Security

devise-token-auth

Search…

Installation

Configuration

This gem takes the following steps to ensure security.
This gem uses auth tokens that are:
​changed after every request (can be turned off),
​of cryptographic strength,
hashed using BCrypt (not stored in plain-text),
securely compared (to protect against timing attacks),
invalidated after 2 weeks (thus requiring users to login again)
These measures were inspired by this stackoverflow post.
This gem further mitigates timing attacks by using this technique.
But the most important step is to use HTTPS. You are on the hook for that.

Token Management

Last modified 4yr ago

Copy link