Reputation: 1488
Devise token auth giving stale tokens
I've spent far too long trying to figure this out and google has been less than helpful. I'm using the devise-token-auth gem with ng-token-auth on the client to do token authentication, and after sign-in it keeps feeding me a stale token. Specifically, the last token that was used for the user, even though a new token is returned and stored in a cookie. To make things more befuddling, if I refresh the page, I suddenly get the correct token and authentication works as expected. This was all working last week just fine, so I'm a bit beside myself on what I changed that could have possibly caused this to happen. Has anyone seen this before or now what is causing this. It's driving me insane.
initializer/devise_token_auth.rb
DeviseTokenAuth.setup do |config|
config.change_headers_on_each_request = false
config.default_confirm_success_url = "confirmed"
remove_tokens_after_password_reset = true
config.token_lifespan = 24.hours
end
routes.rb
mount_devise_token_auth_for 'User', at: 'api/auth'
I'm really not sure what is going on or why it is torturing me like this. Any help is greatly appreciated. If there is any code that I didn't include that helps in answering this question, let me know.
Upvotes: 3
Views: 1044
Answers (1)
Reputation: 1488
I'm not sure if this is the best way to have fixed this issue, but I managed to fix it in the client by injecting ipCookies and checking to use that if the request config headers are null. After signing in the config would be null, but the cookie would be present. So to prevent any issues I also check if the cookie is present and if so, then I use those. I'm not sure I like this solution, but it works.
var injector = angular.injector(['ipCookie']);
var cookies = injector.get('ipCookie');
var auth_headers = cookies('auth_headers');
if ((config.headers['access-token'] || auth_headers['access-token']) && !$httpProvider.defaults.headers.common['access-token']) {
$httpProvider.defaults.headers.common['Access-Token'] = config.headers['access-token'] || auth_headers['access-token'];
$httpProvider.defaults.headers.common['Token-Type'] = config.headers['token-type'] || auth_headers['token-type'];
$httpProvider.defaults.headers.common['Client'] = config.headers['client'] || auth_headers['client'];
$httpProvider.defaults.headers.common['Expiry'] = config.headers['expiry'] || auth_headers['expiry'];
$httpProvider.defaults.headers.common['Uid'] = config.headers['uid'] || auth_headers['uid'];
}
Upvotes: 1
Related Questions
- Understanding the Rails Authenticity Token
- SPA best practices for authentication and session management
- Custom sign_up route for devise-token-auth sign_up
- Unable to use Normal Devise Helper Methods with Devise_Token_Auth?
- devise token auth + Save Facebook info
- ng-token-auth no access control
- How to access devise token auth registration controller?
- Custom devise api token auth
- Customising the Devise :authenticate_user filter to also check for auth tokens
- Automatically generate Devise Authenticity Token on sign up