config/initializers/devise_token_auth.rb
:change_headers_on_each_request
(true
)access-token
header from changing after each request. Read more.token_lifespan
(2.weeks
)token_cost
(10
)batch_request_buffer_throttle
(5.seconds
)omniauth_prefix
("/omniauth"
)default_confirm_success_url
(nil
)default_password_reset_url
(nil
)redirect_whitelist
(nil
)enable_standard_devise_support
(false
)remove_tokens_after_password_reset
(false
)default_callbacks
(true
)DeviseTokenAuth::Concerns::UserOmniauthCallbacks
concern, which has email
, uid
validations & uid
synchronization callbacks.cookie_enabled
(false
)cookie_name
("auth_cookie"
)cookie_attributes
({}
)domain
, secure
, httponly
, same_site
, expires
, encrypt
). See this Rails doc for what values can be passed to ActionDispatch::Cookies
. See this MDN doc for additional information on HTTP cookie attributes.bypass_sign_in
(true
)#active_for_authentication?
which includes confirmation check on each call (it will do it only on sign in). If you want it to be validated on each request (for example, to be able to deactivate logged in users on the fly), set it to false.send_confirmation_email
(false
)require_client_password_reset_token
(false
)config/initializers/devise.rb
. Here are some examples of what you can do in this file: