Menu
Currently, devise is configured to accept token authentication via URL and curl works well
curl 'http://localhost/index.json?auth_token=TOKENVALUE'
Now I'd like to pass the TOKENVALUE via HTTP header instead of URL, how can I config devise to get the TOKENVALUE from either HTTP header or URL? Such that both the above and following curl requests will work:
curl 'http://localhost/index.json' -H 'Authorization: Token token="TOKENVALUE"'
as shown in this railscast.
934
The token is a text string, included in the request header. In the request Authorization tab, select Bearer Token from the Type dropdown list. In the Token field, enter your API key value. For added security, store it in a variable and reference the variable by name.
To send a GET request with a Bearer Token authorization header, you need to make an HTTP GET request and provide your Bearer Token with the Authorization: Bearer {token} HTTP header.
The bearer token is a cryptic string, usually generated by the server in response to a login request. The client must send this token in the Authorization header when making requests to protected resources: Authorization: Bearer <token>
It seems there isn't such config in devise. But there is a solution by other person. Please see Using auth_token from request headers instead from POST/PUT parameters with Rails 3 / devise
63
First add this to your gemfile https://github.com/stvp/devise_header_token then you can add a configuration for it in your config/initializers/devise.rb
# Configuration for :token_authenticatable
# Defines name of the authentication token params key
config.token_authentication_key = 'AUTH-TOKEN'
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
