The Crystal Programming Language Forum

Shield v0.4.0 Presents RFC 6750 Bearer Logins (API Tokens)

Shield is a comprehensive security solution for Lucky framework. It features robust authentication and authorization, including user registrations, logins and logouts, password resets and more.

Get started using Meth

Meth is a Lucky application scaffold that gets you up and running with Shield.

Version 0.4.0 enables authentication via access tokens, per RFC 6750. Any registered user may create bearer logins, and delegate some or all of their rights to them in the form of scopes.

In Shield, every action represents a single scope, which, if included in a bearer login’s assigned scopes, would allow a client possessing that bearer login’s token to access that action.

Further, all authentication actions that can be performed in the browser have their API equivalents. So you may do logins, password resets, email confirmations, user registrations etc., via API. You may even create bearer logins via API.

Shield does not use session for authentication in APIs, even if you log in with an email and password. It relies solely on bearer tokens, and auto generates one for you when required.

We’ve made browser tests for password and email confirmations easier. In development, Shield autoclicks password reset and email confirmation links for you, so you do not have to set up an actual MTA (mail transport agent).

This version improves on features introduced in earlier versions, and fixes a few bugs.

Find source and documentation on GitHub:

cc @konung


Does this work with Mongo db or only Postgres?

Only Postgres. That’s what Avram supports.

1 Like