How do I update a user without a token while using Devise token Auth?

Question

As a part of my application, when I send an invitation out to other users, I need to set a bunch of parameters for the newly created user before they even sign into the application. So, before switching to DeviseTokenAuth(and rails api), I used devise and it allowed me to make user changes from the back-end. For example, if I go to the console and do a user.save, it returns true.

Now after switching to DeviseTokenAuth, I had to enter the following in concerns file within the User model:

include DeviseTokenAuth::Concerns::User

Once i included this, I am unable to make changes to the user from the backend, (for example, rails console> user.save returns false). I presume that it requires a Token every time a user is updated? How can I skip this for specific controller actions where for instance, I would need to update the user withouth the user/client actually calling the action. (sending a token)

Answer 1

In case somebody else comes across this issue: I spent a few hours shooting in the dark finally to realize that it that the uid field for the User object needs to be populated with DeviseTokenAuth. If not, user will not be updatable. i.e.user.save will return false

In my case, I was sending an invitation using devise_invitable which is currently outside the bounds of DeviseTokenAuth defaults. So, when you create a new user using the invite method of Devise_invitable gem, the UID, provider fields are not automatically set. I just needed to add 2 line of code post invitation:

u= User.invite!(params[:email])
u.uid=params[:email] #added
u.provider='email' #added
u.save #added

Now the user object works fine, it had nothing to do with the token itself - so my previous assumption stated in the question was humbug.