Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Token Authenticatable module in Devise

I'm starting using Devise in my Rails app, but the Token Authenticatable: signs in a user based on an authentication token (also known as "single access token") module puzzles me.

Is the user authenticated only for his current session? If he uses now the URL containing the token, can he re-use it at a later tine and still have access, or does he get a single access?

Can multiple users be authenticated at the same time, using the same token?

I have searched extensively for a working example; please forgive me if this is explained elsewhere. Any pointers would be more than welcomed. Thanks for your help.

like image 592
Marius Butuc Avatar asked Feb 04 '11 18:02

Marius Butuc


People also ask

What is devise token?

Simple, multi-client and secure token-based authentication for Rails. If you're building SPA or a mobile app, and you want authentication, you need tokens, not cookies. This gem refreshes the tokens on each request, and expires them in a short time, so the app is secure.


1 Answers

The short answer is: it's up to you.

This module only provides a few helpers to help you manage the token, but it is up to you to choose how to use it. For example, if you want to have a new token every time the user saves his account, you can do the following:

before_save :reset_authentication_token 

On the other hand, if you want to generate token unless one exists, you should use instead:

before_save :ensure_authentication_token 

If you want to delete the token after it is used, you can do so in the after_token_authentication callback.

See the documentation for this model at http://rdoc.info/github/plataformatec/devise/master/Devise/Models/TokenAuthenticatable.

like image 62
Michelle Tilley Avatar answered Oct 13 '22 10:10

Michelle Tilley