In a recent software engineering interview, questions about authentication came up. It was a harsh wake-up call to realize that I am incredibly rusty in this area. I have recently had a habit of skipping authentication entirely in my projects, as they are relatively small in scale and contain dummy seed data with no sensitive information. In the past and under pressing deadlines, I had been told not to worry too much about authentication, as many companies outsource this process entirely to services specializing in cybersecurity.
With that said, these are by no means good excuses for ignoring authentication. Every software engineer needs to know the basic concepts and implementation of user authentication.
Following my interview hiccup and in the spirit of growth, I decided to dive back into this topic to create a small demo of an application with authentication using BCrypt
and JSON Web Tokens.
To begin, we will create a Rails project with the following command:
rails new <project_name> --api --database=postgresql
Here, we are using PostgreSQL as the database and have indicated to Rails that this will be an API with the --api
flag. Without this flag, we would generate many extra unnecessary files included with the complete MVC framework.
We will install the jwt
and active_model_serializers
gems with:
bundle add jwt && bundle add active_model_serializers
Next, navigate to the Gemfile
and uncomment gem 'rack-cors'
, allowing us to establish Cross-Origin Resource Sharing (CORS) in the API. We will also uncomment gem 'bcrypt'
. Finally, run bundle install
in the terminal to install these libraries.
To enable CORS, head to config/initializers/cors.rb
and uncomment the following:
#authentication #javascript #ruby-on-rails #authorization #ruby