How to use httpOnly secure cookies in Ruby on Rails with devise-jwt

While sending JWTs via the auth header may work for your application, sometimes it won't and we need the extra security against XSS provided by cookies. In this episode, I explore how to set and use cookies instead of sending back the JWT in our response body (to be set by localStorage) and explain the advantages and disadvantages of each.
🤯 Support on Patreon
  • https://www.patreon.com/davidwparker

⏱️ Timestamps:
  • 00:00 - Introduction
  • 00:55 - README
  • 01:25 - devise-jwt-cookie
  • 02:40 - user and other changes required
  • 04:20 - other changes (non- cookie related)

💌 Newsletter:
  • https://www.programmingtil.com/

🪐Elsewhere:
  • Twitter: https://twitter.com/davidwparker
  • Twitter: https://twitter.com/programmingtil
  • GitHub: https://github.com/davidwparker

💭Concepts:
  • Use httpOnly secure cookies instead of localStorage for our devise JWT tokens

📚Resources:
  • https://github.com/davidwparker/programmingtil-rails/tree/ep17a
  • https://github.com/davidwparker/devise-jwt-cookie
  • https://github.com/scarhand/devise-jwt-cookie

🎬 Subscribe!
  • http://bit.ly/subdavidwparker

My name is David W Parker and I’m creating and publishing videos on ProgrammingTIL to help teach anyone and everyone who wants to code. I’m a huge fan of Ruby on Rails, Svelte, TailwindCSS, and WebGL. I’ve used React a lot in the past, as well as some Vue and AngularJS. I’ve done some professional Python and Django. I like to create real applications and my tutorials will walk you through how to build something real from beginning-to-end.

ruby #rails #rubyonrails

© programmingtil.com