zaikio-jwt_auth 0.2.1 → 0.2.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +18 -3
- data/config/initializers/inflections.rb +1 -1
- data/lib/zaikio/jwt_auth/test_helper.rb +1 -1
- data/lib/zaikio/jwt_auth/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: ec233ed24502a3c1787c5c8825ecbf4c889608522152192739ab5938a91e720a
|
4
|
+
data.tar.gz: d15c29da5093ec019ff083874321d6fe709946eee57e464bb4b80ea8c89a7277
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 96a305a591381bbd7c768f27faaaf859dd2f01cca1032bb9f7b38b8e8a7b240c16da12e438cd6a325abe43ddf3f6d75602cfd068a9746348d52e89bb9274ce2d
|
7
|
+
data.tar.gz: a46b2f66a46b9a906b3ee2bcc0f98ee8ac88412d3bbaac81e0bebdaad2d831749d26a935f7d86c694fedc21ad890a277590fe582843629c8b98b96caf5b474d6
|
data/README.md
CHANGED
@@ -61,6 +61,8 @@ class API::ResourcesController < API::ApplicationController
|
|
61
61
|
end
|
62
62
|
```
|
63
63
|
|
64
|
+
By convention, `authorize_by_jwt_scopes` automatically maps all CRUD actions in a controller. Requests for `show` and `index` with a read or read_write scope are allowed. All other actions like `create`, `update` and `destroy` are accepted if the scope is a write or read_write scope. Therefore it is strongly recommended to always create standard Rails resources. If a custom action is required, you will need to authorize yourself using the `after_jwt_auth`.
|
65
|
+
|
64
66
|
### 6. Optionally, if you are using SSO: Check revoked tokens
|
65
67
|
|
66
68
|
Additionally, the API provides a method called `revoked_jwt?` which expects the `jti` of the JWT.
|
@@ -73,10 +75,23 @@ Zaikio::JWTAuth.revoked_jwt?('jti-of-token') # returns true if token was revoked
|
|
73
75
|
|
74
76
|
```rb
|
75
77
|
# in your test_helper.rb
|
76
|
-
|
78
|
+
class ActiveSupport::TestCase
|
79
|
+
# ...
|
80
|
+
include Zaikio::JWTAuth::TestHelper
|
81
|
+
# ...
|
82
|
+
end
|
83
|
+
|
84
|
+
# in your integration tests you can use:
|
85
|
+
class ResourcesControllerTest < ActionDispatch::IntegrationTest
|
86
|
+
def setup
|
87
|
+
mock_jwt(sub: 'Organization/123', scope: ['directory.organization.r'])
|
88
|
+
end
|
77
89
|
|
78
|
-
|
79
|
-
|
90
|
+
test "do a request with a mocked jwt" do
|
91
|
+
get resources_path
|
92
|
+
# test the actual business logic
|
93
|
+
end
|
94
|
+
end
|
80
95
|
```
|
81
96
|
|
82
97
|
## Advanced
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: zaikio-jwt_auth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.2.
|
4
|
+
version: 0.2.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Crispy Mountain GmbH
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-04-
|
11
|
+
date: 2020-04-28 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: oj
|