You’re not receiving notifications from this thread.
API Tokens with Devise Token Authenticatable Discussion
Yes!! I have been waiting for this one. I need to watch it still, but thanks!
Fantastic video Chris!
Question: Is this what websites use when you get an email from them for say, update your password, and when you click the link in the email it takes you directly to your user account not having to login at all. (Assuming that your cookies haven't recently been cleared and the browser isn't using those.)
Exactly! Devise uses a "reset_password_token" that gets sent over email to you. When you click the link, the token is in the url and then gets put in the new password form. When you submit the form, it looks up your user by that token and then updates your password and signs you in.
Thanks for a great article! I've been looking for something like this for a while. Something i would love if someone could cover is also how to use my Rails app as a backend for my mobile app. This would go a long way of course but how do you login via a Rails api the first time when you might not have this token saved? this is a question i have been looking for an answer to for a while.
You would have to have an API endpoint for user creation that doesn't require an API key. It would be just like having a form on a website more or less. Check this out for a decent example on how to build an endpoint like this: http://stackoverflow.com/a/...
I have two applications. One is Rails API consumer app and another is a legacy Php one which responds with JSON API. APIs are used for user registration and login. Can I use Devise for authenticatiing users in consumer app?
Devise and doorkeeper in rails 4 for third party api services for android would be amazing.
FYI, layer.com is the api I'm talking about.
I have a user created with the authentication token from my web sign up flow, now how do I check for a valid user_id and password combination from my mobile Login flow?
Once I have the auth_token, I can make all the requests, but I am unable to do that.
Chris, when the server responses either to login action or any loggedin action later on how the token gets saved in the client browser (assuming you are using request.headers instead of params)? How does this differ from the html request version?