express implementation we're going to create a route that can be POSTed to.
In controllers/api_controller create a new method called login
Don't forget to create a route to listen for a POST in config/routes.rb
Step 5. POST to your route and get a token
Start up Postman and send a POST request to http://localhost:3000/api/login. You should receive a token. Copy that token. You'll use it in a second.
Step 6. Create a protected route
Now we need to create a route that needs a verified token in order to continue.
In config/routes.rb create a new protected route:
And in your controller create a method called secret, as well as a helper method to strip out the token from the Authorization header.
Step 7. Test it out!
- Open up Postman, get a token by sending a POST request to /api/login
- Create a GET request to /api/secret with an "Authorization" header with a value of "Bearer yourtoken.goes.here"
And that's it! Use that token for every request you make from your front-end code, and your API will be able to decode the token, realize which user is requesting the resource, and act accordingly. If you want to store more on the token (ie, the user's role), go for it.