Peter Gundel wants to give this talk

JWT Multi Account Roles

My team and I are building a B2B SaaS solution based on a Rails API authenticated via JWTs. When we started, we implemented authorization via an account model. So accounts habtm users. All other models are then authorized via the account_id of each resource or its parent resources.

Then the need for user roles arose. We looked at solutions like Rolify and CanCanCan but they didn’t fit our needs (at least we think so at the moment, maybe we missed something).

Therefore, we developed a custom solution that basically has 2 classes and 3 models, only relies on a JWT (not a user to be queried) and uses a cache.

In this talk I’d like to present our solution and gather feedback for it.