subsequents Sign In does not add new tokens and return 401

[sebackend]

Hi, I'm using this gem in Rails 5.2.2 and the /sign_in method is just working the 1st time, after trying to call it again from postman, the application return this

Started POST "/api/v1/auth/sign_in" for 127.0.0.1 at 2018-12-13 16:04:03 -0300
Processing by DeviseTokenAuth::SessionsController#create as */*
  Parameters: {"email"=>"[email protected]", "password"=>"[FILTERED]"}
  User Load (0.5ms)  SELECT  "users".* FROM "users" WHERE (email = '[email protected]' AND provider='email') ORDER BY "users"."id" ASC LIMIT $1  [["LIMIT", 1]]
  ↳ /home/nnodes/.rvm/gems/ruby-2.4.1/gems/activerecord-5.2.2/lib/active_record/log_subscriber.rb:98
Completed 401 Unauthorized in 230ms (Views: 0.3ms | ActiveRecord: 2.9ms)

Also after /sign_out and try to re-sign_in it gives the same error.

My devise_token_auth.rb file looks like this

DeviseTokenAuth.setup do |config|
  config.change_headers_on_each_request = false
  config.token_lifespan = 4.weeks
  config.enable_standard_devise_support = true
end

The api_controller.rb

class Api::ApiController < ApplicationController
  skip_before_action :verify_authenticity_token
  include DeviseTokenAuth::Concerns::SetUserByToken
  respond_to :json
end

Any idea?

PS. if i go to the Rails console and update the user password, then save it, the sign_in work again, but just like i said, i can only sign in one time.

[sebackend]

I'll close this, because the error was in my User model 😢 a validation that rewrites the password and i didn't see it till a coworker noticed after a very large review.

Cheers.