Devise::TokenAuthenticatable
This gem provides the extracted Token Authenticatable module of devise. It includes the functionality that was also in version 3.1.2 of devise. With the inclusion of this module a user is able to sign in via an authentication token. This token can be given via a query string or HTTP Basic Authentication. See the hint below to understand which version of this gem supports which version of devise.
Use this gem as a starting point for your own token authentication mechanism for devise. Furthermore, if you need token authentication in connection with newer devise releases this gem might be an appropriate solution, too.
Installation
Add this line to your application's Gemfile:
gem 'devise-token_authenticatable'
And then execute:
$ bundle
Or install it yourself as:
$ gem install devise-token_authenticatable
Which version to use for which version of devise?
devise-token_authenticatable | devise |
---|---|
~> 0.1 |
~> 3.2.0 |
~> 0.2 |
~> 3.3.0 |
~> 0.3 |
~> 3.4.0 |
~> 0.4.0 , < 0.4.9
|
~> 3.5.0 , < 3.5.2
|
~> 0.4.9 |
~> 3.5.2 |
~> 0.5.x , <= 1.0.2
|
>= 4.0.0 , < 4.6.0
|
~> 1.1.0 |
>= 4.0.0 , < 5.0.0
|
Usage
Create needed columns with corresponding migration:
def change
add_column :users, :authentication_token, :text
add_column :users, :authentication_token_created_at, :datetime
add_index :users, :authentication_token, unique: true
end
Add :token_authenticatable
to your devise model:
class User < ActiveRecord::Base
devise :database_authenticatable, :token_authenticatable
end
Configuration
This gem can be configured as shown in the following:
Devise::TokenAuthenticatable.setup do |config|
# enables the expiration of a token after a specified amount of time,
# requires an additional field on the model: `authentication_token_created_at`
# defaults to nil
config.token_expires_in = 1.day
# set the authentication key name used by this module,
# defaults to :auth_token
config.token_authentication_key = :other_key_name
# enable reset of the authentication token before the model is saved,
# defaults to false
config.should_reset_authentication_token = true
# enables the setting of the authentication token - if not already - before the model is saved,
# defaults to false
config.should_ensure_authentication_token = true
end
Enable devise's HTTP Auth for the token strategy as shown below:
# initializers/devise.rb
Devise.setup do |config|
# ...
config.http_authenticatable = true
# or
config.http_authenticatable = [:token]
# ...
end
Troubleshooting
Using a new user's auth token does not result in invalidating an old users session. How can I ignore session storage when using token authentication?
Add :token_auth
to your devise configuration:
Devise.setup do |config|
config.skip_session_storage = [:http_auth, :token_auth]
end
Documentation
For your convenience there is also a source code documentation.
Contributing
- Fork it.
- Create your feature branch (
git checkout -b my-new-feature
). - Commit your changes (
git commit -am 'Add some feature'
). - Push to the branch (
git push origin my-new-feature
). - Create new Pull Request.
- Get a thank you!