I have a website running on a Rails API back end, and we have multiple types of users (Admins and members). Authentication is done using the Devise Token Auth gem. Each user has their own separate endpoints so authenticating them is not an issue, but for a particular feature we need to use the same endpoints for authenticating both types of users. Currently these endpoints are only authenticated for admins, but for members we want to send a link which will allow them to only access their pages for a specified period (24 hours), and then the link becomes invalid. Any ideas on how to implement this ?
- Current idea is to generate a unique token for each member, which will be valid for 24 hours.
- When a user clicks the link, they are authenticated using that token, and the credentials are sent to them.
- For each subsequent request, the token must be included along with the authenticated credentials
- First, the token is checked. If it is okay, then the credentials are checked, and the user is allowed to make the changes.
Would like to know if this is implementable.
