RAILS 6 & 7 API Authentication with JWT (Token-based authentication)

RAILS 6 & 7 API Authentication with JWT (Token-based authentication)

What is JWT?

JSON Web Token authentication (also known as Token-based authentication) is a new way to manage user authentication in applications. It is an alternative method of session-based authentication.

In this blog, you will learn how to implement JSON web token (JWT) authentication, which is the most optimal solution for user authentication in the Ruby on Rails development company.

The most notable difference between session-based authentication and token-based authentication are:-

Token-based authentication is stateless we do not store any information about the user logged into the server (which also means we do not need a model or table for our user sessions).

Session-based authentication relies heavily on the server. The record is made for each logged-in user.

Dissimilar to session-based authentication, the token method will not associate the user with login information but with a unique token used to manage client host transactions.

Hire Top Ruby On Rails Developer Team

JSON Web Token Structure?

A JWT is easy to identify. It is three strings separated by (.)

1) Header
2) Payload
3) Signature

The header carries two parts:

● The type of token
● The hashing algorithm to use, such as HMAC SHA256 or RSA


The payload contains information about the user and his or her role. For example, a paid token load may contain an email and password.


A signature is a unique key that identifies a service that creates a header. In this case, the token signature will be the base-64 encoded version with the secret code of the Rails application (Rails.application.secrets.secret_key_base). Because each app has a unique basic key, this secret key acts as a token signature.

Workflow of Token-based Authentication?

The token-based verification method works simply. The user enters his details and sends the request to the server. If the information is correct, the server creates a unique HMACSHA256 encoded token, also known as the JSON (JWT) web token. The client maintains JWT and executes all the following requests on the server with the attached token. The server verifies the user by comparing the JWT sent with the request to the one it has stored in the database. Here is a simple diagram of the process.

Token-based Authentication

Let's code

Enough theory, it's time to practice. The first step in building a new Rails API-only program:

$ rails new backend_authentication --api --database=postgresql

Add JSON Web Token (JWT) and bcrypt gem

and then install dependencies by typing this on your terminal

$ bundle install

$ rails db:create

Creating User Model

$ rails g model user name:string username:string email:string
'$ rails db:migrate'

Create User Controller

$ rails g controller users

Create JsonWebToken concerns

Create authenticate_request function

Create authentication controller

$ rails g controller authentication

Implementations of Login feature

Update routes

You can now check your application response with the postman

Create User




Conclusion: At this point, you have covered these points related to JWT and its implementations in Ruby On Rails:-
1) JSON Web Token Structure
2) Difference between Token-based authentication and Session-based authentication.
3) Basic knowledge related to Token-based Authentication
4) Workflow of Token-based Authentication.

Happy Learning