Goals for this presentation is to show how to:
- build authorization service which provides JSON Web Tokens using open source tools,
- explain how to use JWT to secure a REST API built in Sinatra,
- mange complex REST tests of a secured API using a handy tool called: bash ;).
I believe that after this live session, each participant will be able to increase security and stability of their projects.
Introduction: In a few words I give summary of JSON Web tokens, what they are and how we can use them.
Part I: Use Rails API + Devise and JWT libs to build an authorization service which will authenticate users using email to provide JSON Web Tokens. I will show core steps which are required to get it running then we will create a user and authorize them to obtain a JWT token.
Part II: I will show a simple REST API built in Sinatra and what steps are necessary to apply JWT authorization on it, with token blacklisting as the invalidation strategy. Sinatra is a great Ruby framework for small and large projects. It's lighter than Rails and really flexible.
Part III: Having free open source authorization service and secured REST API is not all. Now we should be able to run all bunch of tests on it. Using bash with bats + jq + jo will give us powerful testing tool, which can be used in command line or TeamCity. I will show how to test REST endpoints locally and remotely without touching any commercial software or UI tools. We will run simple tests like GET /endpoint == status 200 but also a complex ones which require:
- JSON payload,
- multi line response parsing,
- matching regular expressions against the response.
Summary: Biggest value of this is that each part can be done separately. Some of us already have API services but lack automated tests or maybe there is a need to secure them.
These 3 parts have been already combined in a new open source deployment solution called PutIt.
URLs for Making REST API in Sinatra with automation tests in bash
No URLs found.
- Saturday Aug. 18 14:00 - 15:00 at Speakers Tent