Reputation: 295
API Authentication using Devise (Ruby on Rails)
I'm trying to add Authentication via json in my project using devise configuration :token_authenticatable.
I have the working sessions_controller#create code which was taken from this article - http://blog.codebykat.com/2012/07/23/remote-api-authentication-with-rails-3-using-activeresource-and-devise/
def create
build_resource
resource = User.find_for_database_authentication(:email => params[:email])
return invalid_login_attempt unless resource
if resource.valid_password?(params[:password])
resource.ensure_authentication_token! #make sure the user has a token generated
render :json => { :authentication_token => resource.authentication_token, :user_id => resource.id }, :status => :created
return
end
end
def invalid_login_attempt
warden.custom_failure!
render :json => { :errors => ["Invalid email or password."] }, :success => false, :status => :unauthorized
end
The problem is that native devise sessions_controller#create looks like this
def create
self.resource = warden.authenticate!(auth_options)
set_flash_message(:notice, :signed_in) if is_navigational_format?
sign_in(resource_name, resource)
respond_with resource, :location => after_sign_in_path_for(resource)
end
And i don't know how to combine this two create methods to have authentication working on website and via json too?
UPDATE
The working code
def create
respond_to do |format|
format.json do
build_resource
resource = User.find_for_database_authentication(:email => params[:email])
return invalid_login_attempt unless resource
if resource.valid_password?(params[:password])
resource.ensure_authentication_token! #make sure the user has a token generated
render json: { authentication_token: resource.authentication_token, user_id: resource.id }, status: :created
return
end
end
format.html do
self.resource = warden.authenticate!(auth_options)
set_flash_message(:notice, :signed_in) if is_navigational_format?
sign_in(resource_name, resource)
respond_with resource, :location => after_sign_in_path_for(resource)
end
end
end
Upvotes: 9
Views: 9820
Answers (1)
Reputation: 22899
You want your SessionsController#create method to look something like this:
class Users::SessionsController < Devise::SessionsController
def create
resource = warden.authenticate!(scope: resource_name, recall: "#{controller_path}#new")
set_flash_message(:notice, :signed_in) if is_navigational_format?
sign_in(resource_name, resource)
respond_to do |format|
format.html do
respond_with resource, location: redirect_location(resource_name, resource)
end
format.json do
render json: { response: 'ok', auth_token: current_user.authentication_token }.to_json, status: :ok
end
end
end
end
...and make sure you've configured devise to use the token authentication key your clients will pass along.
Upvotes: 8
Related Questions
- How to use devise gem for authentication in API-only Rails application
- Setting up an API using Devise for authentication
- How to use Devise for authentication when using an API
- How do I authenticate using Devise in a Rails REST API App?
- Creating authentication API on ruby on rails
- Devise Rails API
- Rails api gem and devise token authentication
- Using devise to authenticate a API login request via JSON
- API signin to generate token using devise in rails 4
- rails authentication for an API