A gem for token authorization of Grape APIs.
Peel is a gem to make token based authentication in Grape APIs easier. It uses warden under the hood to handle authentication of the requests. Finally, it leverages JSON web tokens for the API tokens. It is particularly geared towards clients that can't keep secrets, namely single-page apps.
Add this line to your application's Gemfile:
gem 'peel'
And then execute:
$ bundle
Or install it yourself as:
$ gem install peel
###API Side
To create an API with the methods protected by token authentication, subclass the Peel::API :
class ProtectedAPI < Peel::API
get '/protected' do
'secret stuff'
end
endTo get access to warden related helpers throughout your API mixin the Peel::ApiInclude like so:
class YourAPI < Grape::API
include Peel::ApiInclude
endYou can mount the protected API within your base Grape::API (or mount it seprately via Rails or other):
class YourAPI < Grape::API
include Peel::ApiInclude
mount ProtectedAPI
get '/' do
'Not secret'
end
endNow GETting '/protected' will fail when proper authentication tokens are not
presented. GETtting '/' is unprotected and freely accessible.
###Client-Side
- Add the tokens in the header as
'Authorization' => token - You can store the tokens in
localStorage, session storage, or client cookies. See here for more
###Other Important Info
- Serve your API over SSL. If the tokens are intercepted en-route to your user, a man-in-the-middle attack is trival.
- Fork it
- Create your feature branch (
git checkout -b my-new-feature) - Commit your changes (
git commit -am 'Add some feature') - Push to the branch (
git push origin my-new-feature) - Create new Pull Request