Devise and Devise_Token_Auth in api namespace

[mjwb]

Hi

I really like the gem and am hoping what I would like to be achieved can be done.

I have a rails app and an angularjs (ionic) app for mobile. The requirement is essentially that I can handle the authentication of the mobile app via devise_token_auth but still have devise running as normally with html responses for the rails web-based app. The mobile app needs to access api.domain.com/auth/ with the version being sent as a header pointing the route to a module (I am currently handling this part already).

I was hoping that I could achieve this by having the devise_token_auth_for call in routes under the api namespace and version module with devise_for sitting outside the namespace allowing api access but still allowing normal devise functionality. This unfortunately gave me a routes already exist error and the database does not wnat to migrate because of the user table being created by devise already. If I only include the devise_token_auth_for call within the namespace it becomes difficult to create the normal devise funcitonality.

Is it possible to handle the scenario that I describe above with the gem and if so do you have any suggestions or pushes in the right direction?

Thanks in advance - and a big up for this gem!

[mjwb]

Nevermind, got it to work as needed by keeping the devise_for:users outside of the namespace and the devise_token_auth_for call inside the namespace.

As a note, I had already created a devise Users model previously and by running the devise_token_auth generator to create a user model I had migration issues (users table already exists). To get around this I had to remove the previous devise migration.

[rkpasia]

Hi @mjwb , I'm actually building a setup exactly like the one you described.

I have a web application running rails and ionic mobile application that need to get data from api requests.

I implemented the api with Grape gem, and everything works fine with plain public endpoints.
Now I need to protect the api and also implement authentication for the mobile application. The authentication must be done through api request.

I managed to configure devise and devise_token_auth working in the same environment by setup them in different routes.

Rails.application.routes.draw do

  devise_for :users, :controllers => { :omniauth_callbacks => "users/omniauth_callbacks" } #DEVISE FOR WEB

  namespace :api do
    mount_devise_token_auth_for 'User', at: 'auth' # DEVISE FOR API
  end

  mount API::Base => '/api'  # GRAPE API

  ...

end

Also in the application_controller I commented out the line that this gem append automatically running the install. These because I want that my web application uses the devise standard gem in the web application and without that line I figured out that I can access the standard workflow in the web that before was denied to access because the page returned a json error response that warns only authorized users can access.

class ApplicationController < ActionController::Base
  # include DeviseTokenAuth::Concerns::SetUserByToken
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
  protect_from_forgery with: :exception
end

Is that the same setup that you get to work to? I can't get the authentication through mobile working :(

Thanks!