The devise-api gem is a convenient way to add authentication to your Ruby on Rails application using the devise gem. It provides support for access tokens and refresh tokens, which allow you to authenticate API requests and keep the user's session active for a longer period of time on the client side
In app/controllers/api/devise/tokens_controller.rb#refresh was causing AbstractController::DoubleRenderError when access_token is revoked due to a missing return.
if current_devise_api_refresh_token.revoked?
error_response = Devise::Api::Responses::ErrorResponse.new(request, error: :revoked_token,
resource_class: resource_class)
return render json: error_response.body, status: error_response.status
end
In spec/requests/token_spec.rb some refresh_token tests was passing access_token in headers
before do
post refresh_user_tokens_path, headers: authentication_headers_for(user, devise_api_token, :refresh_token), as: :json
end
In
app/controllers/api/devise/tokens_controller.rb#refresh
was causingAbstractController::DoubleRenderError
whenaccess_token
is revoked due to a missing return.In
spec/requests/token_spec.rb
somerefresh_token
tests was passingaccess_token
in headers