hggeorgiev / rails-jwt-auth-tutorial Goto Github PK

Not necessarily an issue or bug, but how would I go about issuing a refresh token?

Sorry if there is a naive question, but if the token expires after 24 hours, I would have to require the user to reauthorize every day, right?

Should I extend the expiration for longer than 24 hours, or send some sort of refresh token alongside the auth response so that the frontend can re-auth behind the scenes?

Hopefully my question makes sense. Thanks for your help - and great tutorial :)

Pat

Does this check for expired tokens? I can't see where it's done.

So I followed the guide and it's great! 👍

However, I'm at the point where I authenticate on the frontend and get the auth token back from the server (along with email, username, and whatever else I decide).

Now what I want to be able to do, is when I store the authToken in localStorage, and I refresh the page, it should know that I'm still logged in without me having to relog in.

Was wondering how we would do that? Thanks!

The way you get secret_key_base is not working at Heroku for Rails >= 5.2:

# json_web_token.rb
..
JWT.encode(payload, Rails.application.secrets.secret_key_base)

The new way would be:

JWT.encode(payload, Rails.application.credentials.dig(:secret_key_base))

The same is to apply for decode method as well.

Hello,
Thank you very much for the tutorial.
I tried downloading Github code and getting an error.
I've put the user through console and when I run the curl to get token, I get following message:

Started POST "/authenticate" for 127.0.0.1 at 2019-02-04 00:34:56 +1100
ActiveRecord::SchemaMigration Load (0.2ms) SELECT "schema_migrations".* FROM "schema_migrations"
Processing by AuthenticationController#authenticate as /
Parameters: {"email"=>"[email protected]", "password"=>"[FILTERED]", "authentication"=>{"email"=>"[email protected]", "password"=>"[FILTERED]"}}
User Load (0.2ms) SELECT "users".* FROM "users" WHERE "users"."email" = ? LIMIT ? [["email", "[email protected]"], ["LIMIT", 1]]
CACHE (0.0ms) SELECT "users".* FROM "users" WHERE "users"."email" = ? LIMIT ? [["email", "[email protected]"], ["LIMIT", 1]]
Completed 500 Internal Server Error in 186ms (ActiveRecord: 1.2ms)

NoMethodError (undefined method `credentials' for #ApiApp::Application:0x00000002b65a88):

lib/json_web_token.rb:4:in encode' app/commands/authenticate_user.rb:12:in call'
app/controllers/authentication_controller.rb:5:in `authenticate'

rails -v : Rails 5.0.6

I'm not sure why Rails.application.credentials is undefined.
Is there something I'm missing?
Thank you.

I followed the guide and implemented everything as the guide did.

I get this error:

ArgumentError (wrong number of arguments (given 2, expected 0)):
  
app/controllers/authentication_controller.rb:5:in `authenticate'

When I call:

$ curl -H "Content-Type: application/json" -X POST -d '{"email":"[email protected]","password":"123"}' http://localhost:3000/authenticate

I had to use skip_before_action :verify_authenticity_token in my application controller to get the server to send back the auth_token.

Excellent tutorial, helped me a lot, but I have a question, if I want to log out how should I proceed?

the guide says to put:
config.autoload_paths << Rails.root.join('lib')
in config/application.rb

this is sufficient in development environment, but the following needs to be added as well:
config.eager_load_paths << Rails.root.join('lib')
other wise files in lib are not loaded when booting the app in production

https://blog.bigbinary.com/2016/08/29/rails-5-disables-autoloading-after-booting-the-app-in-production.html