Using Devise in Consumer App
I have two applications. One is Rails API consumer app and another is a legacy PHP one - which responds with JSON API. APIs are used for user registration and login. Can I use Devise for authenticating users in consumer Rails app?
Devise is its own authentication system. If your registration API is in the PHP app, you won't be able to use it and you'll need to write your own code to handle that instead. Devise doesn't talk to APIs for authentication, just the database.
If you're putting the user authentication in the new Rails app, then you could use Devise.
Thank you. I understand.
My API responds with user id and user token.
I can store user id in the session store during login and clear the session during logout.
Any security is compromised by this method ?
Anything else to improve apart from just storing user id in session?
I think if that all happens server side, you should be fine. Since the session is encrypted, storing the token should be safe there. This is basically how login with mobile apps works. Make sure you're sending the token over SSL so it's not publicly accessible over the network and it's usually best to set an expiration on tokens if you can.