Module: Devise::Models::TokenAuthenticatable

Extended by:
ActiveSupport::Concern
Defined in:
lib/devise/models/token_authenticatable.rb

Overview

The TokenAuthenticatable module is responsible for generating an authentication token and validating the authenticity of the same while signing in.

This module only provides a few helpers to help you manage the token, but it is up to you to choose how to use it. For example, if you want to have a new token every time the user saves his account, you can do the following:

before_save :reset_authentication_token

On the other hand, if you want to generate token unless one exists, you should use instead:

before_save :ensure_authentication_token

If you want to delete the token after it is used, you can do so in the after_token_authentication callback.

APIs

If you are using token authentication with APIs and using trackable. Every request will be considered as a new sign in (since there is no session in APIs). You can disable this by creating a before filter as follow:

before_filter :skip_trackable

def skip_trackable
  request.env['devise.skip_trackable'] = true
end

Options

TokenAuthenticatable adds the following options to devise_for:

* +token_authentication_key+: Defines name of the authentication token params key. E.g. /users/sign_in?some_key=...

Defined Under Namespace

Modules: ClassMethods

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.required_fields(klass) ⇒ Object



42
43
44
# File 'lib/devise/models/token_authenticatable.rb', line 42

def self.required_fields(klass)
  [:authentication_token]
end

Instance Method Details

#after_token_authenticationObject

Hook called after token authentication.



68
69
# File 'lib/devise/models/token_authenticatable.rb', line 68

def after_token_authentication
end

#ensure_authentication_tokenObject

Generate authentication token unless already exists.



58
59
60
# File 'lib/devise/models/token_authenticatable.rb', line 58

def ensure_authentication_token
  reset_authentication_token if authentication_token.blank?
end

#ensure_authentication_token!Object

Generate authentication token unless already exists and save the record.



63
64
65
# File 'lib/devise/models/token_authenticatable.rb', line 63

def ensure_authentication_token!
  reset_authentication_token! if authentication_token.blank?
end

#expire_auth_token_on_timeoutObject



71
72
73
# File 'lib/devise/models/token_authenticatable.rb', line 71

def expire_auth_token_on_timeout
  self.class.expire_auth_token_on_timeout
end

#reset_authentication_tokenObject

Generate new authentication token (a.k.a. “single access token”).



47
48
49
# File 'lib/devise/models/token_authenticatable.rb', line 47

def reset_authentication_token
  self.authentication_token = self.class.authentication_token
end

#reset_authentication_token!Object

Generate new authentication token and save the record.



52
53
54
55
# File 'lib/devise/models/token_authenticatable.rb', line 52

def reset_authentication_token!
  reset_authentication_token
  save(:validate => false)
end