JWT Multi Account Roles
My team and I are building a B2B SaaS solution based on a Rails API authenticated via JWTs. When we started, we implemented authorization via an account model. So accounts habtm users. All other models are then authorized via the account_id of each resource or its parent resources.
Then the need for user roles arose. We looked at solutions like Rolify and CanCanCan but they didn’t fit our needs (at least we think so at the moment, maybe we missed something).
Therefore, we developed a custom solution that basically has 2 classes and 3 models, only relies on a JWT (not a user to be queried) and uses a cache.
In this talk I’d like to present our solution and gather feedback for it.
Comments: * I never held a technical talk so far. So it would be awesome to go through the talk with someone outside of my team before actually holding the talk. * An outline of the slides is available here: https://docs.google.com/presentation/d/1SqnAiFThJJ6ld9XNzYDd8O3xvI3Tk-DFUl1K9ieTVvs