token lifespan is not working with devise auth token gem and devise in rails grape api

Question

I have a rails-grape api application that has been authenticated with devise. Now I am trying to implement auto-session timeout with the apis. For that I have implemented the devise_auth_token gem.

My devise_auth_token.rb

DeviseTokenAuth.setup do |config|
  config.change_headers_on_each_request = false
  config.token_lifespan = 60.seconds
  config.batch_request_buffer_throttle = 30.seconds
end

I have run the install command as it was mentioned in the docs.

rails g devise_token_auth:install User auth

I have updated my migration file like:

 class DeviseTokenAuthCreateUsers < ActiveRecord::Migration[5.2]
  def change
   ## Required
   add_column :users, :provider, :string, null: false, default: "email"
   add_column :users, :uid, :string, null: false, default: ""

   ## Tokens
   add_column :users, :tokens, :json
   add_index :users, [:uid, :provider], unique: true
  end
end

My routes.rb

devise_for :users, ActiveAdmin::Devise.config
 # token auth routes available at /api/v1/auth
  namespace :api do
    scope :v1 do
      mount_devise_token_auth_for 'User', at: 'auth'
    end
  end

As you can see that I have kept the token_lifespan to 60 seconds. but even after I am inactive for almost 5 minutes, my session is not expiring. I need help to understand that what I am missing/doing wrong here. Any help will be highly appreciated.

Thanks in advance.

Answer 1

As far as I remember session expire functionality works only with config.change_headers_on_each_request = true

Watch this https://github.com/lynndylanhurley/devise_token_auth/issues/573