6

I am using devise-jwt for token based authentication in my RoR app. The client sends in a token in the header like so: Bearer #{token} By using authenticate_user! I am able to authenticate the user in the controller, and get the logged in user as current_user.

When I use Actioncable, the connect method in connection.rb requires to find the user from the token. The connection.rb is as follows:

module ApplicationCable
  class Connection < ActionCable::Connection::Base
    identified_by :current_user

    def connect
      token = request.env["Authorization"]
      find_verified_user
    end

    private
    def find_verified_user
      if authenticate_user!
        self.current_user = current_user
      else
        reject_unauthorized_connection
      end
    end
  end
end

However, the authenticate_user! is not a valid method here (as it is devise specific).

My question is how to I find the current_user here? How to identify the client who has sent the token in the header?

Novneet Nov
  • 592
  • 1
  • 7
  • 22

1 Answers1

0

One way to retrieve the user from the JWT token is to use the Warden::JWTAuth helper:

Warden::JWTAuth::UserDecoder.new.call(token, :user, nil)
=> #<User id: 1, email: "user@email.com", ...>

or use JWT directly:

decoded_token = JWT.decode(token, 'jwt_secret', true, { algorithm: 'jwt_algorithm' })
=>
   [
     {
       "sub" => "1",
       "scp" => "user",
       "aud" => nil,
       "iat" => 1689090581,
       "exp" => 1691682581,
       "jti" => "7f82dcc8-4957-4fa8-95dd-20a26989343c"
     },
     {
       "alg" => "HS256"
     }
   ]

User.find((decoded_token[0])['sub']))
=> #<User id: 1, email: "user@email.com", ...>

(where jwt_algorithm is usually HS256)

Paweł Gościcki
  • 9,066
  • 5
  • 70
  • 81