Reputation: 4197
How to configure Rails API to use cookies for web clients and tokens for mobile apps?
I'm developing a Rails app (with Devise) to expose an API to be consumed by both web clients (React SPA) and mobile clients (iOS and Android).
For web clients I'd like to use cookie authentication to avoid the problem of where to securely store the token (I would also use a cookie to pass the CSRF token to the web client).
For mobile apps I'd like to use some kind of token authentication to simplify and avoid the need for cookies and CSRF on those platforms.
I looked briefly at the popular gems devise-token-auth and devise-jwt which add token support to Devise but the documentation for both (see here and here) suggest that cookie auth and token auth won't work within the same controller.
How would you configure a Rails API to use cookies for web clients and tokens for mobile apps?
Upvotes: 3
Views: 758
Answers (0)
Related Questions
- Cookies without authentication ? (and cookie value)
- Using the new Devise for authentication for a mobile app
- Devise and Devise Token Auth
- Rails api and native mobile app authentication
- Devise token_authenticatable without session cookies
- Devise Rails API
- Rails api gem and devise token authentication
- API Devise JSON authentication / registrations / sessions
- Token authentication with Rails and Devise
- Implementing token authenticable with Rails and Devise