JWT VS zeitwerk

To authenticate our users, we need to add jwt gem to our Gemfile

jwt is a Ruby implementation of the RFC 7519 OAuth JSON Web Token standard. bcrypt is a Ruby binding for the OpenBSD bcrypt() password hashing algorithm.

ruby-jwt is fairly easy to use on it's own without Devise. You might try that first and only add Devise if needed.

Generally speaking, the larger the application, the more internal and external services it has to talk to. External services usually have their own way of authenticating and authorizing third party API calls. With internal systems however, organisations prefer to use JWT tokens because of their inherent flexibility and versatility. A sample JWT based handshake between 2 rails applications using ruby-jwt would look like this -

Interesting. What's the difference between this and the standard ruby-jwt? https://github.com/jwt/ruby-jwt

jwt - encoding and decoding jwt oauth

Decoding JWTs is simple whit the help of an already implemented solution. In this section, I'll be using the ruby-jwt.

To setup it's pretty simple, you just need to create a file inside bin/console and require all the files you want to use on a REPL, most of the times we use gems like zeitwerk to provide the auto requiring, but if you want to do it manually, refer to the example below:

zeitwerk

Zeitwerk takes a directory and makes every file underneath it available to load. The convention is that every new sub-directory is a new module, and every file defines a class with the same name as the file.

There is a gem that does that used by Rails and multiple other gems:

https://github.com/fxn/zeitwerk

It is pretty easy to set it up in any Ruby project.

I actually prefer auto-loading, which lets you iterate through a package manager much easier/faster - PHP iterated through PSR-0[0] before landing on PSR-4[1], and you can always build your own (which is what most frameworks pre-composer were doing).

With Rails 7 and Zeitwerk, the Ruby community has landed on a very similar auto-loading system as PHP now[2] with constants translating to paths by convention.

[0]: https://github.com/php-fig/fig-standards/blob/master/accepte...

[1]: https://www.php-fig.org/psr/psr-4/

[2]: https://github.com/fxn/zeitwerk#the-idea-file-paths-match-co...

If you're working on non-Rails apps and need to deal with loading code, zeitwerk can be used anywhere, unlike the old Rails autoloader. It's also really easy to set up.

https://github.com/fxn/zeitwerk#collapsing-directories

Zeitwerk

With a few modifications in the gem source code, we could easily integrate Auth0 into our Rails API, but that on Rails 5. Rails 6 brought Zeitwerk code loader together, which makes it harder to perform the alterations suggested in my previous post.