Boulangerie is a Ruby gem for building authorization systems using Macaroons, a better kind of cookie.
This gem provides an opinionated, high-level interface designed to simplify integration of Macaroons into any authorization scenario.
Macaroons are a new cookie-like bearer credential format originally developed at Google, then popularized by the HyperDex project, which uses Macaroons for authorization.
They can be seen as a simpler yet more powerful alternative to other bearer credential formats like JWT. Unlike most other bearer credential formats, Macaroons bind credentials obtained by multiple parties together cryptographically, allowing authorization decisions to be made by many parties (3+) while eliminating the types of attacks that are typically uses against other credential formats in these scenarios.
Add this line to your application's Gemfile:
gem "boulangerie"
And then execute:
$ bundle
Or install it yourself as:
$ gem install boulangerie
Please see the boulangerie-rails gem for instructions on how to use Boulangerie with Rails.
Boulangerie is used best to provide domain-object specific access tokens. Where other access control systems place great focus on making everything user/identity-centric, Macaroons are authorization-centric, and work best when you describe access control in terms of properties of the objects for which the credential authorizes access.
Boulangerie supports the use of more than key simultaneously for the purposes of key rotation.
To create a new keyring, do the following:
keyring = Boulangerie::Keyring.new(
keys: YAML.load_file("mykeys.yaml")
key_id: "k1"
)
This library supports and is tested against the following Ruby versions:
- Ruby (MRI) 2.0, 2.1, 2.2, 2.3
- JRuby 9000
- Fork this repository on GitHub
- Make your changes and send us a pull request
- If we like them we'll merge them
- If we've accepted a patch, feel free to ask for commit access
Copyright (c) 2015-2016 Tony Arcieri. Distributed under the MIT License. See LICENSE.txt for further details.