Skip to main content

Using Devise in Consumer App

Gems / Libraries • Asked by rabin prithvi

I have two applications. One is Rails API consumer app and another is a legacy PHP one - which responds with JSON API. APIs are used for user registration and login. Can I use Devise for authenticating users in consumer Rails app?


Devise is its own authentication system. If your registration API is in the PHP app, you won't be able to use it and you'll need to write your own code to handle that instead. Devise doesn't talk to APIs for authentication, just the database.

If you're putting the user authentication in the new Rails app, then you could use Devise.

Make sense?


Thank you. I understand.
My API responds with user id and user token.
I can store user id in the session store during login and clear the session during logout.
Any security is compromised by this method ?
Anything else to improve apart from just storing user id in session?


I think if that all happens server side, you should be fine. Since the session is encrypted, storing the token should be safe there. This is basically how login with mobile apps works. Make sure you're sending the token over SSL so it's not publicly accessible over the network and it's usually best to set an expiration on tokens if you can.


Thank you very much Chris.


Login or Create An Account to join the conversation.

Subscribe to the newsletter

Join 27,623+ developers who get early access to new screencasts, articles, guides, updates, and more.

    By clicking this button, you agree to the GoRails Terms of Service and Privacy Policy.

    More of a social being? We're also on Twitter and YouTube.