Question 1

How does API Guard compare to using the ruby-jwt gem directly in Rails?

Accepted Answer

API Guard builds on ruby-jwt by adding Rails-specific features like generators, token refreshing, and blacklisting, saving development time for full authentication suites. However, direct JWT usage offers more control for custom or minimal implementations without the gem's overhead.

Question 2

Can API Guard handle multiple user models like Admin and User?

Accepted Answer

Yes, it supports multiple resources through scope configuration and custom routes, but you'll need to set up separate controllers and models carefully to avoid conflicts, as hinted in the authentication helpers.

Question 3

How to add custom claims to JWT tokens with API Guard?

Accepted Answer

Override the jwt_token_payload method in your user model to return a hash with custom data; this gets included in the token payload and is accessible via @decoded_token in controllers for additional logic.

Question 4

Does API Guard automatically clean up expired blacklisted tokens?

Accepted Answer

No, it doesn't handle cleanup automatically. You must set up a CRON job or scheduled task to delete expired blacklisted tokens from the database, as noted in the token blacklisting section to prevent table bloat.

Question 5

Is API Guard compatible with Devise for authentication?

Accepted Answer

Yes, there's a wiki page for integrating with Devise, allowing you to use Devise's authentication while leveraging API Guard's JWT features, but it requires additional setup to bridge password handling and routes.

Question 6

How to test authenticated endpoints using API Guard in RSpec?

Accepted Answer

Include ApiGuard::Test::ControllerHelper in your spec setup and use the jwt_and_refresh_token method to generate tokens for test users, then set them in request headers to simulate authenticated requests.

API Guard

What is API Guard?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions