A gem for token authorization of Grape APIs.
Peel is a gem to make token based authentication in Grape APIs easier. It uses warden under the hood to handle authentication of the requests. Finally, it leverages JSON web tokens for the API tokens. It is particularly geared towards clients that can't keep secrets, namely single-page apps.
Add this line to your application's Gemfile:
And then execute:
Or install it yourself as:
$ gem install peel
To create an API with the methods protected by token authentication, subclass the Peel::API :
class ProtectedAPI < Peel::API get '/protected' do 'secret stuff' end end
To get access to warden related helpers throughout your API mixin the Peel::ApiInclude like so:
class YourAPI < Grape::API include Peel::ApiInclude end
You can mount the protected API within your base Grape::API (or mount it seprately via Rails or other):
class YourAPI < Grape::API include Peel::ApiInclude mount ProtectedAPI get '/' do 'Not secret' end end
GETting '/protected' will fail when proper authentication tokens are not
GETtting '/' is unprotected and freely accessible.
- Add the tokens in the header as
'Authorization' => token
- You can store the tokens in
localStorage, session storage, or client cookies. See here for more
Other Important Info
- Serve your API over SSL. If the tokens are intercepted en-route to your user, a man-in-the-middle attack is trival.
- Fork it
- Create your feature branch (
git checkout -b my-new-feature)
- Commit your changes (
git commit -am 'Add some feature')
- Push to the branch (
git push origin my-new-feature)
- Create new Pull Request