-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Devise and API only configuration #4997
Comments
Hello @mits87, thanks for the issue. Unfortunately, Devise does not support API only applications out of the box. There are no plans of doing so in any time soon - the effort would be too big and we can't afford it right now. I think there are some other gems that you can include it together with devise that would help you with the things in mentioned. I don't know all of them but I do know a https://github.com/waiting-for-dev/devise-jwt, for example. |
Just wanted to share my experience with using JWT for sessions since it was mentioned here. JWT most probably isn't what you want to use. I found this oft cited article to be great advice. As always YMMV but I strongly suggest you read it. |
@mits87 I'm curious if you're still using devise for this or if you found a better alternative? I assume what you're doing is setting up a kind of authentication api service and using devise as the backend? |
I am also curious |
I ended up using devise_token_auth which uses an access token that is refreshed with every request. There are some client-side auth libraries that work with it right out of the box. I wrote a custom one which is as trivial as adding a global request interceptor to Axios for injecting the auth token into every request and reading the refreshed token from the response headers. It works very well and reliably and allows you to continue using Devise while not abusing JWT for sessions. Sorry @toomanyjoes, I'm afraid I didn't catch your earlier message 😕 |
Hello,
First of all thank you for really good job!
I use devise plugin always when I need auth layer in my application.
But my last few projects I used rails api only and always I have the same problems with devise configuration in "nice" way.
Maybe should be some option in devise config like
config.api_only = true
which will create automatically correct routes (without view routes).Now, I must doing something like this:
Currently, I must change my
ApplicationController.rb
like this:I think it should be also in gem.
And of course
api_only = true
should also disable all flash messages, redirections etc.Most of API applications use JWT authentication. I think will be really good if Devise provide some "right" solution to generate and invalidate JWT token. Maybe something like Warden JWT Auth?
Again thank you and I wish you all the best.
The text was updated successfully, but these errors were encountered: