verikloak-rails 0.3.0 → 0.3.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 76efc055243284fee1fae95dac5e73f8a50bbc128310ea255f7fe224b3188c89
-  data.tar.gz: 0c5b906c0e406192e698454efd12f526021c3c26a8100da49ed9a1f3d71e9823
+  metadata.gz: f7bac28bdf7982aa61a3512e8af5f213c550dd68556af1e96e0654a8033d8d0d
+  data.tar.gz: 926fe82895004cb6ee2dcc4c55fe3138dc879e08ef59bf94a31a6b634c379348
 SHA512:
-  metadata.gz: 52ae4d44b34d53dd247010d1af4371850ee811c92f38d505b0d775d99b7e3fb66a4c22471f4bc1ebf2c7634397c9da76c1aef811e11ecc2ad7745d95b6ef1070
-  data.tar.gz: a47b77285a47d8ce4092398d49d561586e874be1c4f98db2f6261bcd91b13e3bcfb3fd2283d8488a93be919321311c61f5e249ab758118f660fe04edd9e05d8b
+  metadata.gz: dc7cf3ca6c356a17d28744402b22b0e2118ab8ec0c33a2e230b34613db8b935ccae635fe11094916ae2a58bb255523162eccd1c93bb57f39498f977343a30348
+  data.tar.gz: ea2d296e2845db7d01b128ee573865279e89544b1068c0fd05d302e1f6618c62d6bf051c91fbf6eb05f629aa9ab224a86353c623f76114a962bedf321bb58e66

data/CHANGELOG.md

@@ -7,6 +7,25 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ---
 
+## [0.3.1] - 2026-01-01
+
+### Added
+- **API mode support**: `auto_include_controller` now automatically includes
+  `Verikloak::Rails::Controller` in both `ActionController::Base` and `ActionController::API`
+  - Rails API-only applications (`rails new myapp --api`) now work out of the box
+  - Skip logic prevents duplicate inclusion when controller already includes the concern
+
+### Changed
+- **Generator template improved**: `initializer.rb.erb` now includes:
+  - Descriptive comments for each configuration option
+  - ENV variable support for `auto_include_controller` (`VERIKLOAK_AUTO_INCLUDE`)
+  - ENV variable prefix changed from `VERIKLOAK_AUDIENCE` to `KEYCLOAK_AUDIENCE` for consistency
+
+### Documentation
+- README updated with API mode usage example
+
+---
+
 ## [0.3.0] - 2026-01-01
 
 ### Changed

data/README.md

@@ -108,6 +108,16 @@ class ApplicationController < ActionController::Base
 end
 ```
 
+### API Mode Support
+Both `ActionController::Base` and `ActionController::API` are supported. The controller concern is automatically included in both when `auto_include_controller` is enabled (default).
+
+```ruby
+# Works automatically with Rails API mode (rails new myapp --api)
+class ApplicationController < ActionController::API
+  # Verikloak::Rails::Controller is auto-included
+end
+```
+
 ## Middleware
 ### Inserted Middleware
 | Component | Inserted relative to | Purpose |

data/lib/generators/verikloak/install/templates/initializer.rb.erb

@@ -1,14 +1,29 @@
 # frozen_string_literal: true
 
 Rails.application.configure do
+  # Discovery URL (required)
   config.verikloak.discovery_url = ENV.fetch('KEYCLOAK_DISCOVERY_URL', nil)
-  config.verikloak.audience      = ENV.fetch('VERIKLOAK_AUDIENCE', 'rails-api')
-  config.verikloak.issuer        = ENV.fetch('VERIKLOAK_ISSUER', nil)
-  config.verikloak.leeway        = Integer(ENV.fetch('VERIKLOAK_LEEWAY', '60'))
-  config.verikloak.skip_paths    = %w[/up /health /rails/health]
 
+  # Audience validation (optional but recommended)
+  config.verikloak.audience = ENV.fetch('KEYCLOAK_AUDIENCE', 'rails-api')
+
+  # Issuer validation (optional, derived from discovery_url if not set)
+  config.verikloak.issuer = ENV.fetch('KEYCLOAK_ISSUER', nil)
+
+  # JWT clock skew tolerance in seconds
+  config.verikloak.leeway = Integer(ENV.fetch('VERIKLOAK_LEEWAY', '60'))
+
+  # Paths to skip authentication (health checks, etc.)
+  config.verikloak.skip_paths = %w[/up /health /rails/health]
+
+  # Request ID and subject in logs
   config.verikloak.logger_tags = %i[request_id sub]
-  config.verikloak.auto_include_controller = true
+
+  # Auto-include controller concern
+  # Set to false if you manually include Verikloak::Rails::Controller
+  config.verikloak.auto_include_controller = ENV.fetch('VERIKLOAK_AUTO_INCLUDE', 'true') == 'true'
+
+  # Render detailed 500 errors (development only recommended)
   config.verikloak.render_500_json = ENV.fetch('VERIKLOAK_RENDER_500', 'false') == 'true'
 
   # Optional Pundit rescue (403 JSON). Leave commented so `verikloak-pundit`

data/lib/verikloak/rails/railtie.rb

@@ -31,10 +31,16 @@ module Verikloak
       end
 
       # Optionally include the controller concern when ActionController loads.
+      # Supports both ActionController::Base and ActionController::API (API mode).
+      # Skips inclusion if the controller already includes the concern.
       # @return [void]
       initializer 'verikloak.controller' do |_app|
-        ActiveSupport.on_load(:action_controller_base) do
-          include Verikloak::Rails::Controller if Verikloak::Rails.config.auto_include_controller
+        %i[action_controller_base action_controller_api].each do |hook|
+          ActiveSupport.on_load(hook) do
+            next if include?(Verikloak::Rails::Controller) # Already included, skip
+
+            include Verikloak::Rails::Controller if Verikloak::Rails.config.auto_include_controller
+          end
         end
       end
 

data/lib/verikloak/rails/version.rb

@@ -2,6 +2,6 @@
 
 module Verikloak
   module Rails
-    VERSION = '0.3.0'
+    VERSION = '0.3.1'
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: verikloak-rails
 version: !ruby/object:Gem::Version
-  version: 0.3.0
+  version: 0.3.1
 platform: ruby
 authors:
 - taiyaky
@@ -94,7 +94,7 @@ metadata:
   source_code_uri: https://github.com/taiyaky/verikloak-rails
   changelog_uri: https://github.com/taiyaky/verikloak-rails/blob/main/CHANGELOG.md
   bug_tracker_uri: https://github.com/taiyaky/verikloak-rails/issues
-  documentation_uri: https://rubydoc.info/gems/verikloak-rails/0.3.0
+  documentation_uri: https://rubydoc.info/gems/verikloak-rails/0.3.1
   rubygems_mfa_required: 'true'
 rdoc_options: []
 require_paths: