Token response flow..

[atebit]

Hey! Sorry if this is a lame question.. Any help is greatly appreciated.

have a custom controller and want it to respond to sign in with the token and can't figure out how to do so using Javascript.

sign in:

rails:

authenticates.. but I don't know how to return the token to the app for storage. :/

[gonzalo-bulnes]

Hello @atebit,

I think the answer you're looking for is now in the wiki, see #293 : )

Also just a little bit of cleaning:

act_as_token_authentication_handler_for User, fallback: :none, only: [:test] # is all you need

[atebit]

Thanks @gonzalo-bulnes !

after a bit of tinkering, this is what works on my end so that I can use auth in an api controller and not for the GUI and disrupt the main functionailty of devise.

But, I'm not so sure this is a final solution as it seems a bit hackish.. Thoughts?

[gonzalo-bulnes]

Hi @atebit,

Authentication

I would delegate the authentication to warden as shown in the wiki:

self.resource = warden.authenticate!(auth_options) # Devise does rely on Warden to authenticate, I wouldn't change that...

Comparing token or passwords for authentication is something that must be done carefully in order to avoid leaking information during the process. (That was the original purpose of writing this gem!)

With that in mind, the safe thing to do is follow Devise's lead when handling passwords, and use dedicated comparison methods when comparing authentication tokens.

If Devise's original controller delegates to Warden, I wouldn't change that.

Separate controller

You wrote a controller which responds only to the JSON requests. If it works for you and you find it more maintainable than the example from the wiki, it seems like a good idea to me.

The last thing that comes to my mind is minor: I would move the require 'json' out of the class definition - it's common usage and makes the dependency stand out:

require 'json'

module Api
  class AuthController < Devise::SessionsController
    # ...
  end
end

That's it, I hope it helps!