In a recent software engineering interview, questions about authentication came up. It was a harsh wake-up call to realize that I am incredibly rusty in this area. I have recently had a habit of skipping authentication entirely in my projects, as they are relatively small in scale and contain dummy seed data with no sensitive information. In the past and under pressing deadlines, I had been told not to worry too much about authentication, as many companies outsource this process entirely to services specializing in cybersecurity.

With that said, these are by no means good excuses for ignoring authentication. Every software engineer needs to know the basic concepts and implementation of user authentication.

Following my interview hiccup and in the spirit of growth, I decided to dive back into this topic to create a small demo of an application with authentication using BCrypt and JSON Web Tokens.

---

Building a Rails Server

To begin, we will create a Rails project with the following command:

rails new <project_name> --api --database=postgresql

Here, we are using PostgreSQL as the database and have indicated to Rails that this will be an API with the --api flag. Without this flag, we would generate many extra unnecessary files included with the complete MVC framework.

We will install the jwt and active_model_serializers gems with:

bundle add jwt && bundle add active_model_serializers

Next, navigate to the Gemfile and uncomment gem 'rack-cors', allowing us to establish Cross-Origin Resource Sharing (CORS) in the API. We will also uncomment gem 'bcrypt'. Finally, run bundle install in the terminal to install these libraries.

To enable CORS, head to config/initializers/cors.rb and uncomment the following:

#authentication #javascript #ruby-on-rails #authorization #ruby