While sending JWTs via the auth header may work for your application, sometimes it won't and we need the extra security against XSS provided by cookies. In this episode, I explore how to set and use cookies instead of sending back the JWT in our response body (to be set by localStorage) and explain the advantages and disadvantages of each.
🤯 Support on Patreon

• https://www.patreon.com/davidwparker

⏱️ Timestamps:

• 00:00 - Introduction
• 00:55 - README
• 01:25 - devise-jwt-cookie
• 02:40 - user and other changes required
• 04:20 - other changes (non- cookie related)

💌 Newsletter:

• https://www.programmingtil.com/

🪐Elsewhere:

• Twitter: https://twitter.com/davidwparker
• Twitter: https://twitter.com/programmingtil
• GitHub: https://github.com/davidwparker

💭Concepts:

• Use httpOnly secure cookies instead of localStorage for our devise JWT tokens

📚Resources:

• https://github.com/davidwparker/programmingtil-rails/tree/ep17a
• https://github.com/davidwparker/devise-jwt-cookie
• https://github.com/scarhand/devise-jwt-cookie

🎬 Subscribe!

• http://bit.ly/subdavidwparker

My name is David W Parker and I’m creating and publishing videos on ProgrammingTIL to help teach anyone and everyone who wants to code. I’m a huge fan of Ruby on Rails, Svelte, TailwindCSS, and WebGL. I’ve used React a lot in the past, as well as some Vue and AngularJS. I’ve done some professional Python and Django. I like to create real applications and my tutorials will walk you through how to build something real from beginning-to-end.

ruby #rails #rubyonrails