capability_tokens

CapabilityTokens

This gem generates, stores, and helps you retrieve short-lived tokens with payloads. It is intended to be part of a capability link system, which allows users to perform actions without explicitly logging in.

Installation

Add this line to your application's Gemfile:

gem 'capability_tokens'

And then execute:

$ bundle

Then, install the migrations:

$ rake capability_tokens:install:migrations

And you're set! If you need to put the table this engine creates in a schema, create an initializer:

# config/initializers/capability_tokens.rb

CapabilityTokens.configure do |c|
  c.schema_name = 'my_stuff'
end

Usage

Generate a new token:

requester = 'customer-service'
payload   = { account_id: 1, action: 'login' }
cap_token = CapabilityTokens.generate(payload, requester, Time.now + 72.hours)

cap_token.token # => "82264468-6d50-454f-a257-007a89afa18b"

Disseminate the token as you see fit; e.g., in a link, like http://yourapp.com/do_it/82264468-6d50-454f-a257-007a89afa18b.

When a user follows that link, your controller might do:

begin
  token = CapabilityTokens.retrieve(params[:token])
  login_user!(token.payload[:account_id])
rescue CapabilityTokens::ExpiredToken
  raise "Too late!"
rescue CapabilityTokens::InvalidToken
  raise "Hacker!"
end

Note that CapabilityTokens::retrieve will always raise an exception if the retrieved token is either nonexistant or expired. You can rescue CapabilityTokens::BadToken to catch all errors.

FYI, "requester" is required as a very basic audit trail. If your needs are more complex, please open an issue and I'll investigate how to accomodate.

Contributing

• Fork it
• Create your feature branch (git checkout -b my-new-feature)
• Commit your changes (git commit -am 'Add some feature')
• Push to the branch (git push origin my-new-feature)
• Create new Pull Request