Ask A Question

Notifications

You’re not receiving notifications from this thread.

API Tokens with Devise Token Authenticatable Discussion

Yes!! I have been waiting for this one. I need to watch it still, but thanks!

Reply

Fantastic video Chris!

Question: Is this what websites use when you get an email from them for say, update your password, and when you click the link in the email it takes you directly to your user account not having to login at all. (Assuming that your cookies haven't recently been cleared and the browser isn't using those.)

Reply

Exactly! Devise uses a "reset_password_token" that gets sent over email to you. When you click the link, the token is in the url and then gets put in the new password form. When you submit the form, it looks up your user by that token and then updates your password and signs you in.

Reply

Thanks for a great article! I've been looking for something like this for a while. Something i would love if someone could cover is also how to use my Rails app as a backend for my mobile app. This would go a long way of course but how do you login via a Rails api the first time when you might not have this token saved? this is a question i have been looking for an answer to for a while.

Reply

You would have to have an API endpoint for user creation that doesn't require an API key. It would be just like having a form on a website more or less. Check this out for a decent example on how to build an endpoint like this: http://stackoverflow.com/a/...

Reply

I'm in the same boat, ideally devise, doorkeeper, and omniauth for third party api called layer.com for android has been a grind to find help on.

Reply

I have two applications. One is Rails API consumer app and another is a legacy Php one which responds with JSON API. APIs are used for user registration and login. Can I use Devise for authenticatiing users in consumer app?

Reply

Devise and doorkeeper in rails 4 for third party api services for android would be amazing.

FYI, layer.com is the api I'm talking about.

Reply

I have a user created with the authentication token from my web sign up flow, now how do I check for a valid user_id and password combination from my mobile Login flow?
Once I have the auth_token, I can make all the requests, but I am unable to do that.

Reply

@excid3:disqus any thoughts on this?

Reply

Chris, when the server responses either to login action or any loggedin action later on how the token gets saved in the client browser (assuming you are using request.headers instead of params)? How does this differ from the html request version?

Reply

How do you return the token via JSON to the user after signing in in devise?

Reply
Join the discussion
Create an account Log in

Want to stay up-to-date with Ruby on Rails?

Join 86,946+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.