Stack Overflow
Stack Overflow

Questions tagged [devise-jwt]

32 questions
6
votes
4 answers

"No verification key available" when attempting to access API secured by Devise JWT

I have the gem devise-jwt installed. I can perform a login request, and receive an Authorization token in return, but when I try to access a secured endpoint, I receive the message: No verification key available. blaine@devbox:~/langsite/backend…
Blaine Lafreniere
  • 3,451
  • 6
  • 33
  • 55
3
votes
2 answers

Ruby on Rails does not include Authorization token on header when request by axios in React, but it does work with Postman

I'm currently working on a backend API using Ruby on Rails, Devise, and Devise-JWT, with NextJS on the frontend client, using axios for requests. I've been trying to access the Authorization token from the header (once the user logs in), to then…
JeffreyP7
  • 37
  • 3
3
votes
2 answers

How do I stop devise from trying to redirect to /users/sign_in for API requests?

On my react frontend, I have an API request which is being sent to my ruby on rails backend, via the axios library: Axios({ url: "/terms", headers: { 'Authorization': token } …
Blaine Lafreniere
  • 3,451
  • 6
  • 33
  • 55
2
votes
2 answers

Rails API Devise JWT disable sessions store

I'm using Rails 7 API only and gem devise-jwt to authentication. Firstly, this is tutorial to setup: https://dakotaleemartinez.com/tutorials/devise-jwt-api-only-mode-for-authentication/ It has a trouble, when i call API register new account, it…
Dean
  • 415
  • 1
  • 5
  • 15
2
votes
0 answers

How to configure Rails API to use cookies for web clients and tokens for mobile apps?

I'm developing a Rails app (with Devise) to expose an API to be consumed by both web clients (React SPA) and mobile clients (iOS and Android). For web clients I'd like to use cookie authentication to avoid the problem of where to securely store the…
Mike Vosseller
  • 4,097
  • 5
  • 26
  • 28
2
votes
0 answers

What is the difference between using a gem like devise_token_auth and devise_jwt?

I have a rails api only application that I want to use devise for the authentication. I came across this decision and I want to know which one is better. Would it make sense for a high volume web application to use something like devise_token_auth…
Steve G
  • 53
  • 6
2
votes
0 answers

Unable to rwrite request spec using rspec for devise login for rails-api application

We use Rails 6.1 API application with devise and devise-jwt. I tried to write a feature spec using RSpec for sign_in method but could not write. I have the following in my rails_helper.rb config.include Devise::Test::ControllerHelpers, type:…
user17100810
  • 21
  • 1
2
votes
0 answers

A simpler way to add Bearer token when testing with devise-jwt?

I'm doing request specs. We use devise-jwt to do authentication, so I need to put the Authorization header in every request which needs permission to call. I read the document of Devise JWT so I know I can use user = fetch_my_user() headers = {…
kevinluo201
  • 1,444
  • 14
  • 18
1
vote
1 answer

Devise-jwt unable to find active session after 2nd login

I'm working on creating an API app only (no views). I've installed Devise and the Devise-JWT Gem for authentication https://github.com/waiting-for-dev/devise-jwt. When running the server locally I can signup and an active session can be found that…
AKeeganDev
  • 31
  • 3
1
vote
1 answer

Revoke access to devise-jwt on Denylist strategy

I am using devise-jwt gem, from what I see on the wrapped gem https://github.com/waiting-for-dev/warden-jwt_auth there is a static method revoke_jwt(payload, user) I want to write a script that will revoke access on a specific user, what will be the…
Petros Kalafatidis
  • 575
  • 5
  • 15
1
vote
0 answers

API Rails : How to make a RESTFul API using Devise & JWT?

I'm trying to build a RESTFul API with devise & jwt. I can register, and login/logout using my jwt bear token, using Postman. Now I have a problem when I want to POST an Article. I dont understand why my console goes for a login after I POST an…
pedrofromperu
  • 95
  • 1
  • 9
1
vote
0 answers

JWT::DecodeError for sign_out with invalid token with devise-jwt

I am trying to rescue_from a JWT::DecodeError caused by an invalid token when signing out using devise. But it's not working. I keep getting a JWT::DecodeError. Sessions controller: class SessionsController < Devise::SessionsController …
Ruby
  • 21
  • 3
1
vote
1 answer

ROR: devise-jwt : how to call jwt_revoked? function?

I am using devise and devise-jwt for my ror api. I would like to let know the user (by api call) if the user bearer token sent is revoked or not. I made this route: def user_token_revoked decoder = JWT::Decode.new( …
Theo Cerutti
  • 779
  • 1
  • 10
  • 33
1
vote
1 answer

Devise-JWT: Using cURL I can see an Authorization header. Using Axios/Fetch there is no Authorization header

I have a very typical Rails backend with Devise and Devise-JWT. When I make a raw cURL request to the endpoint /users/sign_in I can see in the headers that it is setting an Authorization header with a token. When I do the same request on my React…
Blaine Lafreniere
  • 3,451
  • 6
  • 33
  • 55
1
vote
1 answer

Rails devise-jwt session storage

The devise-jwt gem documentation says that if session storage is enabled, you have to skip it for jwt auth. It says that you should set on devise.rb: config.skip_session_storage = [:http_auth, :params_auth] And you should disable…
Samuel
  • 259
  • 3
  • 15
1
2 3