Ask A Question

Notifications

You’re not receiving notifications from this thread.

Using Devise in Consumer App

rabin prithvi asked in Gems / Libraries

I have two applications. One is Rails API consumer app and another is a legacy PHP one - which responds with JSON API. APIs are used for user registration and login. Can I use Devise for authenticating users in consumer Rails app?

Reply

Devise is its own authentication system. If your registration API is in the PHP app, you won't be able to use it and you'll need to write your own code to handle that instead. Devise doesn't talk to APIs for authentication, just the database.

If you're putting the user authentication in the new Rails app, then you could use Devise.

Make sense?

Reply

Thank you. I understand.
My API responds with user id and user token.
I can store user id in the session store during login and clear the session during logout.
Any security is compromised by this method ?
Anything else to improve apart from just storing user id in session?

Reply

I think if that all happens server side, you should be fine. Since the session is encrypted, storing the token should be safe there. This is basically how login with mobile apps works. Make sure you're sending the token over SSL so it's not publicly accessible over the network and it's usually best to set an expiration on tokens if you can.

Reply

Thank you very much Chris.

Reply
Join the discussion
Create an account Log in

Want to stay up-to-date with Ruby on Rails?

Join 87,563+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.