Enabling JWT support using the Rails secret key base

samvera · Feb 28, 2020 · 5e01b5c · 5e01b5c
1 parent 0c414bf
commit 5e01b5c
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 3 deletions.
diff --git a/app/controllers/browse_everything/providers_controller.rb b/app/controllers/browse_everything/providers_controller.rb
@@ -82,7 +82,7 @@ def build_json_web_token(authorization)
         }
 
         # @todo This needs to be shared with the client
-        JWT.encode(payload, 'secret', 'none')
+        JWT.encode(payload, Rails.application.secrets.secret_key_base, 'HS256')
       end
   end
 end
diff --git a/app/controllers/concerns/browse_everything/controller/authorizable.rb b/app/controllers/concerns/browse_everything/controller/authorizable.rb
@@ -32,8 +32,7 @@ def token_data
         def json_web_tokens
           return [] unless token_data
 
-          # @todo This needs to be shared with the client
-          @json_web_tokens ||= JWT.decode(token_data, 'secret', false)
+          @json_web_tokens ||= JWT.decode(token_data, Rails.application.secrets.secret_key_base, false, { algorithm: 'HS256' })
         end
 
         # @return [Array<Hash>] the set of serialized Authorizations transmitted