Menu
I'm starting using Devise in my Rails app, but the Token Authenticatable: signs in a user based on an authentication token (also known as "single access token") module puzzles me.
Is the user authenticated only for his current session? If he uses now the URL containing the token, can he re-use it at a later tine and still have access, or does he get a single access?
Can multiple users be authenticated at the same time, using the same token?
I have searched extensively for a working example; please forgive me if this is explained elsewhere. Any pointers would be more than welcomed. Thanks for your help.
592
Simple, multi-client and secure token-based authentication for Rails. If you're building SPA or a mobile app, and you want authentication, you need tokens, not cookies. This gem refreshes the tokens on each request, and expires them in a short time, so the app is secure.
The short answer is: it's up to you.
This module only provides a few helpers to help you manage the token, but it is up to you to choose how to use it. For example, if you want to have a new token every time the user saves his account, you can do the following:
before_save :reset_authentication_tokenOn the other hand, if you want to generate token unless one exists, you should use instead:
before_save :ensure_authentication_tokenIf you want to delete the token after it is used, you can do so in the after_token_authentication callback.
See the documentation for this model at http://rdoc.info/github/plataformatec/devise/master/Devise/Models/TokenAuthenticatable.
62
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
