Comments (2)
I suppose we'll need to track some unique token of the device and do a check to verify it matches up with the email/auth token on each request. But that will still leaves the question of having to reset the auth-token upon a successful login which has a new unique device token? Or is there a better approach?
from simple_token_authentication.
You re-commented faster than I replied ; )
The users can sign in via the API sending their email / password, right? When doing that, the request is handled by the Devise::SessionController
(or some override of it). The action that's triggered is the same Devise::SessionsController#create
that is triggered when users are not using the API (e.g. signing in from the webapp).
The question for me is: how can I identify the calls that come via the API from those which don't, so I can renew the users authentication tokens. One response could be: API requests JSON. If your webapp requests HTML, you could override that action to reset the users authentication token when responding to a JSON request.
respond_to do |format|
format.json do
# reset the user authentication token
# then do what the action uses to do
end
format.any do
# keep doing what the action uses to do
end
end
And BTW that's not directly related to Simple Token Authentication. (Nothing wrong about that!) Does that make sense to you?
Now, of course, if your webapp makes JSON requests to the API (e.g. it's an Ember.js app), then we need to find a way to identify requests that come from users mobile devices... And I don't see in this scenario why you would need to identify each device (as long as you know it's a mobile device, or a user-can't-sign-in-from-two-of-those-at-the-same-time device).
from simple_token_authentication.
Related Issues (20)
- Is that gem work with API? HOT 4
- Mongoid does support Rails 6 now/soon HOT 3
- uninitialized constant SimpleTokenAuthentication::Adapters HOT 5
- Gem doesn't protect data?
- separate registration and signin so no token is received by client when registering
- how to auth 2 different models with same alias ?
- acts_as_token_authenticatable causes a DEPRECATION WARNING
- Q: How to do not require user_email? HOT 1
- Getting 401 unauthorized Error
- Where should I store the token on the frontend? HOT 3
- Entering fallback! with token_correct? set to true HOT 1
- 406 Errors on Authentication Test
- The mongoid range of supported versions needs review
- Discussions are set up! HOT 1
- Identify support requests, feature requests in issues and pull requests HOT 1
- Update the contributing guidelines to mention Discussions etc.
- Add (actual) example of maintenance trade-off for discussion HOT 1
- split responsibilities of acts_as_token_authentication_handler_for method HOT 1
- Rails 7 support? HOT 30
- Can we use JWT as a user token?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from simple_token_authentication.