DMAO-WardenJWT 0.2.0 → 0.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +31 -8
- data/lib/DMAO/WardenJWT/strategy.rb +1 -1
- data/lib/DMAO/WardenJWT/version.rb +2 -2
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 2a14436fd64a92c2d7974536611ef7d32f80c4e6
|
4
|
+
data.tar.gz: 2b70e9034bdce68159aae057aaf500b785886484
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: d7bb07942951266b14b81319f8a31f95456a1e2a138ea4868477268e9d14bc07b8b06c13ef1a06599a268525baaef1b4456ec5cfd9bd6dc24f32c00578cc99b2
|
7
|
+
data.tar.gz: 6c296c180c02e55f686f0e620e2860da4e433afd3f5c1aa351c87694a6f1c29f65ebd596043f837b7901fe343e15bcf53b1382d0c43e12df3db82eb3d894f5ee
|
data/README.md
CHANGED
@@ -1,15 +1,15 @@
|
|
1
|
-
# WardenJWT
|
1
|
+
# DMAO-WardenJWT
|
2
2
|
|
3
|
-
|
3
|
+
Warden Strategy for DMA Online JWT Authentication. Checks for a JWT (JSON Web Token) in either the Authorization header as a Bearer token or the get parameters of the request.
|
4
4
|
|
5
|
-
|
5
|
+
On successful authentication it returns an instance of DMAO::WardenJWT::User which has attributes and methods for checking the users institution as well as authenticated roles.
|
6
6
|
|
7
7
|
## Installation
|
8
8
|
|
9
9
|
Add this line to your application's Gemfile:
|
10
10
|
|
11
11
|
```ruby
|
12
|
-
gem 'WardenJWT'
|
12
|
+
gem 'DMAO-WardenJWT'
|
13
13
|
```
|
14
14
|
|
15
15
|
And then execute:
|
@@ -18,11 +18,35 @@ And then execute:
|
|
18
18
|
|
19
19
|
Or install it yourself as:
|
20
20
|
|
21
|
-
$ gem install WardenJWT
|
21
|
+
$ gem install Bundle-WardenJWT
|
22
22
|
|
23
23
|
## Usage
|
24
24
|
|
25
|
-
|
25
|
+
DMAO-WardenJWT requires the following environment variables to be set, this can be done using the [dotenv gem](https://rubygems.org/gems/dotenv).
|
26
|
+
|
27
|
+
| Environment Variable | Description |
|
28
|
+
| --- | --- |
|
29
|
+
| JWT_VERIFY_ISS | Boolean for whether to verify the token issuer (false allows for jwt_issuer to be nil) |
|
30
|
+
| JWT_VERIFY_AUD | Boolean for whether to verify the token audience (false allows for jwt_audience to be nil) |
|
31
|
+
| JWT_VERIFY_IAT | Boolean for whether to verify the issued at timestamp of the token |
|
32
|
+
| JWT_SECRET | The secret used to verify the integrity of the JWT (required) |
|
33
|
+
| JWT_ISSUER | The issuer of the JWT (required) |
|
34
|
+
| JWT_AUDIENCE | The audience for the JWT (required) |
|
35
|
+
| JWT_CUSTOM_CLAIMS_ATTRIBUTE | The name of the claim within the JWT to extract as the DMA Online custom claims (`dmao` is a sensible default) |
|
36
|
+
|
37
|
+
### Failure App
|
38
|
+
|
39
|
+
**DMAO-WardenJWT** does not define a failure app. Handling authentication failure should be handled within the service/application using this.
|
40
|
+
|
41
|
+
### Rails Usage
|
42
|
+
|
43
|
+
After including the gem add the following to `config/application.rb`. This is correct for using with Rails 5 when in API mode.
|
44
|
+
|
45
|
+
```ruby
|
46
|
+
config.middleware.insert_after Rack::ETag, Warden::Manager do |manager|
|
47
|
+
manager.default_strategies :jwt
|
48
|
+
end
|
49
|
+
```
|
26
50
|
|
27
51
|
## Development
|
28
52
|
|
@@ -32,10 +56,9 @@ To install this gem onto your local machine, run `bundle exec rake install`. To
|
|
32
56
|
|
33
57
|
## Contributing
|
34
58
|
|
35
|
-
Bug reports and pull requests are welcome on GitHub at https://github.com/
|
59
|
+
Bug reports and pull requests are welcome on GitHub at https://github.com/lulibrary/DMAO-WardenJWT.
|
36
60
|
|
37
61
|
|
38
62
|
## License
|
39
63
|
|
40
64
|
The gem is available as open source under the terms of the [MIT License](http://opensource.org/licenses/MIT).
|
41
|
-
|