search

mcordell / grape_token_auth

Token auth for grape apps
MIT License
52 stars 19 forks source link

Resource should not generate a new token after signout #19

Closed frobichaud closed 8 years ago

frobichaud commented 8 years ago

The var Configuration::CLIENT_KEY maps to 'client' but in our case it should be 'HTTP_CLIENT'

resource.tokens.delete returns nil:

resource.tokens.delete(env[Configuration::CLIENT_KEY])

While this succeeds:

resource.tokens.delete(env['HTTP_CLIENT])
frobichaud commented 8 years ago

There's also a bug in the Middleware

responses_with_auth_headers

Should not be called on /sign_out. It creates a new token on the resource.

mcordell commented 8 years ago

I'm breaking this issue up into several issues, I think that this comment is a true bug and therefore this issue name was changed to reflect that.