valid_token? returns True even if access-token is not valid

Question

I am using 'devise_token_auth' gem with mongo backend and when I try to check if token is valid with valid_token?(access_token,client) : it returns True no matter what the access_token is. Please guide me through this.

*note: If I enter wrong client then it returns false but never returns false for wrong 'access-token'.

In my opinion, it never return false for 'acces-token' after login successful because of session. Try don't store session. — Thuy Nguyen, Jan 14 '20 at 09:01

score 0 · Answer 1 · answered Mar 03 '20 at 20:09

0

That's because tokens in batch requests are not being validated. It appears to be a bug in the gem. It returns false when you change the client because it is no longer considered part of the same batch.

answered Mar 03 '20 at 20:09

João Costa

344
3
11

valid_token? returns True even if access-token is not valid

1 Answers1