If you want to create Rails Application dependent on API only and you have a requirement to provide Token based authentication in your application. So you can use JWT+ KNOCK token based Authentication solution.

Knock is an authentication solution for Rails API-only application based on JSON Web Tokens.

JWT is JSON based web tokens.

Advantages of using JWT and Knock in Ruby on Rails Application:

• JWT:

1. It is lightweight

2. It is easy to use

3. It is stateless

• Knock:

1. Seamless JWT authentication for Rails API

2. It is easy to implement and maintain.

3. It allows customization.

Step 1: Create Rails API Project

rails new project_name --api -d mysql 

where

# --api specifies the rails application is API based

# -d mysql specifies that we use mysql database in this application

Step 2: Add gem

Add following gem into project_name/Gemfile

gem 'knock' 

gem 'jwt'

gem file looks like

Next to run command on terminal for installing gem in application.

bundle install 

Step 3: Setup a basic Knock structure

Run following command

rails generate knock:install 

rails generate knock:token_controller user

Now run the following commands to setup your Rails application.

rails generate model users 

rails generate controller users 

rails generate controller home

If you add custom model so you can do it.

File Location: project_name/db/migrate/:random_number_create_users.rb

Run following command to create User table

rake db:migrate 

Step 4: Authorization/Knock Setup

File Location: project_name/config/initializers/knock.rb

Step 5: Setup your User model with some basic validation

File Location: project_name/app/model/user.rb

Your user model look like this.

Now you can setup controller to access the Authentication.

Add include Knock::Authenticable 

File Location: project_name/app/controller/application_controller.rb

Also each and every method call pass though knock authentication.

Add before_action :authentication_user, only[:auth]

Here auth is a method to check client is authorized.

In home controller there is index method and auth method for login.

File Location: project_name/app/controller/api/v1/home_controller.rb

File Location: project_name/app/controller/api/v1/users_controller.rb

In user controller there is index, current method for current user data and create method for creating new user. Also you can add update and delete method.

Add authentication on required method with help of authentication_user , authorize_as_admin, and authorize method.

Final Step: Test API

We test API with help of Postman.

1. User creation API: API endpoint is http://localhost:3000/api/v1/users/create

We send parameter in body for user creation so that API method type POST. After calling API we get successful response with status 200 and and message “User was created ”.

After user creation we go to login API, but for application login we need a token so we need to call token API.

2. API Endpoint: http://localhost:3000/api/v1/user_token

For user token we need to send email id and password in body of method type POST.

If email id and password is valid to API we get jwt token from knock in response.

Great we now got token. With help of this we access knock authorized method.

3. Login API:

API Endpoint: http://localhost:3000/api/vi1/auth

We sent jwt token in header of API and content type is applicationJson.

Authentication: Bearer jwt token

content type: : applicationJson.

If everything is OK, then we get successful response.

These two gems Knock + JWT can help us to develop token based API in Rails 5 very easily and will save the overall time required in Ruby on Rails development.