Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

I have a rails backend rendered app (erb). Can I switch to devise token auth? #196

Closed
casertap opened this issue Mar 24, 2015 · 5 comments
Closed

Comments

@casertap
Copy link

I would like to know if it is possible to use token auth on a simple rails application (no api, no angular, just simple .erb views)?
I have some trouble implementing it.

@casertap casertap changed the title I have a rails backend rendered app. Can I switch to devise token auth? I have a rails backend rendered app (erb). Can I switch to devise token auth? Mar 24, 2015
@nicolas-besnard
Copy link
Contributor

Why do you want to use this gem instead of Devise ? What are your troubles ?

@casertap
Copy link
Author

Actually, I have a coupled version of rails-angular.
It looks a bit like this: https://github.com/colindensem/demo-rails-angularjs
But some parts of the website are rails backend rendered (erb) so I was rendering if I can have devise token auth so I will have less troubles latter when I totally switch to a decoupled angular app (in public dir).

@nickL
Copy link
Contributor

nickL commented Mar 25, 2015

@casertap See my comment in #120 -- Does that help?

@jotolo
Copy link
Contributor

jotolo commented May 9, 2017

I was working on a similar case where I needed to use both, devise+devise_token_auth in a spree application. I was trying to implement authentication for spree_api and migrating the authentication of spree system(Full Stack App) to devise.
I found a way to do it and it's very simple.It's not a common thing in rails but it works great. The idea is to have a main application_controller.rb in your application and particular application_controllers for each section. In my case one for admin system in spree and the other one for API.

#controllers/api/v1/application_controller.rb
module Api
  module V1
    class ApplicationController < ApplicationController
      skip_before_action :verify_authenticity_token
      include DeviseTokenAuth::Concerns::SetUserByToken
    end
  end
end

In the API controller I included the regular DeviseTokenAuth concern to manage auth in the app that controls this application_controller.rb. Note that this controller inherits from the main application_controller.

#controllers/admin/application_controller.rb
  module Admin
    class ApplicationController < ApplicationController
      before_action :authenticate_user!
    end
  end

This controller is, well, natural behavior of devise. I just needed to add the before action method.
We just need the base application_controller ;)

class ApplicationController < ActionController::Base
  protect_from_forgery with: :exception, if: :verify_api

  def verify_api
    params[:controller].split('/')[0] != 'devise_token_auth'
  end
end

Our main application_controller.rb looks like this. You need to keep the CSRF token protection but you can avoid it when an API request arrive.
The idea is to redirect each flow in your application. the ones that belongs to your full-stack app and the other ones that belongs to your API. Well, in this case to my API 😄
This scenario was tested using devise (4.2.0) and devise_token_auth (0.1.40).
I hope I can help someone with this example.
Regards

@zachfeldman
Copy link
Contributor

Hi there @casertap ,

In an effort to cleanup this project and prioritize a bit, we're marking issues that haven't had any activity in a while with a "close-in-7-days" label. If we don't hear from you in about a week, we'll be closing this issue. Obviously feel free to re-open it at any time if it's the right time or this was done in error!

If you are still having the issue (especially if it's a bug report) please refer to our new Issue Template to provide some more details to help us solve it.

Hope all is well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

5 participants