devise-jwt-cookie is a devise extension based on devise-jwt. It should be used alongside devise-jwt.
Add this line to your application's Gemfile:
gem 'devise-jwt-cookie', '~> 0.2.0'And then execute:
$ bundle
First you need to setup up and configure devise and devise-jwt. This gem hooks into devise-jwt to add an httpOnly cookie with the JWT.
You have to update the user model to be able to use the cookie method. For example:
class User < ApplicationRecord
devise :database_authenticatable,
:jwt_cookie_authenticatable,
:jwt_authenticatable, jwt_revocation_strategy: Blacklist
endThis library can be configured by calling jwt_cookie on the devise config object:
Devise.setup do |config|
config.jwt do |jwt|
# config for devise-jwt goes here
end
config.jwt_cookie do |jwt_cookie|
# ...
jwt_cookie.secure = false if Rails.env.development?
end
endThe name of the cookie. Defaults to access_token.
The domain the cookie should be issued to. Will be omitted if not set.
If a secure cookie should be set, this means the cookie must be sent over a secure connection. Defaults to true.