SupportDashboard
Documentation
Homepage

Rails

Suggest Edits

When you receive an id_token from Swoop, it is important to verify the token against your CLIENT_SECRET to ensure that it is valid and hasn't been tampered with.

Here is how to validate JWT's in rails.

Install the jwt Library

Add the following to your Gemfile

gem 'jwt'

And then run bundle install

Verify The Token

def loginWithSwoop
    secret = 'CLIENT_SECRET'
    token = params[:swoopToken]
    iss = 'https://auth.swoop.email'
    # Decode the swoop token. Verify it was issued by swoop
    decoded_token = JWT.decode token, secret, true, { iss: iss, verify_iss: true, algorithm: 'HS256' }
  
    # Lookup the user by email
    user = User.find_by_email!(decoded_token.email)
    # "Log in" the user
    session[:current_user] = user
    redirect_to '/account'
  end

Updated about 4 years ago