In general, you can just use and trust a JWT hasn't been tampered with.. But not always, depending on how you're storing it on the client. If storing in localStorage, it may be changed and stolen! But what if we want to provide extra precautions? We can do that with AUD in devise-jwt. AUD allows us to take and store extra information about the client so we can identify it and make sure it's okay. In this episode, I explain why we don't just use cookies (and still use localStorage) as well as how we'll be using AUD from our Svelte frontend.
🤯 Support on Patreon

• https://www.patreon.com/davidwparker

⏱️ Timestamps:

• 00:00 - Introduction
• 00:40 - Readme
• 02:10 - cors.rb
• 03:00 - allowlist.rb
• 03:20 - sessionscontroller.rb
• 04:40 - github discussion about cookie vs localStorage

💌 Newsletter:

• https://www.programmingtil.com/

🪐Elsewhere:

• Twitter: https://twitter.com/davidwparker
• Twitter: https://twitter.com/ programmingtil
• GitHub: https://github.com/davidwparker

💭Concepts:

• Setting up and using AUD in devise-jwt

📚Resources:

• https://github.com/davidwparker/programmingtil-rails/tree/ep14
• https://github.com/waiting-for-dev/devise-jwt/issues/126

🎬 Subscribe!

• http://bit.ly/subdavidwparker

My name is David W Parker and I’m creating and publishing videos on ProgrammingTIL to help teach anyone and everyone who wants to code. I’m a huge fan of Ruby on Rails, Svelte, TailwindCSS, and WebGL. I’ve used React a lot in the past, as well as some Vue and AngularJS. I’ve done some professional Python and Django. I like to create real applications and my tutorials will walk you through how to build something real from beginning-to-end.

ruby #rails #rubyonrails