How to config devise to accept auth token in HTTP header?

Question

Currently, devise is configured to accept token authentication via URL and curl works well

curl 'http://localhost/index.json?auth_token=TOKENVALUE'

Now I'd like to pass the TOKENVALUE via HTTP header instead of URL, how can I config devise to get the TOKENVALUE from either HTTP header or URL? Such that both the above and following curl requests will work:

curl 'http://localhost/index.json' -H 'Authorization: Token token="TOKENVALUE"'

as shown in this railscast.

score 1 · Answer 1 · edited May 23 '17 at 12:15

1

It seems there isn't such config in devise. But there is a solution by other person. Please see Using auth_token from request headers instead from POST/PUT parameters with Rails 3 / devise

edited May 23 '17 at 12:15

Community

1
1

answered Jun 14 '12 at 01:49

guanxiaohua2k6

371
1
5

score 1 · Answer 2 · answered May 31 '13 at 19:45

First add this to your gemfile https://github.com/stvp/devise_header_token then you can add a configuration for it in your config/initializers/devise.rb

# Configuration for :token_authenticatable
# Defines name of the authentication token params key
config.token_authentication_key = 'AUTH-TOKEN'

score 1 · Answer 3 · answered Jun 12 '13 at 18:13

Devise allows auth token authentication via Basic Auth. If you look the source you'll see this:

For headers, you can use basic authentication passing the token as username and blank password. Since some clients may require a password, you can pass "X" as password and it will simply be ignored.

score 1 · Answer 4 · answered Mar 30 '15 at 04:06

Things have changed since this question was asked, in that devise no longer has the token authentication functionality built-in. It was extracted out to a separate gem, devise-token_authenticatable. I am using that gem and wanted to do the same the same thing as the person who asked the question.

I figured out I had to set this in my config/initializers/devise.rb:

config.http_authenticatable = true

I tried it via curl and it worked. In my RSpec tests I was able to put the token in the HTTP header like this:

user = FactoryGirl.create(:user)
header = ActionController::HttpAuthentication::Token.encode_credentials(
  user.authentication_token)
get "/api/v1/your_url", 
    { },
    { 
      'Accept' => 'application/json',
      'Authorization' => header
    }

Hope this helps someone out there!

score 0 · Answer 5 · answered Jun 25 '13 at 13:25

0

Support has been in added to Devise 2.2.4 https://github.com/plataformatec/devise/blob/master/CHANGELOG.rdoc#224

answered Jun 25 '13 at 13:25

Webdevotion

1,223
13
24

How to config devise to accept auth token in HTTP header?

5 Answers5