passageidentity
gem, available via RubyGems. The example below shows a Rails application that uses Passage to authorize requests.before_action
.psg_auth_token
). If your application uses Authorization headers instead, you can pass the following option to Passage.authenticate_jwt
method and extract the JWT from the header yourself in the authorize
function.Passage.auth.authenticate_request(request)
validates that a request is properly authenticated, but an additional authorization check is often required. You should use the Passage User ID to store role information and make authorization decision.