I’m in the middle of a pet project of mine (also writing related like Write.app) and in the course of my research on client side user sessions, I came across this great article which introduced me to the concept of JSON Web Tokens. They’re an awesome concept. I once wrote about my own homegrown method of protecting API keys in an Angular app but JWT seems like it might be a better idea in this case.
For some context, this new project requires that users can install and run their own instance of an application in the same vain as Wordpress and other apps. Requiring Redis, other dependencies, and the technical knowledge to put all the pieces together won’t work for this one. I need users of my app to be able to run the install script once and never have to think about security or how things work. I’m going to check this concept out. I really encourage anyone developing a modular app with different front ends for desktop, web, and mobile backed by a server side API to check it out. If you have experience with JSON Web Tokens already, let me know your thoughts on it. How’s the implementation in Ruby? What issues have you run into? Any tips?