Official support and documentation on how to use alongside Devise for APIs #345
Comments
|
Basically, Devise add-on (vs full replacement) support has slowly been creeping in, but it's pretty deficient. If you'd like to approach native Devise support a bit more holistically and straighten out the docs to boot, I'm not going to stop you. =] Just need to make sure there's good test coverage in any PR, and that no backwards incompatible changes with token-based support are introduced. |
|
Any ideas on how #265 could be fixed? |
|
Hi there @Dschee , In an effort to cleanup this project and prioritize a bit, we're marking issues that haven't had any activity in a while with a "close-in-7-days" label. If we don't hear from you in about a week, we'll be closing this issue. Obviously feel free to re-open it at any time if it's the right time or this was done in error! If you are still having the issue (especially if it's a bug report) please refer to our new Issue Template to provide some more details to help us solve it. Hope all is well. |
I've been searching for the most secure way to authenticate my users both on my website and on clients using the API on the same Rails application project. Since I'm not going to use a single-page application but a 'normal' Rails application instead I've found Devise to be a good solution for authenticating users on my website.
But when thinking about a secure API I found this gem to be a very secure solution – and dozens of people seem to agree, see the following issues as examples:
#343, #36, #265, #120
But the problem ist that there seems to be a lack of support or at least no documentation on how to solve this issue correctly. Some of the people linked in the issues above seem to have found a solution for them – so basically it seems to work – but it would be great to be sure that everything is done right and won't break when this gem gets upgrades. So I'm hereby suggesting to introduce official support for this kind of usage – which would make this gem useful in much more contexts with minimal changes. Writing a wiki article may even suffice.
If you maintainers agree I'd love you to just provide a documentation (and changes if any needed) on how to use Devise alongside this gem to use this gem for an API kind of application. Please see the above linked issues as examples on how to it is desired to be used.
Thank you in advance for any help!
Update: Feel free to have a look into my initial approach at this state of my application. The interesting parts should be in
app/controllers/api_controller.rb,app/controllers/application_controller.rbandconfig/routes.rb. Also I feel #346 should also be clarified to make support complete.The text was updated successfully, but these errors were encountered: