Name: discourse-omniauth-jwt
Owner: Discourse
Description: An OmniAuth strategy that uses JSON Web Token for Single Sign-On
Created: 2015-09-14 20:51:46.0
Updated: 2018-01-17 15:25:40.0
Pushed: 2015-09-14 20:56:55.0
Homepage: null
Size: 97
Language: Ruby
GitHub Committers
User | Most Recent Commit | # Commits |
---|
Other Committers
User | Most Recent Commit | # Commits |
---|
JSON Web Token (JWT) is a simple way to send verified information between two parties online. This can be useful as a mechanism for providing Single Sign-On (SSO) to an application by allowing an authentication server to send a validated claim and log the user in. This is how Zendesk does SSO, for example.
OmniAuth::JWT provides a clean, simple wrapper on top of JWT so that you can easily implement this kind of SSO either between your own applications or allow third parties to delegate authentication.
Add this line to your application's Gemfile:
gem 'omniauth-jwt'
And then execute:
$ bundle
Or install it yourself as:
$ gem install omniauth-jwt
You use OmniAuth::JWT just like you do any other OmniAuth strategy:
OmniAuth::JWT, 'SHAREDSECRET', auth_url: 'http://example.com/login'
The first parameter is the shared secret that will be used by the external authenticator to verify
that. You must also specify the auth_url
option to tell the strategy where to redirect to log
in. Other available options are:
HS256
by default but can
be set to anything supported by ruby-jwtemail
['name', 'email']
name
and email
to the same in the info hash.nil
. If this
is set, the iat
claim becomes required and must be within the specified number of seconds of the
current time. This helps to prevent replay attacks.When you authenticate through omniauth-jwt
you can send users to /auth/jwt
and it will redirect
them to the URL specified in the auth_url
option. From there, the provider must generate a JWT
and send it to the /auth/jwt/callback
URL as a “jwt” parameter:
/auth/jwt/callback?jwt=ENCODEDJWTGOESHERE
An example of how to do that in Sinatra:
ire 'jwt'
'/login/sso/other-app' do
assuming the user is already logged in and this is available as current_user
aims = {
id: current_user.id,
name: current_user.name,
email: current_user.email,
iat: Time.now.to_i
yload = JWT.encode(claims, ENV['SSO_SECRET'])
direct "http://other-app.com/auth/jwt/callback?jwt=#{payload}"
git checkout -b my-new-feature
)git commit -am 'Add some feature'
)git push origin my-new-feature
)