Table of Contents
- What the tokens are used for
- Where the authentication is handled
- What the models do
- Endpoints
- References
- Use it with React
- Unpermitted parameter:session issue
- Skip some routes
What the tokens are used for
access-token:
This serves as the user’s password for each request. A hashed version of this value is stored in the database for later comparison. This value should be changed on each request.
client:
This enables the use of multiple simultaneous sessions on different clients. (For example, a user may want to be authenticated on both their phone and their laptop at the same time.)
expiry:
The date at which the current session will expire. This can be used by clients to invalidate expired tokens without the need for an API request.
uid:
A unique value that is used to identify the user. This is necessary because searching the DB for users by their access token will make the API susceptible to timing attacks.
Where the authentication is handled
All authentication should be handled invisibly by the controller concerns.
Therefore, you add include DeviseTokenAuth::Concerns::SetUserByToken to the application controller.
What the models do
Models that include the DeviseTokenAuth::Concerns::User concern will have access to the public methods listed in the link below.
Endpoints
References
- Installation - devise-token-auth
- devise token auth を使って簡単に早く API を作る 1 │ Masahiro’s tech note
- (This one contains Rspec examples!!)Vieo course about devise_token_auth
Use it with React
- Building Basic React Authentication - Better category: Programming - Medium
- useAuth | useHooks
- CRUD React-Native & RoR backend with Devise Auth Token
- Great example on GitHub (1)
- Great example on GitHub (2)