I have a rails 4 app that uses devise and devise_token_auth gems. I want my rails app to use devise normally for html requests, and use devise_token_auth to retrieve an access token. All of the above works fine.
Now, from my REST Client, I want to use the access_token headers to retrieve the html root page.
In my application_controller, if I add the following line:
include DeviseTokenAuth::Concerns::SetUserByToken
The request for the home page from RESTClient with the access token headers set works fine, and redirects the user to the logged in page. But, when I try to sign in and sign up through devise in the browser, I get errors wherever I use user_signed_in? and other devise methods.
If I remove the above line from application_controller, all browser calls with regular sign in and sign up work fine (with related redirects), but I cannot get the home page from REST Client by setting the access_token headers.
Here is the root controller code:
home_controller.rb
def index
if user_signed_in?
redirect_to logged_in_path
end
end
Here are the requests and responses:
1: With SetUserByToken line present in application_controller
1.1 From RESTClient:
Url: http://10.0.1.15:3000
Method: GET
Request Headers:
Access-Token: aaaaaaaaaaa
Token-Type: Bearer
Client: bbbbbbbbbbbb
Expiry: 1234567
Uid: foo@bar.com
Response: 200 Ok
<Redirected to member home page>
1.2 From web page
Error where user_signed_in? is called
2: With SetUserByToken line NOT SET in application_controller
2.1 From RESTClient:
Url: http://10.0.1.15:3000
Method: GET
Request Headers:
Access-Token: aaaaaaaaaaa
Token-Type: Bearer
Client: bbbbbbbbbbbb
Expiry: 1234567
Uid: foo@bar.com
Response: 200 Ok
<NO REDIRECT to member home page> (user_signed_in? in the index action returns false)
2.2 From web page
<Can login, gets redirected to logged in page>
How do I get the site to work both from regular browser and from the REST Client?
The actual goal is to have an android client app (instead of the REST Client, once this issue is sorted out), where user signs in from native code, by entering email and password, and if an access token is successfully returned, to switch to an activity that displays the WebView which loads the session with user signed in. Within the WebView, the user remains signed in and can navigate all pages. If user signs out from the native client, then, the access token is discarded and user is signed out from the server session as well.
