{"id":29,"date":"2014-05-19T05:20:38","date_gmt":"2014-05-19T05:20:38","guid":{"rendered":"http:\/\/dev.fruitbyte.com\/?p=29"},"modified":"2014-05-19T18:35:49","modified_gmt":"2014-05-19T18:35:49","slug":"authentication-api-for-ruby-on-rails-devise","status":"publish","type":"post","link":"http:\/\/dev.fruitbyte.com\/?p=29","title":{"rendered":"Authentication API for Ruby on Rails (Devise)"},"content":{"rendered":"

Devise is a commonly used authentication gem for Rails projects. It comes with controllers, data model and html templates that don’t require much time for configuration. Basically it works just out of the box for web projects. However, to my surprise, Devise is not that friendly with non-web clients. Say, you’ve built a REST API that works with your web app and now you want to reuse it with mobile native apps. Sounds reasonable and easy to do at first glance, isn’t it? Well, it’s not that easy with Devise.
\nIf you try to google solutions for this matter, most likely you’ll stumble upon articles, talking about token authentication approach, similar to this one:
\nhttp:\/\/matteomelani.wordpress.com\/2011\/10\/17\/authentication-for-mobile-devices\/<\/a>
\nUnfortunately, this solution does not work anymore, because Devise changed.
\nIt’s still possible to use token authentication, but you have to modify the code of your Session controller and Devise itself. I found that using token is not necessary as authentication cookies were working too. I did not need to change the Devise and append every single URL with ?auth_token=.
\nIn one of the Devise own examples called “Simple Token Authentication” you can find following message:<\/p>\n

\nNote: these examples are out of date, TokenAuthenticatable has been removed from Devise. See this gist for alternatives. <\/p><\/blockquote>\n

Here’s the gist it’s referencing to:
\nhttps:\/\/gist.github.com\/josevalim\/fb706b1e933ef01e4fb6<\/a><\/p>\n

New article on how to build an API with Devise authentication:
\nhttp:\/\/www.soryy.com\/ruby\/api\/rails\/authentication\/2014\/03\/16\/apis-with-devise.html<\/a><\/p>\n

Good article with the example that returns authentication token and result of the authentication back to the client:
\nhttp:\/\/jessewolgamott.com\/blog\/2012\/01\/19\/the-one-with-a-json-api-login-using-devise<\/a><\/p>\n

Basically, in order to make token authentication work again, you need to merge modifications for ApplicationController from gist I mentioned above and SessionController the way it’s shown in the last article.<\/p>\n

My SessionController looks like this:<\/p>\n

\r\nclass SessionsController < Devise::SessionsController\r\n  skip_before_filter :verify_authenticity_token\r\n\r\n  def create\r\n    respond_to do |format|\r\n      format.html do\r\n        params[:user].merge!(remember_me: 1)\r\n        super\r\n      end\r\n      format.json do\r\n        resource = User.find_for_database_authentication(:email => params[:email])\r\n        return invalid_login_attempt unless resource\r\n        resource.ensure_authentication_token\r\n\r\n        if resource.valid_password?(params[:password])\r\n          sign_in(:user, resource)\r\n          render :json => {:success => true, :auth_token => resource.authentication_token, :email => resource.email}\r\n        else\r\n          invalid_login_attempt\r\n        end\r\n      end\r\n    end\r\n  end\r\n\r\n  def invalid_login_attempt\r\n    render :json => {:success => false, :error => "invalid login"}\r\n  end\r\n\r\nend\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
Devise is a commonly used authentication gem for Rails projects. It comes with controllers, data model and html templates that don’t require much time for configuration. Basically it works just out of the box for web projects. However, to my … Continue reading →<\/span><\/em><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21,22],"tags":[28,27,24,48,25,47,26,23],"class_list":["post-29","post","type-post","status-publish","format-standard","hentry","category-rails","category-web","tag-android","tag-api","tag-devise","tag-ios","tag-omniauth","tag-rails","tag-rest","tag-ruby"],"_links":{"self":[{"href":"http:\/\/dev.fruitbyte.com\/index.php?rest_route=\/wp\/v2\/posts\/29","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/dev.fruitbyte.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/dev.fruitbyte.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/dev.fruitbyte.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/dev.fruitbyte.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=29"}],"version-history":[{"count":10,"href":"http:\/\/dev.fruitbyte.com\/index.php?rest_route=\/wp\/v2\/posts\/29\/revisions"}],"predecessor-version":[{"id":40,"href":"http:\/\/dev.fruitbyte.com\/index.php?rest_route=\/wp\/v2\/posts\/29\/revisions\/40"}],"wp:attachment":[{"href":"http:\/\/dev.fruitbyte.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=29"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/dev.fruitbyte.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=29"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/dev.fruitbyte.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=29"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}