Rails:使用敲击使用 JWT 令牌进行身份验证
[英]Rails: authenticate with JWT Token using knock
问题描述
Iam trying to build an authentication solution for my app.
我正在尝试为我的应用构建身份验证解决方案。 Iam using React as frontend and Rails in API mode as my backend.我使用 React 作为前端,在 API 模式下使用 Rails 作为我的后端。 I have an external authentication solution, which I need to use.我有一个外部身份验证解决方案,我需要使用它。 I stumbled over Knock for JWT token management but I dont understand the documentation, especially this part "It must have an authenticate method, similar to the one added by has_secure_password.", since, due to my external authentication service, i dont have a User Model.我偶然发现了 Knock for JWT 令牌管理,但我不理解文档,尤其是这部分“它必须有一个身份验证方法,类似于 has_secure_password 添加的方法。”,因为,由于我的外部身份验证服务,我没有用户模型。 So in my head, a login request would go to my LoginController, which would manage the external authentication, and, after successful authentication, would somehow create an JWT token and return this to the frontend.所以在我看来,登录请求将发送到我的 LoginController,它将管理外部身份验证,并且在身份验证成功后,将以某种方式创建 JWT 令牌并将其返回给前端。 Any idea how i achieve this?知道我如何实现这一目标吗?
1 个解决方案
解决方案1
0 2019-11-29 14:11:32
Although it's very strange that you cannot understand the documentation 尽管您不理解文档很奇怪
解决方案2
0 2019-11-29 22:18:43
If you're using an external authentication solution, then you don't have a login controller, and you shouldn't need to have.如果您使用的是外部身份验证解决方案,那么您就没有登录控制器,而且您不需要拥有。 If you have an external service do authentication, then that's very likely to be OpenID or OAuth2.如果您有外部服务进行身份验证,那么很可能是 OpenID 或 OAuth2。
Here is a good explanation of the authentication flow .这是身份验证流程的一个很好的解释。
What you probably want and need in your application is a before_action which verifies that the Bearer token is valid.您在应用程序中可能想要和需要的是一个before_action ,它验证 Bearer 令牌是否有效。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.