You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I suppose we'll need to track some unique token of the device and do a check to verify it matches up with the email/auth token on each request. But that will still leaves the question of having to reset the auth-token upon a successful login which has a new unique device token? Or is there a better approach?
The users can sign in via the API sending their email / password, right? When doing that, the request is handled by the Devise::SessionController (or some override of it). The action that's triggered is the same Devise::SessionsController#create that is triggered when users are not using the API (e.g. signing in from the webapp).
The question for me is: how can I identify the calls that come via the API from those which don't, so I can renew the users authentication tokens. One response could be: API requests JSON. If your webapp requests HTML, you could override that action to reset the users authentication token when responding to a JSON request.
respond_todo |format|
format.jsondo# reset the user authentication token# then do what the action uses to doendformat.anydo# keep doing what the action uses to doendend
And BTW that's not directly related to Simple Token Authentication. (Nothing wrong about that!) Does that make sense to you?
Now, of course, if your webapp makes JSON requests to the API (e.g. it's an Ember.js app), then we need to find a way to identify requests that come from users mobile devices... And I don't see in this scenario why you would need to identify each device (as long as you know it's a mobile device, or a user-can't-sign-in-from-two-of-those-at-the-same-time device).
I opened this issue to reply to the first @halpimded comment in #14.
The text was updated successfully, but these errors were encountered: