0

I created rails API and used devise and devise-jwt for authentication. I have problem as below

  • I sign in using api on postman using account "A" and it gives me bearer token
  • I again sign in using api on postman using account "B" without logging out previous account. it also give me another bearer token but this token belongs to "A" instead of "B"

So my question is, is this intended feature or I did mistake on configuration? I do have vague idea why it did this, because "A" is already authenticated it does not create new sign in for "B". Is it possible to create new sign_in without logging out already authenticated account?

setobiralo
  • 1
  • 1
  • Write an actual integration test instead that can be repeated and communictated with others. As it currently stands I think the possibility that its just human error is pretty big. – max Sep 06 '22 at 15:55
  • yeah but, if you just tell me condition I describe above is intended feature or I did mistake somewhere, it will be a lot helpful. – setobiralo Sep 06 '22 at 17:43
  • No it doesn't sound like the intended behavior. "Is it possible to create new sign_in without logging out already authenticated account?" - unless you're using tokens for session based auth you have completely missunderstood how stateless auth works. You trade the credentials for a token which must be included with every subsequent request (typically in a header) for authentication. There is no actual "logging out" but there are various strategies for revoking grants. – max Sep 07 '22 at 09:21

0 Answers0