Usage
The following routes are available for use by your client. These routes live relative to the path at which this engine is mounted (
auth
by default). These routes correspond to the defaults used by the ng-token-auth module for AngularJS and the jToker plugin for jQuery.path | method | purpose |
/ | POST | Email registration. Requires email , password , password_confirmation , and confirm_success_url params (this last one can be omitted if you have set config.default_confirm_success_url in config/initializers/devise_token_auth.rb ). A verification email will be sent to the email address provided. Upon clicking the link in the confirmation email, the API will redirect to the URL specified in confirm_success_url . Accepted params can be customized using the devise_parameter_sanitizer system. |
/ | DELETE | Account deletion. This route will destroy users identified by their uid , access-token and client headers. |
/ | PUT | Account updates. This route will update an existing user's account settings. The default accepted params are password and password_confirmation , but this can be customized using the devise_parameter_sanitizer system. If config.check_current_password_before_update is set to :attributes the current_password param is checked before any update, if it is set to :password the current_password param is checked only if the request updates user password. |
/sign_in | POST | Email authentication. Requires email and password as params. This route will return a JSON representation of the User model on successful login along with the access-token and client in the header of the response. |
/sign_out | DELETE | Use this route to end the user's current session. This route will invalidate the user's authentication token. You must pass in uid , client , and access-token in the request headers. |
/:provider | GET | Set this route as the destination for client authentication. Ideally this will happen in an external window or popup. Read more. |
/:provider/callback | GET/POST | Destination for the oauth2 provider's callback uri. postMessage events containing the authenticated user's data will be sent back to the main client window from this page. Read more. |
/validate_token | GET | Use this route to validate tokens on return visits to the client. Requires uid , client , and access-token as params. These values should correspond to the columns in your User table of the same names. |
/password | POST | Use this route to send a password reset confirmation email to users that registered by email. Accepts email and redirect_url as params. The user matching the email param will be sent instructions on how to reset their password. redirect_url is the url to which the user will be redirected after visiting the link contained in the email. |
/password | PUT | Use this route to change users' passwords. Requires password and password_confirmation as params. This route is only valid for users that registered by email (OAuth2 users will receive an error). It also checks current_password if config.check_current_password_before_update is not set false (disabled by default). |
/password/edit | GET | Verify user by password reset token. This route is the destination URL for password reset confirmation. This route must contain reset_password_token and redirect_url params. These values will be set automatically by the confirmation email that is generated by the password reset request. |
/confirmation | POST | Re-sends confirmation email. Requires email and accepts redirect_url params (this last one can be omitted if you have set config.default_confirm_success_url in config/initializers/devise_token_auth.rb ). |
Last modified 3yr ago