I keep seeing lots of tutorials for Rails API services where they just bring back session cookies and use lots of configuration of Devise. I'm not opposed to using Devise Token Auth but as far as I can tell, it doesn't support JWTs.
I want JWT support but also I want features like confirming/locking/unlocking accounts like Devise does. Anytime I see tutorials for JWT with silent refreshing capability (after an access token expired or is about to expire, the refresh token is used to get a new token) they are tutorials with Node.js as the back end. Devise JWT is a library that sits on top of Devise but requires a bunch of configuring of Devise and it doesn't support refresh tokens and the author of the library seems to have a weird philosophy about revoking JWTs (which defeats the purpose of JWTs in my opinion).
I feel like this should've been solved with some kind of modernized library for API only applications already or some kind of configuration with Devise or Devise Token Auth that supports access and refresh JWTs for the purpose of silent refresh.
Alternatively, is there a course that exists that goes through this with the intention of using React as the front end?
I've decided to roll my own solution. I've created a new gem called devise_jwt_auth that is essentially a JWT-based, access/silent refresh solution ported from Devise Token Auth. At this stage it isn't a mature solution but I welcome any contributors who would like to help. You can find the project here and its been published through rubygems.org so you can gem install devise_jwt_auth and use it.