JWT-based authentication system for Rails admin panel.
- JWT token-based authentication
- Admin user management
- Secure API responses with consistent format
- Easy installation and configuration
- Add the required gems to your Gemfile(If not already added):
# decode/encode methods
gem "jwt"
gem "bcrypt"
# normalize response
gem "rails_warp"
gem "rails_jwt_admin"- Run bundle install:
bundle install- Install the admin:
rails g rails_jwt_admin:install- Run database migration:
rails db:migrate- Generate and edit your application credentials:
EDITOR=vim rails credentials:edit- Add your JWT secret key:
jwt_secret: "your_secret_key_here"Create an initial admin user:
RailsJwtAdmin::User.create(
username: "admin",
email: "admin@example.com",
password: "your_secure_password",
password_confirmation: "your_secure_password"
)- POST
/rails_jwt_admin/auth- Authenticate and get token - GET
/rails_jwt_admin/me- Get current user info
Send POST request to /rails_jwt_admin/auth with:
username- Admin usernamepassword- Admin password
Successful authentication returns:
{
"success": true,
"code": 200,
"message": null,
"data": {
"token": "eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxfQ..."
}
}Get current user returns:
{
"success": true,
"code": 200,
"message": null,
"data": {
"id": 1,
"username": "admin",
"email": "example@qq.com"
}
}Failed authentication returns:
{
"success": false,
"code": 401,
"message": "Authentication failed",
"data": null
}Include the token in your requests using the Authorization header:
Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoxfQ...
- Use a strong, unique JWT secret key
- Consider token expiration times for security
- Store sensitive credentials using Rails encrypted credentials
- Regularly update dependencies for security patches
- Follow Rails security best practices for session management and CSRF protection
This gem is available as open source under the terms of the MIT License.