Tiddle provides Devise strategy for token authentication in API-only Ruby on Rails applications. Its main feature is support for multiple tokens per user.
Tiddle is lightweight and non-configurable. It does what it has to do and leaves some manual implementation to you.
Add this line to your application's Gemfile:
gem 'tiddle'And then execute:
$ bundle
- Add
:token_authenticatableinside your Devise-enabled model:
class User < ActiveRecord::Base
devise :database_authenticatable, :registerable,
:recoverable, :trackable, :validatable,
:token_authenticatable
end- Generate the model which stores authentication tokens. The model name is not important, but the Devise-enabled model should have association called
authentication_tokens.
rails g model AuthenticationToken body:string user:references last_used_at:datetime ip_address:string user_agent:string
class User < ActiveRecord::Base
has_many :authentication_tokens
endbody, last_used_at, ip_address and user_agent fields are required.
- Customize
Devise::SessionsController. You need to create and return token in#createand expire the token in#destroy.
class Users::SessionsController < Devise::SessionsController
def create
self.resource = warden.authenticate!(auth_options)
# ^Or whatever custom logic you would like to use here.
token = Tiddle.create_and_return_token(resource, request)
render json: { authentication_token: token }
end
def destroy
Tiddle.expire_token(current_user, request)
render json: {}
end
end- Require authentication for some controller:
class PostsController < ApplicationController
before_action :authenticate_user!
def index
render json: Post.all
end
end- Send
X-USER-EMAILandX-USER-TOKENas headers of every request which requires authentication.