JWT
Issue and verify JWTs for authenticated sessions.
This page documents the current Ruby port behavior. Ruby uses snake_case option names and auth.api method names; HTTP paths and JSON keys keep the upstream wire shape where implemented.
Configure
require "better_auth"
auth = BetterAuth.auth(
secret: ENV.fetch("BETTER_AUTH_SECRET"),
base_url: ENV.fetch("BETTER_AUTH_URL", "http://localhost:3000"),
plugins: [
BetterAuth::Plugins.jwt(jwt: { issuer: "https://auth.example.com", audience: "api" })
]
)Usage
issued = auth.api.get_token(
headers: { "cookie" => request.env["HTTP_COOKIE"] }
)
verified = auth.api.verify_jwt(
body: { token: issued[:token], issuer: "https://auth.example.com" }
)
signed = auth.api.sign_jwt(
body: { payload: { sub: "manual", aud: "api" } }
)
jwks = auth.api.get_jwksRoutes
| Method | Path | Ruby API method |
|---|---|---|
GET | /token | auth.api.get_token |
GET | /jwks | auth.api.get_jwks |
Options
Current Ruby options accepted by BetterAuth::Plugins.jwt:
disable_setting_jwt_headerjwtdefine_payloadget_subjectexpiration_timeissueraudiencesignadapter
Support Notes
- The examples above are based on Ruby plugin source and tests in
packages/better_auth. - If an upstream section is not represented here, treat it as not yet documented or not yet supported by the Ruby port until the matching Ruby implementation exists.