devise-token-auth

Configuration

Usage

Mounting Routes

Controller Integration

Model Integration

Using Multiple User Classes

Excluding Modules

Custom Controller/Email Overrides

Have an account? Sign in

Usage

Last updated 4 months ago

Edit on GitHub

The following routes are available for use by your client. These routes live relative to the path at which this engine is mounted (auth by default). These routes correspond to the defaults used by the ng-token-auth module for AngularJS and the jToker plugin for jQuery.
path
method
purpose
/
POST
Email registration. Requires email, password, password_confirmation, and confirm_success_url params (this last one can be omitted if you have set config.default_confirm_success_url in config/initializers/devise_token_auth.rb). A verification email will be sent to the email address provided. Upon clicking the link in the confirmation email, the API will redirect to the URL specified in confirm_success_url. Accepted params can be customized using the devise_parameter_sanitizer system.
/
DELETE
Account deletion. This route will destroy users identified by their uid, access-token and client headers.
/
PUT
Account updates. This route will update an existing user's account settings. The default accepted params are password and password_confirmation, but this can be customized using the devise_parameter_sanitizer system. If config.check_current_password_before_update is set to :attributes the current_password param is checked before any update, if it is set to :password the current_password param is checked only if the request updates user password.
/sign_in
POST
Email authentication. Requires email and password as params. This route will return a JSON representation of the User model on successful login along with the access-token and client in the header of the response.
/sign_out
DELETE
Use this route to end the user's current session. This route will invalidate the user's authentication token. You must pass in uid, client, and access-token in the request headers.
/:provider
GET
Set this route as the destination for client authentication. Ideally this will happen in an external window or popup. Read more.
/:provider/callback
GET/POST
Destination for the oauth2 provider's callback uri. postMessage events containing the authenticated user's data will be sent back to the main client window from this page. Read more.
/validate_token
GET
Use this route to validate tokens on return visits to the client. Requires uid, client, and access-token as params. These values should correspond to the columns in your User table of the same names.
/password
POST
Use this route to send a password reset confirmation email to users that registered by email. Accepts email and redirect_url as params. The user matching the email param will be sent instructions on how to reset their password. redirect_url is the url to which the user will be redirected after visiting the link contained in the email.
/password
PUT
Use this route to change users' passwords. Requires password and password_confirmation as params. This route is only valid for users that registered by email (OAuth2 users will receive an error). It also checks current_password if config.check_current_password_before_update is not set false (disabled by default).
/password/edit
GET
Verify user by password reset token. This route is the destination URL for password reset confirmation. This route must contain reset_password_token and redirect_url params. These values will be set automatically by the confirmation email that is generated by the password reset request.

Cross Origin Requests (CORS)

Mounting Routes

path	method	purpose
/	POST	Email registration. Requires `email`, `password`, `password_confirmation`, and `confirm_success_url` params (this last one can be omitted if you have set `config.default_confirm_success_url` in `config/initializers/devise_token_auth.rb`). A verification email will be sent to the email address provided. Upon clicking the link in the confirmation email, the API will redirect to the URL specified in `confirm_success_url`. Accepted params can be customized using the `devise_parameter_sanitizer` system.
/	DELETE	Account deletion. This route will destroy users identified by their `uid`, `access-token` and `client` headers.
/	PUT	Account updates. This route will update an existing user's account settings. The default accepted params are `password` and `password_confirmation`, but this can be customized using the `devise_parameter_sanitizer` system. If `config.check_current_password_before_update` is set to `:attributes` the `current_password` param is checked before any update, if it is set to `:password` the `current_password` param is checked only if the request updates user password.
/sign_in	POST	Email authentication. Requires `email` and `password` as params. This route will return a JSON representation of the `User` model on successful login along with the `access-token` and `client` in the header of the response.
/sign_out	DELETE	Use this route to end the user's current session. This route will invalidate the user's authentication token. You must pass in `uid`, `client`, and `access-token` in the request headers.
/:provider	GET	Set this route as the destination for client authentication. Ideally this will happen in an external window or popup. Read more.
/:provider/callback	GET/POST	Destination for the oauth2 provider's callback uri. `postMessage` events containing the authenticated user's data will be sent back to the main client window from this page. Read more.
/validate_token	GET	Use this route to validate tokens on return visits to the client. Requires `uid`, `client`, and `access-token` as params. These values should correspond to the columns in your `User` table of the same names.
/password	POST	Use this route to send a password reset confirmation email to users that registered by email. Accepts `email` and `redirect_url` as params. The user matching the `email` param will be sent instructions on how to reset their password. `redirect_url` is the url to which the user will be redirected after visiting the link contained in the email.
/password	PUT	Use this route to change users' passwords. Requires `password` and `password_confirmation` as params. This route is only valid for users that registered by email (OAuth2 users will receive an error). It also checks `current_password` if `config.check_current_password_before_update` is not set `false` (disabled by default).
/password/edit	GET	Verify user by password reset token. This route is the destination URL for password reset confirmation. This route must contain `reset_password_token` and `redirect_url` params. These values will be set automatically by the confirmation email that is generated by the password reset request.