Skip to content
SDKs · RubyIn developmentView source

rootherald

Server-side SDK for Ruby 3.1+. Default path: server→server Background-Check attest (appraise client evidence with your rh_sk_ secret key, verdict returned directly). Also verifies portable tokens against your project's JWKS. Pure Ruby — depends only on jwt and faraday.

In development

This SDK is implemented but not yet published to its package registry. Until it ships, mint attestation tokens on the device and verify them server-side with @rootherald/node (or any available server SDK). The API shown below is the planned surface and may change before release.

Install

Gemfileruby
gem "rootherald"
bashbash
bundle install
# or, without bundler:
gem install rootherald

Verify a token

app.rbruby
require "rootherald"

client = RootHerald::Client.new(
  issuer: "https://rootherald.io/myorg",
  jwks_uri: "https://rootherald.io/myorg/.well-known/jwks.json"
)
claims = client.verify_token(token)
proceed_with_signup if claims.verdict == RootHerald::Verdict::PASS

Rails integration

config/initializers/rootherald.rbruby
RootHerald::Guard.client = RootHerald::Client.new(
  issuer: ENV.fetch("ROOTHERALD_ISSUER"),
)
app/controllers/signups_controller.rbruby
class SignupsController < ApplicationController
  include RootHerald::Guard
  guard_device :create, action: "signup"

  def create
    user = User.create!(device_id: rootherald_claims.device_id)
    render json: { id: user.id }
  end
end

Pass deny_on_warn: true to guard_device to reject WARN verdicts in addition to FAIL.