0

The devise plugin allows to use authentication tokens. The documentation says about the "Token Authenticatable" option: signs in a user based on an authentication token (also known as "single access token"). The token can be given both through query string or HTTP Basic Authentication.

The query string method is clear, but how exactly do you pass the token through Basic Authentication? Is it necessary to use Base64 encoding, like this:

echo  "auth_token:3a75Dvc" | base64
=> YXV0aF90b2tlbjozYTc1RHZjCg==
curl --header "Authorization: Basic YXV0aF90b2tlbjozYTc1RHZjCg==" \ 
     http://my_site.com/my_app
0x4a6f4672
  • 27,297
  • 17
  • 103
  • 140

1 Answers1

2

Here is an example of basic auth with auth token from Devise specs:

header = "Basic #{Base64.encode64("#{VALID_AUTHENTICATION_TOKEN}:X")}"
get users_path(:format => :xml), {}, "HTTP_AUTHORIZATION" => header
Vasiliy Ermolovich
  • 24,459
  • 5
  • 79
  • 77
  • Yes, you are right. It is always a good idea to look at the specs. Why do you have to add an "X" ? I would have never guessed that. I expected an `auth_token:token_value` format, but not a `token_value:X` – 0x4a6f4672 Mar 12 '13 at 13:21
  • Actually I think it can be anything instead that X. So `"Basic #{Base64.encode64("#{VALID_AUTHENTICATION_TOKEN}:BLAHBLAHBLAH")}"` should work I guess. – Vasiliy Ermolovich Mar 12 '13 at 13:39
  • Yes, the source code for the TokenAutheticable strategy says: "Since some clients may require a password, you can pass "X" as password and it will simply be ignored.", see https://github.com/plataformatec/devise/blob/master/lib/devise/strategies/token_authenticatable.rb – 0x4a6f4672 Mar 12 '13 at 13:44