devise-token-auth
  • Installation
  • Configuration
    • Initializer Settings
    • OmniAuth
    • Email Authentication
    • Customizing Devise Verbiage
    • Cross Origin Requests (CORS)
  • Usage
    • Mounting Routes
    • Controller Integration
    • Model Integration
    • Using Multiple User Classes
    • Excluding Modules
    • Custom Controller/Email Overrides
    • Reset password flow
    • Testing
  • FAQ
  • Conceptual Diagrams
    • Token Management
    • Batch Requests
  • Security
Powered by GitBook
On this page
  • I have missing headers or issues with batch requests
  • Can I use this gem alongside standard Devise?
  • config/initializers/devise_token_auth.rb
  • config/routes.rb
  • Another method for using this gem alongside standard Devise (updated May 2018)
  • controllers/api/v1/application_controller.rb
  • controllers/admin/application_controller.rb
  • controllers/application_controller.rb
  • config/initializers/devise_token_auth.rb
  • Why are the new routes included if this gem doesn't use them?
  • I'm having trouble using this gem alongside ActiveAdmin...
  • How can I use this gem with Grape?
  • How can I use this gem with Solidus/Spree?
  • I already have a user, how can I add the new fields?
  • I want to add a new param for sign up and account update

FAQ

PreviousTestingNextConceptual Diagrams

Last updated 3 years ago

I have missing headers or issues with batch requests

Try disabling change_headers_on_each_request, it's a nice to have security enhancement but not crucial. If you are curious, you can check how we

Can I use this gem alongside standard Devise?

Yes! But you will need to enable the support of separate routes for standard Devise. So do something like this:

config/initializers/devise_token_auth.rb

DeviseTokenAuth.setup do |config|
  config.enable_standard_devise_support = true
end

config/routes.rb

Rails.application.routes.draw do

  # standard devise routes available at /users
  # NOTE: make sure this comes first!!!
  devise_for :users

  # token auth routes available at /api/v1/auth
  namespace :api do
    scope :v1 do
      mount_devise_token_auth_for 'User', at: 'auth'
    end
  end

end

Another method for using this gem alongside standard Devise (updated May 2018)

Some users have been experiencing issues with using this gem alongside standard Devise, with the config.enable_standard_devise_support = true method.

controllers/api/v1/application_controller.rb

Child application controller for your API, using DeviseTokenAuth.

module Api
  module V1
    class ApplicationController < ::ApplicationController
      skip_before_action :verify_authenticity_token
      include DeviseTokenAuth::Concerns::SetUserByToken
    end
  end
end

controllers/admin/application_controller.rb

Child application controller for full stack section, using standard Devise.

module Admin
  class ApplicationController < ::ApplicationController
    before_action :authenticate_admin!
  end
end

controllers/application_controller.rb

The base application controller file. If you're using CSRF token protection, you can skip it in the API specific application controller (api/v1/application_controller.rb).

class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception
end

config/initializers/devise_token_auth.rb

Keep the enable_standard_devise_support configuration commented out or set to false.

# config.enable_standard_devise_support = false

Why are the new routes included if this gem doesn't use them?

Removing the new routes will require significant modifications to devise. If the inclusion of the new routes is causing your app any problems, post an issue in the issue tracker and it will be addressed ASAP.

The solution is to use two separate ApplicationController classes - one for your API, and one for ActiveAdmin. Something like this:

# app/controllers/api_controller.rb
# API routes extend from this controller
class ApiController < ActionController::Base
  include DeviseTokenAuth::Concerns::SetUserByToken
end

# app/controllers/application_controller.rb
# leave this for ActiveAdmin, and any other non-api routes
class ApplicationController < ActionController::Base
end

How can I use this gem with Grape?

How can I use this gem with Solidus/Spree?

I already have a user, how can I add the new fields?

  1. First, remove the migration generated by the following commandrails g devise_token_auth:install [USER_CLASS] [MOUNT_PATH] and then:.

  2. Create another fresh migration:

  # create migration by running a command like this (where `User` is your USER_CLASS table):
  # `rails g migration AddTokensToUsers provider:string uid:string tokens:text`

  def up
    add_column :users, :provider, :string, null: false, default: 'email'
    add_column :users, :uid, :string, null: false, default: ''
    add_column :users, :tokens, :text

    # if your existing User model does not have an existing **encrypted_password** column uncomment below line.
    # add_column :users, :encrypted_password, :string, null: false, default: ''

    # if your existing User model does not have an existing **allow_password_change** column uncomment below line.
    # add_column :users, :allow_password_change, :boolean, default: false

    # the following will update your models so that when you run your migration

    # updates the user table immediately with the above defaults
    User.reset_column_information

    # finds all existing users and updates them.
    # if you change the default values above you'll also have to change them here below:
    User.find_each do |user|
      user.uid = user.email
      user.provider = 'email'
      user.save!
    end

    # to speed up lookups to these columns:
    add_index :users, [:uid, :provider], unique: true
  end

  def down
    # if you added **encrypted_password** above, add here to successfully rollback
    # if you added **allow_password_change** above, add here to successfully rollback
    remove_columns :users, :provider, :uid, :tokens
  end

I want to add a new param for sign up and account update

When creating an account, add params under sign_up.

When updating your account, add params under account_update.

For example:

class RegistrationsController < DeviseTokenAuth::RegistrationsController
  before_action :configure_permitted_parameters

  protected

  def configure_permitted_parameters
    devise_parameter_sanitizer.permit(:sign_up, keys: %i(name))
    devise_parameter_sanitizer.permit(:account_update, keys: %i(name))
  end
end

Another method suggested by is to have separate child application_controller.rb files that use either DeviseTokenAuth or standard Devise, which all inherit from a base application_controller.rb file. For example, you could have an api/v1/application_controller.rb file for the API of your app (which would use Devise Token Auth), and a admin/application_controller.rb file for the full stack part of your app (using standard Devise). The idea is to redirect each flow in your application to the appropriate child application_controller.rb file. Example code below:

I'm having trouble using this gem alongside ...

For some odd reason, extends from your own app's ApplicationController. This becomes a problem if you include the DeviseTokenAuth::Concerns::SetUserByToken concern in your app's ApplicationController.

You may be interested in or .

You may be interested in .

and describe the new parameters you want to add in the configure_permitted_parameters method.

manage the tokens and batch requests
jotolo
ActiveAdmin
ActiveAdmin
GrapeTokenAuth
GrapeDeviseTokenAuth
solidus_devise_token_auth
Override the controller