Reputation: 598
Rails: why does simple_token_authentication validate every request?
I'm using the simple_token_authentication gem. I've got it working server-side and I've set the proper authorization headers client-side. While looking at the logs, I've noticed a User look-up for every request, which in some situations i.e while using an autocomplete form (which is not on an authenticated page), is not required. The user look-ups look like this:
User Load (1.1ms) SELECT "users".* FROM "users" WHERE "users"."email" = $1 ORDER BY "users"."id" ASC LIMIT $2 [["email", "[email protected]"], ["LIMIT", 1]]
I must not be understanding the entire concept of how this style of authentication works. What is the intention behind doing this?
Upvotes: 0
Views: 129
Answers (1)
Reputation: 3984
Token based authentications are stateless. Every time you want to authenticate, you need to send the token, as Header for example.
So the backend always looks for the token and tries to load the User. Even though your auto complete endpoint doesn't need authentication, but you're probably sending a token with that request. And backend is trying to load a user for that.
Upvotes: 1
Related Questions
- How do you use authenticate_with_http_token with rails-api?
- Why authenticate_with_http_token doesn't work?
- basic auth with rails-api
- authenticate_or_request_with_http_token never pass
- Rails authenticity_token cannot be verified when submitting requests to API::V1 module controllers
- How to use the `authenticate_or_request_with_http_token` method
- Authenticating to an API with a token
- rails-api authentication by header's token
- Rails-api HTTP token authentication
- In Ruby on Rails Restful Authentication, why does current_user check the HTTP username and password?