Module: Cyclid::API::Auth::Token
- Defined in:
- app/cyclid/controllers/auth/token.rb
Overview
API endpoints for managing API tokens
Tokens collapse
-
#POST(/token/: username) ⇒ Object
Generate a JSON Web Token for use with the Token authentication scheme.
Class Method Summary collapse
-
.registered(app) ⇒ Object
Sinatra callback.
Class Method Details
.registered(app) ⇒ Object
Sinatra callback
43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 |
# File 'app/cyclid/controllers/auth/token.rb', line 43 def self.registered(app) include Errors::HTTPErrors app.post '/:username' do (params[:username], Operations::READ) payload = parse_request_body Cyclid.logger.debug payload user = User.find_by(username: params[:username]) halt_with_json_response(404, INVALID_USER, 'user does not exist') \ if user.nil? # Create a JSON Web Token. Use the provided payload as the intial # set of claims but remove some of the standard claims we don't # want users to be able to set. # # Requests MAY set 'exp' and 'nbf' if they wish. payload.delete_if{ |k, _v| %w(iss aud jti iat sub).include? k } # If 'exp' was not set, set it now. Default is +6 hours. payload['exp'] = Time.now.to_i + 21_600_000 unless payload.key? 'exp' # Subject is this user payload['sub'] = params[:username] # Create the token; use the users HMAC key as the signing key token = JWT.encode payload, user.secret, 'HS256' token_hash = { token: token } return token_hash.to_json end end |
Instance Method Details
#POST(/token/: username) ⇒ Object
Generate a JSON Web Token for use with the Token authentication scheme. The user must authenticate using one of the other available methods (HTTP Basic or HMAC) to obtain a token.
|
# File 'app/cyclid/controllers/auth/token.rb', line 29
|