How to enable "Remember Me" feature in gem devise_token_auth?

Question

I'm using the gem devise_token_auth for authentication in my Ruby on Rails web application. I would like to know how to implement the "Remember Me" feature when using devise_token_auth.

By default, when I make a request with the remember_me field set to true or '1', the "Remember Me" functionality does not seem to work. Here is an example of the login request:

POST http://localhost:3000/auth/sign_in
{
    "email": "....",
    "password": "...",
    "remember_me": true
}

I have reviewed the configurations but haven't found any suitable options for enabling the "Remember Me" feature in devise_token_auth.

Could someone please guide me on how to properly enable the "Remember Me" functionality when using devise_token_auth? Am I missing any specific configurations or steps?

Thank you in advance for any assistance or suggestions.

Answer 1

The devise_token_auth doesn't provide such a remember-me feature for security reasons. Quote from their README:

[...] This gem refreshes the tokens on each request, and expires them in a short time, so the app is secure. [...]

But the gem allows you to configure the token lifespan, which is 2 weeks per default. In the config/initializers/devise_token_auth.rb file, you could, for example, set it to expire after one year:

DeviseTokenAuth.setup do |config|
  # [...]

  # By default, users will need to re-authenticate after 2 weeks. This setting
  # determines how long tokens will remain valid after they are issued.
  config.token_lifespan = 1.year
end