1

My understanding of the authentication for hyperstack is that it leans on the session for persisting the user's id, which is used to fetch the acting_user.

If I wanted to decouple from the rails session, and use token based authentication, how can I setup the Hyperstack transport to include a token with every request?

Basically what I'm asking is how can I send a token such that it's available in the acting_user call.

class ApplicationController < ActionController::Base
  def acting_user
    claim = JsonWebToken.verify(params[:token], key: some_key)
    @current_user ||= claim[:ok] && User.find(claim[:ok][:user_id])
  end
end

where params[:token] is being passed from the client on a request.

Cereal
  • 3,699
  • 2
  • 23
  • 36

1 Answers1

0

I am not 100% sure of this having never used Token Authorization, but looking at this good article, I believe it should "just work" except that you will have get the authorization into the header. You will implement whatever stuff you need in ApplicationController, and you will have access to that in your login ControllerOp . Just be sure that you set acting_user

https://www.pluralsight.com/guides/token-based-authentication-with-ruby-on-rails-5-api

All communication from the client to the server goes through the ServerOp class so you will have to patch that class to add the authorization.

Its pretty straight forward: https://github.com/hyperstack-org/hyperstack/blob/edge/ruby/hyper-operation/lib/hyper-operation/server_op.rb

FYI there is a github issue to add a hook to make this easier:

https://github.com/hyperstack-org/hyperstack/issues/168

Mitch VanDuyn
  • 2,838
  • 1
  • 22
  • 29