Menu
So, I'm trying to use tokens with Devise (version 1.0.3 with Rails 2.3.8) to let a user log in, but I'm not entirely sure where to begin.
http://zyphdesignco.com/blog/simple-auth-token-example-with-devise
The above tutorial helped me turn on the token functionality, and showed how to generate (or delete) tokens...but the whole POINT of tokens is to use them to authorize a user, correct?
When I look at a user in the console, I can say user.authentication_token, and get something back like: "Qm1ne93n_XkgmQTvxDmm", which is all well and good...but where do I go from there?
I tried hitting the sign_in root using the following command line command:
curl -d "authentication_token=Qm1ne93n_XkgmQTvxDmm" localhost:3000/users/sign_in
And definitely didn't get a successful log in.
In the sessions controller, I see that they call:
authenticate(resource_name)
Which I'm ASSUMING is somewhere in the module:
include Devise::Controllers::InternalHelpers
which gets included, but I don't know where to look for that (it's definitely not in the source's controller folder). If I could look at how authenticate works, I could see if it even LOOKS at tokens...
DOES Devise let you actually log in with tokens, or does it just have a framework for generating them? If it does let you log in with them...HOW do you do this? Can you not use curl (i.e. does it have to be in a browser? If so, I'd hafta roll my own solution, I NEED non-browser support.). If it doesn't, how do I roll my own?
731
Simple, multi-client and secure token-based authentication for Rails. If you're building SPA or a mobile app, and you want authentication, you need tokens, not cookies. This gem refreshes the tokens on each request, and expires them in a short time, so the app is secure.
This allows all users to access the index route, but only authenticated users could access other routes in the comments controller. Note that :authenticate_user! is a method provided by Devise, so if you're using Bcrypt, you'll have to create your own custom method.
My understanding is that you can use the tokens to log in or to hit arbitrary pages that need authentication, even with cURL. If you look in config/initializers/devise.rb, there should be a line that says something like:
config.token_authentication_key = :auth_token Whatever the name of the token_authentication_key is should match what you put as the query or form parameter in your request. You used authentication_token in your example, not sure if you changed devise.rb to match that or not.
If you want to figure out how things are working internally, I would try git clone git://github.com/plataformatec/devise.git and search for the methods you need clarification of.
Here are some sample cURL requests (I made a custom Users::SessionsController that extends Devise::SessionsController and overrides the create method to handle JSON.)
class Users::SessionsController < Devise::SessionsController def create resource = warden.authenticate!(:scope => resource_name, :recall => "#{controller_path}#new") set_flash_message(:notice, :signed_in) if is_navigational_format? sign_in(resource_name, resource) respond_to do |format| format.html do respond_with resource, :location => redirect_location(resource_name, resource) end format.json do render :json => { :response => 'ok', :auth_token => current_user.authentication_token }.to_json, :status => :ok end end end end And then the cURL requests I gave:
curl -X POST 'http://localhost:3000/users/sign_in.json' -d 'user[email][email protected]&user[password]=password' -> {"response":"ok","auth_token":"ABCDE0123456789"} curl -L 'http://localhost:3000/profile?auth_token=ABCDE0123456789' -> got page that I wanted that needs authentication If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
