Module: Devise::Models::TokenAuthenticatable

Extended by:

ActiveSupport::Concern

Defined in:

lib/devise/models/token_authenticatable.rb

Overview

The TokenAuthenticatable module is responsible for generating an authentication token and validating the authenticity of the same while signing in.

This module only provides a few helpers to help you manage the token, but it is up to you to choose how to use it. For example, if you want to have a new token every time the user saves his account, you can do the following:

before_save :reset_authentication_token

On the other hand, if you want to generate token unless one exists, you should use instead:

before_save :ensure_authentication_token

If you want to delete the token after it is used, you can do so in the after_token_authentication callback.

APIs

If you are using token authentication with APIs and using trackable. Every request will be considered as a new sign in (since there is no session in APIs). You can disable this by creating a before filter as follow:

before_filter :skip_trackable

def skip_trackable
  request.env['devise.skip_trackable'] = true
end

Options

TokenAuthenticatable adds the following options to devise_for:

* +token_authentication_key+: Defines name of the authentication token params key. E.g. /users/sign_in?some_key=...

Defined Under Namespace

Modules: ClassMethods

Class Method Summary

• .required_fields(klass) ⇒ Object

Instance Method Summary

• #after_token_authentication ⇒ Object

  Hook called after token authentication.

• #ensure_authentication_token ⇒ Object

  Generate authentication token unless already exists.

• #ensure_authentication_token! ⇒ Object

  Generate authentication token unless already exists and save the record.

• #expire_auth_token_on_timeout ⇒ Object
• #reset_authentication_token ⇒ Object

  Generate new authentication token (a.k.a. “single access token”).

• #reset_authentication_token! ⇒ Object

  Generate new authentication token and save the record.

Class Method Details

.required_fields(klass) ⇒ Object

# File 'lib/devise/models/token_authenticatable.rb', line 42

def self.required_fields(klass)
  [:authentication_token]
end

Instance Method Details

#after_token_authentication ⇒ Object

Hook called after token authentication.

# File 'lib/devise/models/token_authenticatable.rb', line 68

def after_token_authentication
end

#ensure_authentication_token ⇒ Object

Generate authentication token unless already exists.

# File 'lib/devise/models/token_authenticatable.rb', line 58

def ensure_authentication_token
  reset_authentication_token if authentication_token.blank?
end

#ensure_authentication_token! ⇒ Object

Generate authentication token unless already exists and save the record.

# File 'lib/devise/models/token_authenticatable.rb', line 63

def ensure_authentication_token!
  reset_authentication_token! if authentication_token.blank?
end

#expire_auth_token_on_timeout ⇒ Object

# File 'lib/devise/models/token_authenticatable.rb', line 71

def expire_auth_token_on_timeout
  self.class.expire_auth_token_on_timeout
end

#reset_authentication_token ⇒ Object

Generate new authentication token (a.k.a. “single access token”).

# File 'lib/devise/models/token_authenticatable.rb', line 47

def reset_authentication_token
  self.authentication_token = self.class.authentication_token
end

#reset_authentication_token! ⇒ Object

Generate new authentication token and save the record.

# File 'lib/devise/models/token_authenticatable.rb', line 52

def reset_authentication_token!
  reset_authentication_token
  save(:validate => false)
end