search

lynndylanhurley / devise_token_auth

Token based authentication for Rails JSON APIs. Designed to work with jToker and ng-token-auth.
Do What The F*ck You Want To Public License
3.55k stars 1.14k forks source link

token not in response header: response.headers.merge!(auth_header) doesn't seem to work #747

Open abred opened 8 years ago

abred commented 8 years ago

hello,

problem seems similar to #721, however I checked and it's working properly up to auth_header = @resource.create_new_auth_token(@client_id) (set_user_by_token.rb:118) it contains the token etc, but response.headers.merge!(auth_header) does not merge it into response.headers (response.headers is not modified after merge!) auth_header.each do | k,v| response.set_header(k,v) end works (although merge! seems to do pretty much the same?)

without the extra set_header:

{"X-Frame-Options"=>"SAMEORIGIN", "X-XSS-Protection"=>"1; mode=block", "X-Content-Type-Options"=>"nosniff", "Access-Control-Allow-Origin"=>"", "Access-Control-Request-Method"=>"", "Content-Type"=>"application/json; charset=utf-8"}

with:

{"X-Frame-Options"=>"SAMEORIGIN", "X-XSS-Protection"=>"1; mode=block", "X-Content-Type-Options"=>"nosniff", "Access-Control-Allow-Origin"=>"", "Access-Control-Request-Method"=>"", "Content-Type"=>"application/json; charset=utf-8", "access-token"=>"Tor5VzcLxECqgI96rPyQ1w", "token-type"=>"Bearer", "client"=>"Ch_C1JoCyTCS46snHKZzuA", "expiry"=>"1475885872", "uid"=>"rudi@example.com"}

devise-4.2.0 devise_token_auth-0.1.39 Rails 5.0.0.1 ruby 2.3.1p112

SmokeStackSteve commented 7 years ago

Abred,

I have been experiencing a token issue all week. I have found the following works for me.

Use devise 4.1.1

I cannot get the token in the headers with 4.2.0.

jarijokinen commented 7 years ago

Thanks @SmokeStackSteve, downgrading Devise indeed fixes this issue.

I can confirm that this issue still exists with:

devise 4.2.0 devise_token_auth 0.1.39 rails 5.0.1 ruby 2.4.0p0 rack-cors 0.4.0 both puma & webrick servers

fbove commented 7 years ago

I only had to downgrade active_model_serializers.

It works with this versions: devise 4.2.0 devise_token_auth 0.1.40 active_model_serializers 0.10.0.rc4 rails 5.0.1 rack-cors 0.4.0

Tested on puma 3.6.2

spwisner commented 7 years ago

I faced the same problem with headers not appearing. I followed the same steps as described by @fbove and downgraded the active model serializer to 0.10.0.rc4. However, when I updated the Gemfile, the Gemfile.lock did not update properly (it failed for specs). In the end, I got it to work by entering the following in my Gemfile:

gem 'rails', '~> 5.0.1'
gem 'active_model_serializers', '>0.9.7', '<0.10.0.rc5'
gem 'devise', '~> 4.0.0'
gem 'devise_token_auth', '~> 0.1.39'

Note: This solution only resolved displaying the headers for a user/admin sign-in (problem still exists with updating token)

ethagnawl commented 6 years ago

Are people still seeing this issue with Devise 4.3.0? I'm seeing an issue where I'm able to successfully make a request, but the response headers are missing all of the expected auth entries.

im-so-handsome commented 6 years ago

Hi guys, I meet this issue after installing it without restart rails. Yep, the solution for me is simply to make rails server restart.