search

gonzalo-bulnes / simple_token_authentication

Simple (and safe*) token authentication for Rails apps or API with Devise.
GNU General Public License v3.0
1.51k stars 240 forks source link

Signed requests #296

Open jamesfzhang opened 7 years ago

jamesfzhang commented 7 years ago

Do you support signed requests with a timed TTL?

gonzalo-bulnes commented 7 years ago

Hello @jamesfzhang,

I'm not sure to understand exactly what you want to do. It might be possible taking advantange of the Simple Token authentication hooks feature. Anyway, it sounds like JWT might interest you. (There are Ruby implementations, I haven't used any.)

jamesfzhang commented 7 years ago

Hi @gonzalo-bulnes,

I'm interested in something very similar to JWT. The authentication hooks feature would be really helpful. After authenticate_user! runs, I want to verify the request with JWT. Thanks for your help!

gonzalo-bulnes commented 7 years ago

Hi @jamesfzhang,

Sorry for the latency :P It seems that could be done through similar logic to #300. The payload signature verification would really happen around token comparison. Does that make sense to you? (Maybe you've moved on at this point, have you found a satisfactory solution to get that behaviour?)